Conficker Reveals Its Purpose

Since the April 1st Conficker target date came and went, people have been waiting for the other shoe to drop. And on Wednesday night, Conficker downloaded the update that people were expecting, via the P2P functionality that's part of the malware.

Dubbed Conficker.e, the new version appears to focus on that all-too-familiar item that malware writers want: money.

The new version will terminate on May 3rd, and what Conficker.e did was download other malware to the already infected host computers. Kaspersky Labs notes that it downloads, for example, a rogue antivirus app, Spyware Protect 2009 (above). These type of apps frequently annoy the end user with pop-ups and more until they fork over some cash, in this case $49.95.

Trend Micro noticed that the worm also downloaded components of Waledac, which is a bot used by spammers.

Trend Micro also noted that Conficker.e once again has the ability to search for machines that are still vulnerable to the security hole that Microsoft patched in October, which led to Conficker infections in the first place. A previous update turned that capability off.

Now we have to wonder: what will happen on May 3rd?