After lying dormant for a week, then mysteriously downloading encrypted content, Conficker is now starting to actually show its true colors. It wants to sell you something. Great.
# On April 8th a new update was made available to Conficker.C infected machines via the P2P network
# The new file, which we call Conficker.E, is executed and co-exists alongside the old infection
# It re-introduces spreading via the MS08-067 vulnerability. Spreading functionality was removed in Conficker.C and the gang behind this maybe realized they made online casino canada a mistake and added it again.
# There”s a possible connection to Waledac, a spambot. Some Conficker.C infected computers connected to a well known Waledac domain and downloaded Waledac from there.
# There”s also a connection to rogue anti-virus products as we”ve seen it end up on Conficker.C infected machines. The rogue product was Spyware Guard 2008.
# Conficker.E deletes itself if the date is May 3, 2009 or later.