Conficker has sprung to life. PCWorld reports that the worm has begun contacting infected computers via a binary file over peer-to-peer.
The binary randomly contacts one of five Web sites -- MySpace, MSN, ebay, CNN or AOL -- apparently to confirm that the infected machine is connected to the Internet before dropping a payload and deleting all traces of itself. It also prevents PCs from visiting certain Web sites.
Researchers are not clear exactly what the payload is, suspecting that it might be a keystroke logger or some other program designed to steal sensitive data off the machine, according to CNET News. Trend Micro says the software seems to be a .sys component hiding behind a rootkit.
Another interesting twist is that Conficker is communicating with servers that are known to be associated with the Waledac family of malware and its Storm botnet.
The update also includes an instruction that the worm remove itself on May 3, notes BBC News. However, the creators can still control compromised PCs because the Waledac imposed backdoor on the machine will remain open.