Last week, another variant of the Conficker worm was discovered, Conficker.E, by anti-virus vendor Trend Micro. The worm finally got the update we have all been waiting for since April 1, by its peer-to-peer (P2P) network. Again, security researchers are still not sure what the purpose of the worm is. However, now they do have insight as to what this variant will do. If you are infected with Conficker.E, Spyware Protect 2009 pops up, stating that you have malware installed on your computer and need to purchase a removal tool for $49.95. Such a steal for a product that does nothing! In addition, the worm installs the Waledac Trojan, which is a spam-based application that contains malicious links.
Users can test for the presence of the worm by going to any of the anti-virus vendor sites including:
I also found a very slick way of testing for the worm that you can share wit your users. The Conficker Eye Chart is an easy way for anyone to run a test for the worm. Click on the link and check the results:
The worm is fairly easy to remove. Here are several links to vendors that offer removal tools:
Conficker is not going to go away any time soon. I hate to make predictions, but I am predicting at least a Conficker.I variant before it's all said and done. The only bright spot is that Conficker.E will uninstall itself by May 1, 2009.