...from: http://www.nytimes.com/2009/04/10/technology/10virus.html?th&emc=th
Malicious Software Is Revised By JOHN MARKOFF Published: April 9, 2009 The riddle of a malicious software program that has spread throughout the Internet deepened Thursday as security researchers examined a new version of the software that they said made it more difficult to eradicate the program.
The program, known as Conficker, targets versions of Microsoft’s Windows operating system and has now been distributed in four versions, computer security specialists said.
Several of the groups monitoring the program said the most recent version, which began to appear Tuesday, appeared to be targeted at improving a peer-to-peer communications system between computers that are infected and hardening the system by making infected machines more resistant to anti-virus software.
Several researchers also said there might be a connection between the authors of Conficker and of another program known as Waladec, a malware program that has been used to distribute fraudulent advertisements through e-mail spam. They also noted that the Conficker authors have switched strategies and are using the program’s peer-to- peer mechanism to update the system. Originally, they had appeared to plan to download instructions to Conficker by generating new Internet addresses that infected machines could download instructions from.
An earlier version of the program had been set to begin contacting servers on April 1, raising widespread concern about the authors’ intent. Now, however, the system for programming Conficker uses a peer- to-peer mechanism that can be initiated from any one of millions of infected systems.
The consensus within the computer security industry is that although there are now some indications that Conficker’s authors are intent on building a giant spam system, there is no hard evidence.
“This is just Step 5 in a thousand-step chess match,” said Vincent Weafer, vice president of the security response division at Symantec.