Botnet operators may be able to profit from Conficker update

An update of the Conficker worm that appeared on PCs last week will likely help its makers do what all botnet operators strive to do — make money.

Kevin Hogan, director of security response operations at Symantec Corp., said the update, dubbed Conficker.e, began downloading and installing on previously infected computers last Thursday. Researchers said the updated worm was downloaded over a peer-to-peer function in Conficker.

According to Symantec, Conficker.e is downloading and installing Waledac, a noted Trojan horse bot perhaps best known as the successor to the infamous Storm bot of 2008. As was the case with Storm, Waledac bots — PCs infected with the Trojan horse — are rented out to spammers.

Alex Gostev, a researcher at Kaspersky Lab, said Conficker.e is also downloading and installing fake security software. The software tries to provoke users with bogus infection warnings that keep popping up until they pay $50 for a useless program.

The lack of a clear business model for Conficker, which appeared in November 2008, had confounded researchers and raised fears that it would launch an attack on April 1.

"I don't want to be a scaremonger," said Hogan, "but the situation now is more serious than a couple of weeks ago."

This version of the story originally appeared in Computerworld's print edition. An expanded version was posted previously on

Copyright © 2009 IDG Communications, Inc.

It’s time to break the ChatGPT habit
Shop Tech Products at Amazon