http://www.cnn.com/2009/TECH/04/09/conficker.activated/index.html http://macdailynews.com/index.php/weblog/comments/20738/ Windows Conficker worm awakens, updates via P2P, begins to drop payload; Macintosh unaffected Thursday, April 09, 2009 - 01:38 PM EDT "The Conficker worm is finally doing something--updating via peer-to-peer between infected [Windows PCs] and dropping a mystery payload on infected computers, Trend Micro said on Wednesday," Elinor Mills reports for CNET. "Researchers were analyzing the code of the software that is being dropped onto infected computers but suspect that it is a keystroke logger or some other program designed to steal sensitive data off the machine, said David Perry, global director of security education at Trend Micro," Mills reports. "The software appeared to be a .sys component hiding behind a rootkit, which is software that is designed to hide the fact that a computer has been compromised, according to Trend Micro. The software is heavily encrypted, which makes code analysis difficult, the researchers said," Mills reports. "On Tuesday night Trend Micro researchers noticed a new file in the Windows Temp folder and a huge encrypted TCP response from a known Conficker P2P IP node hosted in Korea," Mills reports. "In addition to adding the new propagation functionality, Conficker communicates with servers that are associated with the Waledac family of malware and its Storm botnet, according to a separate blog post by Trend Micro security researcher Rik Ferguson."