The worm has turned. Conficker has awoken. It’s updating peer-to-peer and dropping in a mysterious load thought to be a keystroke logger. For the 3 to 12 million users thought to be infected, it would seem like a good time to stop using your bank accounts and start re-installing Windows.
The worm will contact sites like MySpace.com, MSN.com, eBay.com, CNN.com and AOL.com in order to check internet connectivity, drop the key logger.sys file behind a rootkit such that your anti-virus won’t be able to pick it up and then disappear with no further replication by 3rd May.
The .sys file will, of course, still be there and will still report back from the host computer to the rest of the botnet. All very pleasant stuff.