Even now, several months after Conficker first appeared, we still don’t know it’s exact purpose.
Whilst there was no great events on April 1st, as some had predicted there would be, the worm is still very much out there .
The Conficker worm has created an infrastructure that the creators of the worm can use to remotely install software on infected machines.
Those behind the worm can also remotely control those machines too, via something known as a botnet.
Infected machines can be manipulated in a number of ways.
Initial reports indicated that Conficker was serving up advertisements for fake antivirus programs.
Beyond that, nothing much else has happened.
Conficker certainly does ensnare infected machines into a botnet but so far the botnet hasn’t been utilised in any meaningful way.
Some experts believe, however, that Conficker will ultimately turn out to be a virus that has been written for profit.
In other words, the botnet will be used to send SPAM, steal identities and direct users to online scams and phishing sites.
The Conficker worm mostly spreads across networks.
If it finds a vulnerable computer, it turns off the automatic backup service, deletes previous restore points, disables many security services, blocks access to a number of security web sites and opens infected machines to receive additional programs from the malware’s creator.
The worm then tries to spread itself to other computers on that same network.
When executed on a computer, Conficker disables a number of system services such as Windows Automatic Update, Windows Security Center, Windows Defender and Windows Error Reporting.
It receives further instructions by connecting to a server.
The instructions it receives may include to propagate, gather personal information and to download and install additional malware onto your computer.
The worm also attaches itself to certain Windows processes such as svchost.exe, explorer.exe and services.exe.