More than a week after the 1 April scare passed without incident, the Conficker worm finally appears to be active. Researchers at Trend Micro have spotted the worm updating via peer-to-peer nodes and dropping a payload on to infected machines.It's still not clear exactly what the payload is doing, although it's suspected to be connected to the Waledac family of malware, which has been used in the past to build huge botnets and steal data from infected PCs. The Trend Micro blog reports that the new variant runs in random file/service names, and then deletes itself afterwards, leaving no trace behind.
The researchers claim the file also connects to the MySpace, MSN, Ebay, CNN and AOL websites, although it's reported to be merely checking there's an active internet connection, rather than launching a denial-of-service attack on those sites.
Trend Micro claims the new update also has an "untrigger date" of 3 May, when the worm will shut down. You can check if your machine is infected with the worm by visiting the Conficker Eye Chart.