It appears Conficker’s long feared payload is nothing more than another rogue antispyware removal application that attempts to dupe people into purchasing it. Don’t buy Spyware Protect 2009, remove it. Read our Spyware Protect 2009 removal guide.
Having followed the activities of Eastern European online cyber crime for several years, there is one thing we are certain about — these criminals are motivated by one thing: money.
How was Downad/Conficker helping them meet their goals? It wasn’t. A very large botnet of compromised computers doesn’t make money if it justs “sits there” doing nothing.
So now we saw — as described above — that the Downad/Conficker botnet has awakened, and perhaps their desire to monetizing their efforts is becoming more clear.
In the latest activity, we see infected Downad.KK/Conficker.C nodes pulling down new Waledac binaries (perhaps for spamming, as Waledac has been known to do)from a fast-flux domain infrastructure, but also now it is also installing Fake/Rogue AntiVirus (AV) malware, too. See screenshot below: