More DOWNAD/Conficker Questions After April 1st

All around the world, April 1st has already passed. The DOWNAD/Conficker April 1st hype has kept most, if not all, of us in the security industry and in the Conficker Working Group busy in the past few weeks. The day may have ended quietly, but follow-up question still linger as a new day begins:
Q: Did anything happen?
A: There has been no significant developments or updates in the DOWNAD/Conficker botnet. At least not yet. There is still the expected accessing of websites during the time check routines of DOWNAD malware, as well as the expected P2P chatter/traffic between peers. These routines, however, were already seen happening even before April 1st. As of this writing, there are no new binaries, no new malicious domains, and no new payloads.
Our engineers observed some instances of DOWNAD seemingly changing its network behavior, but this appears planned and not intended to be an attack. This behavior underlines the theory by security researchers that the creators of this botnet have shown themselves to be determined, slow, and measured in how they introduce changes into the botnet infrastructure.
Q: Did the Conficker Working Group succeed in its endeavors?
A: Yes. The group did a phenomenal job in getting the engagement of various security researchers, Internet service providers, domain name registries, as well (continue reading...)