If you just got here looking for my blog on Conficker and "blended hoaxes", I’m afraid I just pulled it (temporarily at least) in the light of new data that’s come in since last night: I don’t want to mislead anyone, as it seems that the new Conficker stuff is a lot more active and interesting than it appeared on preliminary analysis.

I’m looking at data right now: in the meantime, our guys in Slovakia have put out a release here that gives you the gist and a full description here.

The most interesting and surprising new feature is that doesn’t contact any of the control domains, even though it originally operated with up to 50 000 domains a day. The new variant, which we call Win32/Conficker.AQ, communicates only within its own peer-to-peer network.

It seems likely that the Conficker gang are trying to throw us off because of the media attention and close analysis by the security industry: I imagine that all the fuss has made it difficult for them to run it as originally intended.