The owners of computers infected with the latest variant of the Conficker worm probably won't be laughing on April Fool's Day.
Conficker C is the latest variant of a worm also known as the "Downandup" worm whose author is wanted by Microsoft on a $250,000 bounty.
It is expected to download an updated copy of itself or download other malware onto infected computers once the system date on those machines is on or after April 1, 2009, according to the internet security firm CA.
It is also expected to start generating 50,000 web URLs a day, up from 250 per day in previous versions, said an article on the discussion board of internet security firm Symantec Corp., which makes Norton Antivirus and first reported the latest variant of Conficker on March 6.
The CA security adviser blog reported that Conficker C may not trigger malware detection software on a user's computer because it has lost some of the spreading abilities found in previous versions.
However, it can shut down tools used to monitor for malware and that could potentially remove it from the system.
Earlier versions of Conficker were first noticed on the internet in November 2008.
On Feb. 12, Microsoft announced a $250,000 reward for information leading to the arrest of those responsible for Conficker. At that time, Symantec reported that in the previous five days, an average total of 2.2 million IP addresses had been infected with two variants of the worm.
The malicious code infects computers running various versions of Microsoft Windows, especially those that have not been patched with a security upgrade issued by Microsoft in October.
The earlier versions of Conficker did not require any user intervention to spread. The worm disables Windows security features and makes the computer part of a "botnet" of other infected computers that take orders from a varying series of servers on the internet.
As such, it may gather personal information, install malicious programs on the computer, and attack or infect other computers.