Since computers infected with the Conficker.C worm first woke up on April 1st, they have been downloading packages of data that have allowed for two new variants of the worm to surface. Security experts are currently tracking the activities of Conficker.E which is spreading alongside the previous versions. Conficker.E is set to end its activities on May 3rd and according to Trend Micro is installing a fake anti-virus program called "Spyware Protect 2009". A window appears on the screen of infected computers asking users if they would like to install the software and clean their system. The software does no such thing, instead installing more spyware in its place, further suggesting that the motive behind Conficker is to earn money through a network built to steal sensitive information.

All versions of the Conficker worm so far continue to exploit the same weakness in Windows, one that was patched back in Octoboer and that continues to allow home computers to be protected against infection by simply keeping Windows up-to-date and by using updated anti-virus software.

This has not stopped the worm's spread in Asia where IBM's security team continues to report is the source for the majority of Conficker infections. They have updated their analysis of the worm and report that North America now represents just 4% of the world's Conficker infections with Asia now at 58%. Europe and South America come next with 18% each. This is a dramatic increase from their previous report that had Asia at 44.6%, suggesting that a large number of computers in the area remain unprotected.

They have also released a list of the top countries with China topping the list, providing a home to 16.6 % of the world's Conficker infections.

This is not to say there has been no activity here in North America. The Associated Press is reporting that the University of Utah suffered an attack by the Conficker worm against more than 700 of their computers including systems at three of the university's hospitals, infiltrating their medical school, colleges of nursing, pharmacy, and health. The infections were discovered last Thursday and IT staff were quick to shut off internet access, isolate the infections, and send out instructions to all staff on procedures for preventing further infections. According to the university's spokesperson Chris Nelson, patient records were not compromised.