Mysterious virus quiet, but attack may be in works

Also known as Downadup or Kido, Conficker turns infected PCs into slaves that respond to commands sent from a remote server that effectively controls an army of slave computers.

Researchers feared that the network created by Conficker might be deployed on Wednesday for the first time since the worm surfaced last year because its code suggested it would seek to communicate with its master server on April 1.

They formed an industry-wide task force to fight the worm, bringing widespread attention that experts said probably scared off the criminals who command the army of slave computers, known as a botnet.

The Conficker-infected machines attempted to call home to get new commands from their master but those calls went unanswered, said Joris Evers, spokesman for security software maker McAfee Inc.

Researchers warned that the botnet's commanders are probably waiting until they are under less scrutiny before they mobilize the network of infected computers.

I never thought it would happen April 1, said Roger Thompson, chief research officer at AVG, an anti-virus firm. It might be tomorrow. It might be next week. It might be next month.

Privately held AVG and other firms with security labs including Microsoft Corp, Symantec Corp, McAfee and Trend Micro Inc will closely monitor the botnet's activities long after Wednesday.

The virus exploits weaknesses in Microsoft's Windows operating system. It can evade corporate firewalls by passing from an infected machine onto a USB memory stick, then onto another PC.

In February, Microsoft announced it was offering a $250,000 reward for information leading to the arrest and conviction of whoever is responsible for creating Conficker, saying the worm constituted a criminal attack.

(Editing by Jason Szep; Editing by Derek Caney)