Haha! You might say. April fool! But this week, the worm has turned.

Ten million computers around the world are said to be afflicted with the computer worm, which had spread itself before its April 1 activation date through three different expansions. Computer users in Eastern Europe, Asia and South America, according to PCWorld, have the widest infection.

This week, the folks at Trendlabs Malware blog, who'd been monitoring the situation, noticed a huge dump in their Windows Temp folder April 7, 2009.  "..(T)here was no HTTP download that occurred somewhere around that time frame, which was from April 7, 2009 at 07:40:00 up to April 7, 2009 at 07:42:00. However, we noticed a huge encrypted TCP response (134,880 bytes) from a known Conficker P2P IP node (verified by other independent sources), which was hosted somewhere in Korea."

The new version, dubbed Conficker.e, is coded to stop working on May 3. The installed data does a number of things to cover its own tracks, but then accesses the following sites: MSN, Myspace, Ebay, CNN and AOL, presumably to verify it has wide Internet access. The new version connects P2P, seeking out other infected computers to pass on information, rather than one central website.

Experts are both concerned and edified to start seeing a potential purpose behind the worm.  "A very large botnet of compromised computers doesn’t make money if it justs “sits there” doing nothing," says Paul Ferguson of Trendlabs. So speculation was rampant about what the worm would do.

The answer seems to be connected to a botnet called Waladec.

Computerworld security quotes Norton computer security expert Symantec: "Waledac is perhaps best known as the successor to the infamous Storm bot of 2008; researchers unanimously believe that its makers are from the same group that ran Storm last year. Like Storm, Waledac bots -- the PCs that are infected with the Trojan horse -- are rented out to spammers."

Waladec spambots were recently responsible for a rash of phony ecards for Christmas and particularly Valentine's day. "Users should know that Waladec bot is a true old-school virus: it spreads through exploiting human gullibility rather than system bugs. This scam involves people receiving e-mails, supposedly from people they know, with an embedded link that direct them to a web page containing a selection of 12 different images of hearts. Each heart downloads an executable file when users click on it. So basically, instead of chocolates and flowers, you get infection that compromises your security and privacy,"  according to one writer at the H-Desk Software forums. "At one stage... the Waladec virus was responsible for 15% of all e-mail infections worldwide."

Conficker.e is also apparently trying to get people to purchase phony software to allegedly protect them against the very threat they're causing.

Norton continues to maintain an air of calm, and provides these fixes and tips for Conficker, and suggests that everyone make sure their anti-viral software and patches are up to date. Meanwhile, all users can do is stay tuned and be aware, until the next layer of this mysterious onion peels back and lets us know what's planned.