Conficker has been around since late November 2008
A chronology of key events in the history of the Conficker worm, that has infected an estimated 15 million computers worldwide:
The Gimmiv Trojan, which exploited the vulnerability Conficker capitalises on, is first spotted running in a virtual machine on a server in South Korea. Experts speculate this was a a test run prior to it being released in the wild.
Gimmiv first seen in the wild infecting a PC in Hanoi, Vietnam. Over the next few weeks it manages to infect 200 more machines in 23 nations - most of which were in Malaysia. Mistakes in the way it is coded limit its ability to spread.
Microsoft issues first impromptu and non-scheduled security patch in 18 months - MS08-067 - to address the vulnerability that Gimmiv exploited. Microsoft recommends that the patch be applied immediately. At this point about 800 million Windows machines are thought to be vulnerable.
Chinese hackers prepare a toolkit that lets anyone create code to exploit the vulnerability found by Gimmiv's creators. Initially they sell the kit for $37.80 (£26.48) but soon it leaks to the net and they are forced to give it away. The release of the code prompts many to craft malware that can seek out machines with the bug.
Conficker.A is spotted in the wild. The worm exploits the same vulnerability as Gimmiv with the added twist of being able to infect other computers across a network. It also fixes the bug so other worms trying the same trick are locked out.
Microsoft releases a strongly worded post recommending that users "immediately" apply the MS08-067 update.
Machines infected with Conficker.A activate and begin polling a different set of 250 domains daily for further instructions. Around 500,000 machines are thought to be infected with this variant.
Many infected machines contact trafficconverter.biz for an update file that is not there.
SRI census reveals about 1.5m machines are infected.
The first variant, Conficker.B, is spotted. Like its predecessor it exploits a vulnerability in the Windows Server service but can also spread via removable drives and weak administrator passwords. It also uses an MIT-developed algorithm to obfuscate its communications. Sheffield hospitals confirm 800 of their computers infected
Machines infected with Conficker.B start checking in to a different set of 250 domains.
The UK's MoD suffers its first infections. It takes the department two weeks to clear up the damage.
Microsoft updates its Malicious Software Removal Tool so that it can find and remove the first variants of the Conficker worm.
Conficker.B is spotted exploiting the Windows Vista autoplay feature so it can spread via flash drives and memory sticks.
The numbers of machines infected by Conficker explodes. Many millions are thought to have fallen victim.
Microsoft announces the creation of the Conficker Cabal - a global group of security professionals who will try to disrupt the workings of the botnet created by infected machines. It also $250,000 as a reward for information about the creators of Conficker.
Conficker.B++ is spotted for the first time. It's protocol seems to be in direct response to Cabal's efforts to disable Conficker's communications strategy. It no longer needs to contact internet rendezvous points for updates, instead these can be flashed centrally from any internet address.
Conficker.C turns up. It tries to update all already infected machines with the latest variant. The PCs are organised into peer-to-peer networks and imposes instructions for these machines to check in with a one from a random group of 500 domains pulled from a pool of 50,000 on 1 April.
Machines infected with Conficker.C are expected to connect to domains for more instructions. About two million machines are thought to be infected with this variant.