"https://en.wikipedia.org/wiki/Conficker
Conficker D 2009-03-04
HTTP pull
Downloads daily from any 500 of 50,000 pseudorandom domains over 110 TLDs
P2P push/pull
Uses custom protocol to scan for infected peers via UDP, then transfer via TCP
Blocks certain DNS lookups
Does an in-memory patch of DNSAPI.DLL to block lookups of anti-malware related web sites
Disables Safe Mode
Disables AutoUpdate
Kills anti-malware
Scans for and terminates processes with names of anti-malware, patch or diagnostic utilities at one-second intervals
Downloads and installs Conficker E
