The discovery comes from the laboratories Trend Micro:

It appears that on April 7 the virus has changed the road again, evolving yet again.

Ivan Macalintal and his team reported the emergence of a new suspicious file of 119.296 bytes in the Windows temporary folder (% windir% \ temp).
According to data collected it appears that the virus has downloaded that update, thanks to its ability to receive new payload via peer-to-peer network of other infected hosts.

Another curious detail is that after he tried to download a second encrypted file (print.exe) from a host (goodnewsdigital-com) belonging to the botnet to Waledac , an "old" knowledge of the family of Trojans, whose aim is to subtract sensitive data to users.

Besides Waledac, systems still under the control of Conficker are enabled application installations scareware as " Protect Spyware 2009 "(the same family of the most famous Antivirus 2008 and Antivirus 2009), which is nothing but a virus that masquerades virus from making you believe that your computer is infected, then push for this to buy the full version of the phantom program that will clean your PC from all threats.

And then slowly the motivation of these people it was becoming all too clear: money.

The characteristics of this variant, known as Win32 \ Conficker.E or WORM_DOWNAD.E from TrendMicro, can be found in this analysis described in the Microsoft Malware Protection Center: http://blogs.technet.com/mmpc/archive/2009/ 04/09/win32-conficker-variants-update.aspx