Mador and Putnam speculated that the authors of Conficker and Neeris might be in cahoots. "The earliest samples of Neeris date back to May of 2005, so it seems the Conficker authors may be the copycats here," the argued. "But the Neeris authors added the MS08-067 vector later. Therefore it is possible that these miscreants somehow collaborate or at least are aware of each other's 'products.'"

Coincidentally, the newest version of Neeris started appearing late on March 31 and on the following day, April 1. The latter date was when it could use to route instructions from its controllers, a deadline that sparked a frenzy of doomsday warnings.

"However, [Neeris] was not downloaded by any Conficker variant and there's no evidence that it's related to [Conficker.c's] April 1 domain algorithm activation," said Mador and Putnam.

Although Neeris was first identified nearly four years ago, Microsoft has not added a "fingerprint" for the worm to its Malicious Software Removal Tool (MSRT), the anti-malware utility that the company updates and redistributes each month to Windows machines. The MSRT scans for known malware, then scrubs the system of any it finds. Microsoft added Conficker detection to the MSRT in mid-January.

"Due to the similarities to Conficker, most of the mitigations that were mentioned also apply here," said Mador and Putnam. "Make sure to install MS08-067 if you haven't done so yet and be careful to use only AutoPlay options you're familiar with, or consider disabling the Autorun altogether."