F-Secure, and SecureWorks are among those that believe Conficker.E--first spotted just this April and probably created by the same attackers that since last fall let loose the variants--has been designed to simply self-detonate on May 5th.

"It will simply self-destruct," says Mikko Hypponen, chief research officer at F-Secure, pointing out that researchers, who had been arguing over name for variants, agreed to skip past the name "Conficker.D" entirely to settle on the name "Conficker.E."

But even if Conficker.E does simply self-destruct as expected, that still leaves millions of Windows-based computers around the work infected with Conficker.C, which has become active this month in terms of beginning to try and lure victims to fake anti-virus sites--some dub it "fraudware"--to get victims to pay US$50 or so to get rid of Conficker.C.

"We're starting to see some revenue generation," said Phillip Porras, program director in the computer sciences laboratory at SRI International, in a presentation he gave today at the RSA Conference here concerning Conficker. "We're starting to see some business models come out of it."

Security researchers in industry and government are using various means to monitor Conficker.C behavior (which can block over 114 legitimate anti-virus sites and now works in conjunction with the botnet Waledec).