Underneath the surface, however, Conficker has left itself a window by which it can reestablish contact with the infected system.

For that matter, it might have been a random e-mail generated by an infected system.

It can scan disks of the infected system looking for specific file extensions and contents.

Rather than merely sending spam, it stole banking and other financial information from infected systems.

Also, integration with specialised removal tools is added, for better cleanup of already infected systems.

This Trojan operates through modification to legitimate systems files on an infected system.

Conficker is awake and has been seen "in the wild" as various infected systems reached out to the control servers for data.

Later testing suggests that it functions in only 25% of infected systems.

Any proof of it gathering, then delivering data to the author from the infected system?

Use persistence (makes the server harder to remove from the infected system)