The much-hyped Conficker Windows worm updated itself and is dumping a mysterious payload on infected computers, Britain's The Inquirer reported.
Windows users who have not updated their computer with the latest versions are reportedly the most at risk, according to the report.
The payload is apparently a keystroke logger after secret data stored in users' infected computers and servers.
The sneaky worm, which can jump between computers without human aid, has infected an estimated 3 to 12 million PCs and servers since last fall.
The worm can take control of unsuspecting PCs running Microsoft's Windows operating system. But its creators likely want to use their vast "botnet" to send spam or perform other cybercrimes, and not to bring down the Internet.
That's one reason analysts say the people behind the virus will probably wait to send any commands.
Security companies monitoring the worm have been largely successful at blocking infected machines from communicating with whoever programmed it.
Microsoft issued a software update, called a "patch," to protect PCs from vulnerability back in October. But not everyone applied the patch, and some versions of Conficker actually patch Windows themselves after they've made their way into PCs.
In one telltale sign of an infected machine, Conficker blocks Microsoft's site as well as those of most antivirus companies.
Computer owners can work around that obstacle by having someone else e-mail them a Conficker removal tool.
The Associated Press contributed to this report.