At the recent Black Hat security conference in Las Vegas, anti-malware researchers spent a lot of time discussing the Conficker botnet worm, as you might expect following one of the largest-scale infections ever seen.

It was apparent that although business seems to be forgetting about it, Conficker still represents a major threat.  Over 5.5 million infected PCs are still out there, with most of the infections in Brazil, China and Vietnam.  The problem is, no-one really knows what kind of threat, or how that threat will be realised. 

More detail was given on how the worm spreads via unsecured USB flash drives.  Conficker’s code is able to trigger an autorun on Windows, even when a user might have had autorun disabled for USB media.  Conficker’s code actually tricks the user by getting Windows to show the icon for ‘open folder’, getting the user to actually run and execute the code.

As we’ve mentioned before, secure USB flash drives with onboard anti-malware can stop the spread of Conficker via this vector.  But the infection is still widespread – so ensure your systems are disinfected, patched and updated before the sleeping giant wakes up.