This is a hell smart worm :

Conficker.B uses the Conficker.A approach, plus a whole lot more — as a "blended threat," it's an equal-opportunity infecter. The MMPC's TechNet blog offers an excellent, graphical overview of the ways that Conficker.B can get into your network. Here are the main attack vectors:

Conficker.B uses the old Conficker.A approach: simple Trojans that arrive via e-mail or by downloading an infected program.

Once a PC on a network is infected, Conficker.B reaches across the network to see whether any of its PCs have not yet patched the MS08-067 hole. After infecting these unprotected PCs, Conficker plugs the MS08-067 hole, presumably so other, similar worms can't get in. What a sneaky buzzard!

If Conficker.B finds that it can't get into a computer via the MS08-067 hole, it tries to break in by using the standard Windows admin account, entering each of 248 common passwords. This weak password list (which you'll find under the Analysis tab) includes such all-time favorites as admin, mypass, test, foo, 1111, and many others you may have seen before.

Once Conficker.B gains entry to a networked machine, it drops a copy of itself onto the target's hard drive and creates a scheduled job that runs the infected file. Conficker.B also loads itself onto all accessible shared folders. Ho-hum.

Finally, Conficker.B scans and infects all removable devices on the system, including USB drives and external hard drives.

WETERTYTEY