And had quite an effect on Sheffield NHS networks:
http://www.theregister.co.uk/2009/01/20/sheffield_conficker/
It exploits lots of really poor practice on people’s networks to spread:
– not bothering with updates
– not bothering with MS security bulletins (or not taking “out of band security update” seriously)
– weak passwords, especially for local admin accounts
– people having domain admin accounts for everyday use
– allowing USB storage including autorun
Anyone who’s a home user who’s been running auto updates (this was patched back in October) should be just fine. Still worth having decent passwords though.