The Honeynet Project on Monday released a paper with a detailed analysis of the Conficker worm as well as some weaknesses in its design that allow for identification of infected machines. In their paper, the Honeynet researchers lay out exactly how to identify and disinfect compromised machines. Conficker attempts to patch the Windows flaw that it uses to compromise machines. But it does so in a sloppy way that allows researchers to identify infected PCs. This information can be used to remotely scan for Conficker infections. In addition to actively scanning, machines infected with Conficker.A and.B can be identified using the presented IDS signatures.
Source: https://threatpost.com/how-identify-and-clean-conficker-infections-033109/72446/