Despite its size, Conficker has rarely been used by the criminals who control it. Why it hasn't been used more is a bit of a mystery. Some members of the Conficker Working Group believe that Conficker's author may be reluctant to attract more attention, given the worm's overwhelming success at infecting computers.

"The only thing I can guess at is the person who created this is scared," said Eric Sites, chief technology officer with Sunbelt Software and a member of the working group. "This thing has cost so many companies and people money to get fixed, if they ever find the guys who did this, they're going away for a long time."

IT staffers often discover a Conficker infection when a user is suddenly unable to log into a computer. That happens because infected machines try to connect to other computers on the network and guess their passwords, trying so many times that they are eventually locked out of the network.

But the cost of the worm would be even greater if Conficker were to be used for a distributed denial of service attack, for instance.

"This is certainly a botnet that could be weaponized," DeMinno said. "When you have a net of this magnitude, the sky's the limit in terms of what could be done."