Uhh, what? I have no idea what this "JPG exploit" your talking about is. Conflicker spreads through the MS08-067 RPC vulnerability, removable media, and shared folders; nothing to do with IE or jpegs.

Actually Malwarebytes is free, the paid version just gives you "realtime protection, scheduled scanning, and scheduled updating".

It appears that he did from the screenshots. You can see in the background his desktop has that sort of "OMG YOUR INFECTED, BUY OUR PRODUCT" type text that rouge AV products use to scare people.

At least they had him use a decent anti-malware program. I generally find symantec products to be more of a virus than most viruses, that crap is hard to get rid of once it's installed and doesn't detect much of anything.

It would be a hell of alot easier of software developers didn't require administrative privileges when they really don't need them. I tried to run in a "user" usergroup when I replaces win2k pro with win xp pro but nothing ran correctly. I tried using the "run as" menu and a program called sudo-win which would elevate my privs temporarily then reduce them again. Nothing would install correctly, nothing would run correctly. Even programs that don't use any administrator functions or zones wouldn't work correctly. Realistically, running in a non-admin account is a pain in the ass.

It is common practice for domains to be registered using stolen credit card numbers and phony registration information, as well as using bots within the net to act as proxies between you and the actual server, such as with fast flux. That combined with the fact that the servers are generally hosted in countries that don't have a lot of money, man power, or motivation to track these types of operations down makes stopping them a very difficult process.

I guess it would depend on how you define mutation in terms of a computer worm. If you mean it changes it's executable there is already alot of malware that uses polymorphic code and a few that use metamorphic code. If you mean changing the means of transmission, I'm sure a rudimentary form of mutation could occur using some sort of built in fuzzing and vulnerability analysis engine.

This would only work for centralized command and control mechanisms. More sophisticated bots use decentralized p2p type communication, as was with the storm worm last year. Conflicker uses a built in mechanism to generate new domains to contact each day, and while security firms are deploying blacklists based on the generator code, it could easily be changed in a new variant. This is of course not taking into account the difficulty one would have in getting ISP's to maintain a list of blacklisted domains that changes day to day.

It's autorun.inf not autoexec.bat, and it does require a bit of user interaction. Double clicking on it in explorer in XP will execute it but on systems running vista/7 it must rely on social engineering.