Conficker is a two action worm: it spreads itself, and then it prevents infected PCs from being cleaned up. Once infected, the worm searches out servers and executes a brute force password breaking program. It also spreads itself to any shared hard drives. It also makes a copy of itself on any device plugged into a USB port, such as any thumb drives, music players, or digital cameras. When that infected device is later plugged into another PC, it infects that machine, which then begins to similarly spread more infections.
What makes Conficker so difficult to stop is that at least once a day, each infected machine tries to connect sequentially with a list of 250 Internet domains for further instructions. Each day this list of 250 domains -- each one a potential command and control server-- changes. Security vendors have figured out the simple algorithm being used to derive this daily list.
Kaspersky, F-Secure, Secureworks and Sophos have begun registering some domains to cut off the bad guys from sending instructions via those domains.