They can, however, make changes so that their computers will no longer display the .lnk files used by the worm to spread from system to system. And they can also disable the Windows WebClient service that allows the worm to spread on a local area network. Late Friday, Microsoft released a security advisory explaining how to do this.
"Siemens has started to develop a solution, which can identify and systematically remove the malware," Siemens' Krampe said. He didn't say when the software would be available.
The Siemens system was designed "assuming that nobody would ever get into those passwords," Byres said. "It's an assumption that nobody will ever try very hard against you."
The default username and passwords used by the worm's writers have been publicly known since they were posted to the Web in 2008, Byres said.