The intentions of the cybercriminals behind the Conficker worm are still unknown, says an industry group set up to combat the malware.
Conficker is state-of-the-art malware that is still showing up on millions of computers around the world, said Rodney Joffe, director of the Conficker Working Group.
Conficker is a perfect platform to carry out attacks if those behind it decide to use it or sell off bits of the botnet to other criminals now that attention has died down, he told ComputerWeekly.
If that happens, Joffe said many organisations are in for a rough ride, including UK enterprises which own a significant number of the country's infected computers.
"Not just regular companies, but also companies involved in critical infrastructure," he said.
IP addresses associated with two UK airports have shown up in the Conficker Working Group's routine scans in recent weeks. Although these infected IP addresses may have been picked up from guest accounts on the wireless networks, the concern is that the infection is still on the network and could infect the airports' IT systems, said Joffe.
"Conficker is far from defeated and organisations cannot afford to ignore it," he said.
The effects could be staggering if Conficker is activated and starts to capture and transmit financial information, warned Joffe.
"Enterprises should not assume that because Conficker has gone quiet that those behind it have walked away and will not use it to do anything malicious," he said.
According to Joffe, Conficker has already been used to spread fake anti-virus software and other malicious software, including Waledec.
"An enterprise that ignores the issues around Conficker risks being liable for whatever may happen because they did not take action even though they knew they were infected," he said.