conficker

Good morning,

Server 2003 enterprise SP2, XP clients SP3

our network is patched appropriately with ms08-067 (at least we thought) and
we had a conficker virus appear on a non exch mail server which has now been
dealt with.

Can you advise if it is possible to locate the exact source of entry of
conficker and if so what networking techniques could be employed?

I am aware of the 3 methods of infection as below

It exploits the MS08-067 vulnerability,
It brute forces Administrator passwords on local networks and spreads
through ADMIN$ shares
It infects removable devices and network shares by creating a special
autorun.inf file and dropping its own DLL on the device.