Rmus has created a new DLL test to simulate the conficker worm exploit, where a trusted application rundll32 loads a malicious DLL with a spoofed file extension.

He uses a macro in a MSWord document with the rundll32.exe command. It works on WinXP but the MSWord document should open OK in Vista.

Here we go with the test in Vista:
The Word doc opens, but then the dll is forbidden the right to execute