I have a quetion on the Conflicker virus. It my understanding that this worm attacks on many fronts

Would this virus be programmed to attack an ip address 24/7 that has a server say WIndows 2003 server and configured running terminal server and through the TS site try to logon as an administrator  or some variation of the bulitin Adminstrator user. and try each varation about 100 - 200 times trying different passwords and then try common names as users and repeating the process?

Also does would it try ro logon onto a SQL Server and try the same? 

The reason that I ask this is that I noticed in the event log of failed logins that was exactly was going on I did a  whois on the on some the of the IP Addresses most were in china and in africa.

[edit: renamed subject for clarity]