The DownAdUp worm (aka Conficker or Kido) is a piece of malware, malicious software, that first wormed its way on to computers in November 2008. Now computer security specialists F-secure have completed tests on the worm’s behavior and estimate that there are 6.5 million infected computers. This compares very badly with the mere 0.5-1.0m infected by a previous nasty, the Storm Worm in September 2007.

The Register explains a little as to how the DownAdUp worm works:

The worm uses a complex algorithm to develop a changing daily list of domains which infected machines attempt to establish contact with. Hackers need only register one of these possible names to establish contact with the botnet established by Conficker. The tactic is designed to frustrate attempts by security watchers to dismantle the command and control network associated with compromised machines.

Security experts suggests that the creation of a botnet of computers infected with DownAdUp will allow hackers to take control of vast legions of PCs and use them to block big name sites using a distributed denial of service (dDOS) attack or to send millions of untraceable spam emails from the infected hoards.

The DownAdUp worm exploits a security vulnerability in Microsoft Windows that was actually patched before the worm entered the wild. Of course, if you have disabled auto updates from Microsoft, for some silly reason, then your PC may be one of the infected millions.

If you inadvertently clicked on a malicious folder or link on an external USB storage device attached to your PC or a network share, you may have been infected, Autorun for such devices could also cause the worm to slither on to your machine. SANS explains how the worm uses a nifty bit of social engineering and preys on the possible naivety of Vista users when confronted with an Autoplay options box.

According to eHow, “Unless you connect your personal laptop to your work network, you are at low risk. Keep in mind that the virus CAN be spread through the use of USB pen drives/flashdrives.” It does not spread through email.

Nevertheless, 6.5 million computers running Windows XP, Vista, 2000, Server 2003 and Server 2008 are currently infected, and may show no obvious symptoms. That number is expected to rise although you can protect yourself by making sure you have up to date antivirus software (I recommend AVG free from Grisoft) running, and Microsoft updates enabled and up to date!

F-secure has a disinfection tool to remove DownAdUp/Conficker. The BBC meanwhile is reporting a new variant of the worm and suggesting that “hackers” are yet to activate the worm’s payload.