In the seventh biannual Microsoft Security Intelligence Report, the software giant claims that infections from worms have more than doubled between January and June 2009, although Trojans were still the biggest cause for concern. The company also highlighted a notable increase in scareware related infections, where customers are typically persuaded into purchasing bogus antivirus software.

The report claims to have taken extensive coverage of the market, as making use of Microsoft’s comprehensive footprint on consumer as well as corporate computers and the web. Data has also been taken from the company’s Bing search engine as well as various applications, including Live OneCare, Forefront Protection for Exchange cloud service, Malicious Software Removal Tool, and Windows Defender.

The report attributes much of the increase to the ‘Conficker‘ worm, also known as Downadup or Kido and less known ‘Taterf’.

The advice from Microsoft for users was to ensure that they kept an up-to-date antivirus software programme and to exercise caution whilst online.

“We’d recommend, in addition to automatic updates, firewalls and up-to-date anti-virus, that users never log into an account unless they’re on a machine they trust, and don’t download cracks or tips unless from a trusted server,” Cliff Evans, head of Microsoft UK told V3.co.uk.

Manchester City Council was one of several government authorities around the world to have been crippled by the outbreak of the Conficker worm earlier this year, with the worm costing the council a reported £1.5m ($2.4m) according to Manchester Evening News.

The clean-up of council IT systems, which made up £1.2m of the overall bill and involved drafting in antivirus consultants and experts from Microsoft, was compounded by numerous other costs that were incurred as a knock-on effect of the infected IT system.

Those included the cost of “writing-off” a total of 1,609 penalty tickets to drivers who had been caught illegally driving in bus lanes across the city. The virus meant that the £60 ($98) fines could not be issued to drivers within the required 28-day time frame, costing the council an estimated £64,000 ($104,000).

£178,000 ($290,000) was spent on additional staffing costs and compensation was also paid out to benefit claimants due to late payments, highlighting the potential cost of inadequate antivirus and IT security systems.

The Conficker worm, also referred to as Kido or Downadup, has gained notoriety in recent months after affecting a number of high profile victims including the French Navy and the US Air Force.

In response to the attack, Manchester Council has brought in a number of IT security measures, including a ban memory sticks and the disabling of USB ports. In February, Microsoft offered a $250,000 reward for information leading to the arrest of the individuals responsible for Conficker. Experts claim that the worm, which has reportedly infected 15million PC’s worldwide, could have caused as much as $9.1bn worth of damage.

Steve Park, Head of ICT at Manchester city council, said: “I’d like to reassure the public that we’ve built on and improved our disaster recovery strategy, which covers all our main networks.

“This means that in the event of an emergency those key systems can be recovered with minimal disruption to the services involved.”

The Cyber Security Institute claims that depending on the number of infections worldwide (with estimates ranging from 200,000 to as many as 10million), the total cost of the Conficker worm, also known as Downadup or Kido, to governments, businesses and individuals could reach as much as $9.1bn (£6.2bn).

The figure, based on estimates from previous virus outbreaks, factors in wasted time, resources, energy as well as the direct cost of countermeasures, such as antivirus software, used to battle the worm. The estimate does not include what the group described as “lost opportunity” costs – the hit to productivity the worm caused, keeping people from working on other projects.

Rob Housman, executive director of the Cyber Secure Institute, said in a statement that it was important to look at the ‘totality’ of the Conficker problem, and that it showed the ongoing vulnerabilities in IT systems and networks.

He said: “Whether or not Conficker turns out to be a sales tool for bogus Ukrainian security software or something much more destructive, the simple fact is that the Conficker worm has infected vast amounts of computers around the world.”

Around 800 computers at the university’s hospital and medical school have been affected by the virus outbreak although patient records are said to be unaffected.

The outbreak, which was first noted on Thursday, was said to be still active on Monday but a spokesperson claimed that IT staff had managed to “contain” the virus, even though there were a number of cases in which the virus had returned to a computer even after it had been removed.

The outbreak comes after security experts noticed an increase in the virus’ activity in the past week, with a new version of the worm now appearing to be active.

The virus, also known as Downadup or Kido, had been expected to update itself on April 1 although no increase in activity was reported.

Although analysis has yet to confirm what the virus actually does, it is widely believed that the update will install a “rootkit” into Window’s PCs which will then be used to steal valuable user details, such as credit card or online banking login details.

There is also evidence to suggest that Conficker is also promoting the sale of fake antivirus software, known as Spyware Protect 2009.

If you believe that your PC has been infected by the Conficker virus, you can get a free system check from the University of Bonn. If you’re PC has been infected, download the K7 Computing Conficker removal tool. Microsoft has also issued a guide on the virus.

To prevent your PC from becoming infected, please download the latest antivirus software update.

The latest form of the virus, which has infected an estimated 15 million users worldwide, contains an instruction to perform a particular action on April 1, although nobody is yet sure as to what, if anything, that action is.

There are also suggestions that, given the hype over the worm, we could be about to witness the internet’s biggest ever April Fool’s Day joke.

The Conficker virus, also known as Downadup or Kido, has gained notoriety in recent months due to the rate at which it has spread as well as the number of high-profile organisations that have fallen prey to it. To date, several government, military and health systems are known to have been affected by the worm including the British Houses of Parliament IT system.

The virus buries itself deep inside the Windows operating system where it can then be used to steal users’ passwords and personal information, including bank details. It sets up files and starts downloading information from a controlling server, creating a “botnet” of infected PCs.

Many security experts believe that from midnight on April 1, the Conficker program will start scanning thousands of websites for a new set of instructions telling it what to do next.

Microsoft, which has released several security updates and urged customers to update their antivirus software, has offered a $250,000 reward for information that leads to the capture and conviction of the authors of the virus.

If you feel that you have been infected by the worm, download the free Conficker removal tool.

The spread of the worm wasn’t helped by, according to experts, such a huge number of unsecure PCs; with estimates suggesting that 30% of Window’s remained ‘unpatched’ during the worm’s peak.

So why then, did so many of us forget to patch our PCs and update our antivirus software in the midst of the biggest computer infection outbreak for six years? Is it because many still aren’t overly aware of what a “worm” actually is? After all, we’re constantly being told to keep our passwords safe and watch out for email lottery scams, but how many times have you been told to “look out for that worm”?

Worms work a little bit differently to your typical computer virus in that it doesn’t rely on user activity to activate and spread. Whereas viruses typically activate after a user clicks on an executable file or other program, worms often spread themselves from one computer to another without a user’s prior knowledge.

The typical way in which worms spread is via email. Once they work their way onto a PC, they tend to send copies of themselves to every email address in a user’s email contacts – and then the contacts stored on the recipients PC and so on – one of the reasons why the Conficker worm spread so quickly. Some worms, including Conficker, are also finding ways to infect removable USB flash drives, increasing the spread further.

Once on your PC, worms will look to exploit flaws in an operating system. They will usually hide in parts of the system that are difficult for users to find them in, such as the registry files, and are often only removed with a dedicated worm removal tool.

As for what worms do, that depends largely on the creator’s intentions.

Many worms have been created purely to spread and with comparatively minimal disruption to the computers they pass through, a tactic often used by spammers.

Other worms, however, carry what is known in the industry as a “payload”. This is a code that is designed to cause significant disruption and damage, be it deleting files or encrypting key files on your PC. Some worms are also known to create so-called “openings” or “back doors” for other forms of adware, spyware or viruses at a later date.

By their nature, worms are much less overt than over malware attacks, making them more difficult to spot and prevent. Whilst it is unlikely that you are ever 100% secure from these threats, up-to-date antivirus software, firewall and the latest Microsoft Window’s security updates, will ensure that you have the best possible protection against internet worms.

The Conficker has spread widely in recent months, with as many as 10 million PCs affected since a mass outbreak last month, including several high-profile systems including the UK National Health System and MoD.

The worm, also known as Downadup or Kido, spreads through a hole in Windows systems, exploiting a vulnerability that Microsoft patched in October. The spread of the virus was aided by the growing use of USB flash drives and external network devices.

General Manager of the Trustworthy Computing Group at Microsoft George Stathakopoulos said that the company would not tolerate the release of illegal malware which attacked their customers.

“As part of Microsoft’s ongoing security efforts, we constantly look for ways to use a diverse set of tools and develop methodologies to protect our customers,” said Mr Stathakopoulos. “By combining our expertise with that of the broader community we can expand the boundaries of defence to better protect people worldwide.

“Microsoft’s approach combines technology innovation and effective cross- sector partnerships to help protect people from cybercriminals. We hope these efforts help to contain the threat posed by Conficker, as well as hold those who illegally launch malware accountable.”

Microsoft has previously offered such rewards on two previous occasions. In 2003, the company offered a reward of $500,000 for the conviction of the author of the Blaster and Sobig worms and in May 2004 the software giant paid $250,000 to a group of German students whose classmate, Sven Jaschan, was the author of the Sasser and Netsky worms.

The figure makes it the worst outbreak of any form of malware since the Slammer worm outbreak back in 2003.

Whilst surveys have shown that Asia and Latin America have been the most badly affected by the outbreak of the worm, some 3,000 organisations have been affected by the virus – including the Ministry of Defence as well as a number of NHS Trusts and local authorities.

Around 3m PC’s are believed to have been affected by the worm, also known as Kido or Downadup, since Thursday alone. On Wednesday it was revealed that the worm is exploiting a weakness in the Beta release of Windows 7.

The spread of the worm has been largely attributed to the widespread use of USB sticks, which become infected with the worm before then being transferred to another PC.

Experts think a new variant is responsible for the recent outbreak, which has shot up from 2.4m infected computers on 15 January and are urging users to update their antivirus software and install Microsoft patch MS08-067.

K7 Computing has also released a free tool to remove the worm from already infected PC’s. The tool can be downloaded here.

The worm, which has infected around 9m PC systems around the world, had heavily affected users of Microsoft’s XP and Vista software but users of the newly released Beta version of Windows 7 are now at risk from the virus.

The “Autoplay” function in Vista and early versions of Windows 7 automatically searches for programs on removable drives, such as a USB memory stick, when they are attached.

However, the virus hijacks this process, disguising the executable program file as a folder to be opened. When clicked, the worm installs itself in the registry of the PC.

It then attempts to contact one of a number of web servers, from which it could download another program that could take control of the infected computer. There are also reports that the worm disables the automatic updates features in Windows that would prevent further infection.

The virus, also known as Kido or Downadup, has already claimed a number of high-profile victims in the past weeks.

The Ministry of Defence has been battling an outbreak of the virus across its network whilst a network of hospitals across Sheffield, UK had more than 800 PC’s infected according to The Register.

Users are urged to download the KB958644 Security Update from Microsoft and update their antivirus software immediately to lower the risk of infection.

Users are being advised to download the latest Windows patch from Microsoft and update their antivirus software to ensure that they remain protected from the worm, also known as Downadup, or Kido. The malicious program first emerged in October 2008 but has spread exponentially in recent weeks, highlighting the need for Window’s users to download patch MS08-067.

According to Microsoft, the worm works by exploiting vulnerabilities in the Window’s system, allowing it to search for an executable file called “services.exe”. It then becomes part of that code.

The worm then copies itself into the Windows system folder as a random file of a type known as a “dll”. It gives itself a randomly generated 5-8 character name and then modifies the Registry, which lists key Windows settings, to run the infected dll file as a service.

Once the worm is up and running, it creates a HTTP server, resets a machine’s System Restore point (making it far harder to recover the infected system) and then downloads files from the hacker’s web site.

What makes this worm different is that where most forms of malware use one of a handful of sites to download files from, making them fairly easy to locate, target, and shut down, Conficker uses a complex algorithm to generate hundreds of different domain names every day, making it extremely difficult to trace the source of the virus and close it down.