In the seventh biannual Microsoft Security Intelligence Report, the software giant claims that infections from worms have more than doubled between January and June 2009, although Trojans were still the biggest cause for concern. The company also highlighted a notable increase in scareware related infections, where customers are typically persuaded into purchasing bogus antivirus software.

The report claims to have taken extensive coverage of the market, as making use of Microsoft’s comprehensive footprint on consumer as well as corporate computers and the web. Data has also been taken from the company’s Bing search engine as well as various applications, including Live OneCare, Forefront Protection for Exchange cloud service, Malicious Software Removal Tool, and Windows Defender.

The report attributes much of the increase to the ‘Conficker‘ worm, also known as Downadup or Kido and less known ‘Taterf’.

The advice from Microsoft for users was to ensure that they kept an up-to-date antivirus software programme and to exercise caution whilst online.

“We’d recommend, in addition to automatic updates, firewalls and up-to-date anti-virus, that users never log into an account unless they’re on a machine they trust, and don’t download cracks or tips unless from a trusted server,” Cliff Evans, head of Microsoft UK told V3.co.uk.

The spread of the worm wasn’t helped by, according to experts, such a huge number of unsecure PCs; with estimates suggesting that 30% of Window’s remained ‘unpatched’ during the worm’s peak.

So why then, did so many of us forget to patch our PCs and update our antivirus software in the midst of the biggest computer infection outbreak for six years? Is it because many still aren’t overly aware of what a “worm” actually is? After all, we’re constantly being told to keep our passwords safe and watch out for email lottery scams, but how many times have you been told to “look out for that worm”?

Worms work a little bit differently to your typical computer virus in that it doesn’t rely on user activity to activate and spread. Whereas viruses typically activate after a user clicks on an executable file or other program, worms often spread themselves from one computer to another without a user’s prior knowledge.

The typical way in which worms spread is via email. Once they work their way onto a PC, they tend to send copies of themselves to every email address in a user’s email contacts – and then the contacts stored on the recipients PC and so on – one of the reasons why the Conficker worm spread so quickly. Some worms, including Conficker, are also finding ways to infect removable USB flash drives, increasing the spread further.

Once on your PC, worms will look to exploit flaws in an operating system. They will usually hide in parts of the system that are difficult for users to find them in, such as the registry files, and are often only removed with a dedicated worm removal tool.

As for what worms do, that depends largely on the creator’s intentions.

Many worms have been created purely to spread and with comparatively minimal disruption to the computers they pass through, a tactic often used by spammers.

Other worms, however, carry what is known in the industry as a “payload”. This is a code that is designed to cause significant disruption and damage, be it deleting files or encrypting key files on your PC. Some worms are also known to create so-called “openings” or “back doors” for other forms of adware, spyware or viruses at a later date.

By their nature, worms are much less overt than over malware attacks, making them more difficult to spot and prevent. Whilst it is unlikely that you are ever 100% secure from these threats, up-to-date antivirus software, firewall and the latest Microsoft Window’s security updates, will ensure that you have the best possible protection against internet worms.

Users are being advised to download the latest Windows patch from Microsoft and update their antivirus software to ensure that they remain protected from the worm, also known as Downadup, or Kido. The malicious program first emerged in October 2008 but has spread exponentially in recent weeks, highlighting the need for Window’s users to download patch MS08-067.

According to Microsoft, the worm works by exploiting vulnerabilities in the Window’s system, allowing it to search for an executable file called “services.exe”. It then becomes part of that code.

The worm then copies itself into the Windows system folder as a random file of a type known as a “dll”. It gives itself a randomly generated 5-8 character name and then modifies the Registry, which lists key Windows settings, to run the infected dll file as a service.

Once the worm is up and running, it creates a HTTP server, resets a machine’s System Restore point (making it far harder to recover the infected system) and then downloads files from the hacker’s web site.

What makes this worm different is that where most forms of malware use one of a handful of sites to download files from, making them fairly easy to locate, target, and shut down, Conficker uses a complex algorithm to generate hundreds of different domain names every day, making it extremely difficult to trace the source of the virus and close it down.