For anyone unfamiliar with the worm known primarily as "Downandup / Conficker," here's a recap: it's a clever, nasty worm that's easy to get and hard to get rid of.

How does Downandup / Conficker work?

It works by modifying the way Windows "autorun" feature works, thus tricking users into running the virus. It further spreads through an entirely separate flaw in the Microsoft Windows network system.

The smart folks at Finland-based security firm F-Secure have a complete description of Downandup / Conficker that includes screenshots. It's a fairly straightforward read and especially well worth your time if you believe you're at risk (or may already have) this worm.

Christopher Null, writing for Yahoo! tech, says in his blog about Downandup / Conficker,

From an antivirus standpoint, fixing Downandup isn't easy. The worm is particularly problematic because of the tricky way it involves the user in installing the software, bypassing auto-installation safeguards, plus its sophisticated way of avoiding detection, as it morphs its code constantly (using randomized elements) to make traditional, signature-based detection almost impossible.

Now, while it is clever and sophisticated, it's not impossible to detect. Difficult? Yes. Impossible. No.

This is where using the best antivirus software really makes a difference. The best ones don't just rely on signatures.

Instead they also rely on heuristics to figure out things that match certain general patterns of malware and viruses and to stop them in their tracks.

The degree of sophistication the antivirus software makers put into their AV heuristic engines is a closely guarded secret for them and truly one of the things separating the top antivirus software from the second-rate ones out there.

The smart folks doing research at Finnish security company F-Secure estimated another 6.5 million Windows PCs have been infected by Downadup / Conflicker worm... in the past four days.

That adds to the 2 million plus that were already infected.

If you haven't yet heard the story on this worm, known as Downadup or Conficker, it exploits a bug in the Windows Server service. Affected operating systems include:

• Windows 2000 (all versions)
• Windows XP (all versions)
• Windows Vista (all versions)
• Windows Server 2003
• Windows Server 2008

Worst thing of all about their estimates: even they say they're conservative. Usually in cases like this they really are.

If your computer has been infected with Donwadup/Conflicker, here's where to get Microsoft Downadup/Conficker patch.

They've also issued an update to their Malicious Software Removal Tool.

BBC News covers the IE security flaw and brings these details:

'"In this case, hackers found the hole before Microsoft did," said Rick Ferguson, senior security advisor at Trend Micro. "This is never a good thing."

As many as 10,000 websites have been compromised since the vulnerability was discovered, he said. (We just covered these Internet Explorer security issues.)

"What we've seen from the exploit so far is it stealing game passwords, but it's inevitable that it will be adapted by criminals," he said. "It's just a question of modifying the payload the trojan installs."

Said Mr Ferguson: "If users can find an alternative browser, then that's good mitigation against the threat."' (emphasis ours)

The article goes on to quote another security pro, PC Pro magazine's security editor, Darien Graham-Smith, who added,

"The message needs to get out that this malicious code can be planted on any web site, so simple careful browsing isn't enough."

For anyone reading this who isn't running:
   1.) antivirus software
   2.) a hardware firewall

This is your wake-up call.

Finding the right antivirus software for your money isn't hard to do. Some versions even include both, making them antivirus firewall software in one.

We know we beat the same drum day-after-day here, but we do so because it can't be said enough: run antivirus software, which can often stop attacks like these in their tracks.

We also saw this in a related Computerworld article on the IE flaw:

'Carsten Eiram, chief security specialist at Secunia, in a post to the security company's blog early Friday. "It turned out that a lot of available information and assumptions were wrong."

Among those, said Eiram, was the belief that the vulnerability existed only in IE7 and was related to XML processing -- as some, including Secunia, first thought.

Also incorrect, or at least partly so, is the idea that setting IE's Internet security zone to "High" and disabling scripting will keep one safe from attack, added Eiram. "Technically no ... it is still possible to trigger the vulnerability," he said. "However, it does make exploitation trickier as it protects against attacks using scripting."'

Interesting.

The long-story-short: This means even if you've cranked your settings up in IE, you're still at risk.

Two terms we often hear bandied about out here in the ol' Interwebnets are: spyware and adware.

We used to take the position that adware meant software that didn't steal personal information or "spy" on your Internet habits (namely by reporting them back to a central server) and that spyware was software that did.

Put another way, adware might generate a ton of annoying popups or change your browser settings and such, but as long as it didn't "spy" on you, either by reporting your browsing habit and/or your personal information back to a central server, it was "just" adware and not spyware, per se.

The lines have definitely blurred though, and drawing a clear distinction between one and the other is nigh impossible.

An article on Microsoft.com asks: What is spyware?

The author of this article says,

Spyware is a general term used to describe software that performs certain behaviors such as advertising, collecting personal information, or changing the configuration of your computer, generally without appropriately obtaining your consent first."

Given that this article is (at the time of the writing of our own piece here) +2 years old, we're going to go on record now as saying we agree with this author at Microsoft's definition. 

Whatever the case, one thing is clear: spyware sucks.

30 seconds.

That's about how long it took for one of Microsoft's test computers to be infected when their in-house cybercrime investigators connected it to the Internet.

Typically, when used in such a scenario investigators like those at Microsoft setup the machines without any patches, services packs, or antivirus software. The idea is to get the computers infected on purpose and in doing so, to help the investigators track who's taking control of the computers and what their intents are.

The article on botnets in the New York Times goes on to describe how these computers are used. Most commonly, an infected computer, known as a "zombie" becomes a part of a "botnet".

Such botnets can then be used for almost any purpose from sending bulk email to stealing credit card numbers and personal information--and sometimes even for storing these ill gotten gains.

The solutions to these problems--and protecting your data online--remain unchanged:

Install the best anti virus software

Install a modern software firewall

Keep your computer patched and up-to-date