Disturbing as it sounds, the computer worm that exploits a month-old Windows bug has infected more than one million PCs in just 24 hours, and the Finland-based security company F-Secure estimated that 3.5 million personal computers worldwide have already been compromised by the Downadup worm, an increase of more than 1.1 million new infections since Wednesday.

Downadup uses a complicated algorithm that changes daily and is based on timestamps from public websites such as Google.com and Baidu.com. With this algorithm, the worm generates many possible domain names every day, such as: qimkwaify.ws, mphtfrxs.net, gxjofpj.ws, imctaef.cc, and hcweu.org.

This makes it almost impossible or impractical for them to be shut down. Basically, the hackers just have to predetermine one possible domain for tomorrow, register it and set up a website, and then they gain access to all of the infected machines. Hundreds of thousands of unique IP addresses connect to the domain F-Secure registered. A very large part of that traffic is coming from corporate networks, through firewalls, proxies and NAT routers.

This means that one unique IP address they see could very well be 2,000 infected workstations in real life. What is really worrying is that all the PCs infected with Downadup can be converted into bots. Downadup spreads through a vulnerability in Windows that Microsoft patched nearly four months ago, but it can also spread by brute-force password attacks and by copying itself to any removable USB-based devices such as flash drives and cameras.

If your PC looks like it has been infected with Downadup, Microsoft recommends that you immediately use the MSRT to clean the machine. Anyone can download MSRT from Microsoft's site or follow some instructions posted at its support site, that walk administrators through the steps of deleting the worm.