Internet worm — referred to as "downadup" or "conficker."

In less than three weeks, the worm has spread to more than 1 million PCs around the globe, mostly inside companies, according to estimates from F-Secure and Atlanta-based security firm SecureWorks. A worm of that magnitude has not been seen since 2004.

The worm takes advantage of a security hole that exists on hundreds of millions of Windows PCs. Microsoft issued an emergency patch for the hole in October. Because most Windows PCs connected to the Internet were vulnerable without the patch, the security community went on high alert.

The worm first appeared on Jan. 7. Tech security researchers say it probed for and implanted itself on any unpatched Windows PC. It then scanned for, broke into and infected all nearby computer servers. It also implanted itself onto any portable device plugged into the PCs' USB inputs, such as a thumb drive storage stick, an iPod or a digital camera. When the corrupted device was plugged into another computer, that machine became infected — and began searching for other PCs to infect.

The National Cyber Alert System of US-CERT advises corporations to disable a Windows feature, called autorun, to help cut down infections from USB devices. Microsoft has a cleanup tool available. But the worm blocks Internet traffic trying to get to Microsoft's tool. "This worm was written by people who know what they're doing," Runald says.

Security companies have banded together to block some of the 250 Web addresses that infected PCs are instructed to contact for further instructions. But the list changes once a day.