The worm - Downadup (aka Conficker) - is thought to have infected around 3.5 million PCs since its creation, with F-Secure logging a major surge in infections earlier this week.
And, the firm said in an online blog, these figures are a conservative estimate.
The worm exploits a flaw in the Windows Server service used by most versions of the Windows operating system.
Infosecurity notes that Microsoft issued a rapid response security patch for the flaw last October, but the level of infections by the worm this week suggests that a sizeable minority of Windows users have not updated their systems.
Microsoft has added detection for the worm to its Malicious Software Removal Tool (MSRT), an anti-malware utility that the company updates and distributes each month to Windows machines on Patch Tuesday.
F-Secure, meanwhile, says it is monitoring the worm's command and control process by registering domains it expects the malware to try to use to download additional program code to infected machines.
The worm, says the firm, generates hundreds of possible domain names on a daily basis using a complex algorithm.