Between early April and early May, Symantec researchers saw the number of Qakbot-infected computers jump to more than 200,000, much higher than average, according to released by the company this afternoon. Activity from the bot program surges every three to six months, but rarely exceeds 50,000 compromised systems, says Vikram Thakur, principal security response manager for Symantec's threat intel group.

Also see:

"This is definitely something to watch out for, considering it has been under development and it has been continuously evolving over the past few years," Thakur says. "This threat is a major problem for corporations because of just the way it actually spreads within an environment."

Recently, Qakbot appeared online signed with a valid digital key, a technique used most famously by the Stuxnet worm, to appear to be legitimate software. The bot is seeded within a company using compromised Web sites to push code to potential victims. Once inside a corporation, the bot program turns worm-like and spreads to open file shares and internal Web sites, which typically have far less security than external facing services, says Thakur.

"These things are not locked down as much as we imagine inside corporations," he says.