Microsoft is gearing up for the initial denial of service attack against its software update service by computers infected with the Blaster worm this coming Saturday.

The worm has been constructed to use infected PCs to launch the attack on the sixteenth of every month by flooding the windowsupdate.com site with requests.

Blaster also contains a message from its writer warning Bill Gates to make his software more secure.

"We're preparing for attack," said Stuart Okin, chief security officer for Microsoft UK. "We've made plans for dealing with the worm's payload but obviously can't discuss exactly what's planned.

"As it is, we've seen very heavy activity on windowsupdate.com in the last few days, for obvious reasons, as people patch their systems."

The US has had the highest number of infections with the UK second, according to Symantec.

Infection rates seem to be falling but it is likely that the virus will continue to be relatively common in the wild for some time to come.

"I think it is going to hang around," said Mark Fisher, technical manager for Trend Micro.

"Home users who may not be patched can harbour a worm like this. Education is going to be key to getting home users to patch more frequently and help avoid future worms."

There had initially been fears that the worm could spread much more rapidly. The US department of homeland security issued two warnings about the flaw used by the worm in the Windows operating systems.

The critical flaw is in Microsoft's Distributed Component Object Model Remote Procedure Call (RPC) interface.

The vulnerability involves the RPC protocol, which deals with inter-computer communications. Microsoft warned that, under certain circumstances, the RPC might not properly check messages sent to the PC.