We have come across a system infected with W32.Downadup.C that has provided some interesting information. We discovered some similarly named files, 484528750.exe and 484471375.exe, which had shown up in the \Windows\temp folder within one minute of each other. These files turned out to be W32.Waledac and a modified W32.Downadup variant, respectively.
The W32.Downadup variant has some minor differences in functionality, but the presence of the W32.Waledac sample begs the question, "Is Downadup spreading Waledac?" The information we currently have may only be circumstantial, but is certainly worth investigating. We’ll continue to monitor this in an effort to gather more data and determine if this type of dual infection is indeed a trend.