The variant, MyDoom.F, deletes several different types of files stored on an infected computer and aims to attack the Web sites of Microsoft and the Recording Industry Association of America with a flood of data, antivirus companies said Friday.
Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.
"It is not very prevalent," said Craig Schmugar, virus research manager for Network Associates' vulnerability emergency response team. "We haven't seen anything beyond (a single) sample in the past 24 hours."
The original MyDoom spread through e-mail in late January, infecting a new computer every time an unwary person opened the attached file containing the program. Between several hundred thousand and 2 million computers were infected, according to estimates.
Antivirus firms believe that the writer of the MyDoom.F virus is different from the person believed to have authored the first two versions of the code. A later worm, Doomjuice, spread to computers that were already infected by MyDoom and dropped copies of the original virus' source code. It's thought that the author of MyDoom.F used that code to write this new virus.
"Right now, it feels like someone took the original one and modified it," said Vincent Weafer, senior director for the antivirus research center at security company Symantec. "That's just a gut feeling."
The MyDoom.F virus spreads using a variety of subject lines and message text, usually attaching itself to the message as a Zip compressed file. The virus infects Windows computers when the user opens the file.
PCs compromised by the virus send out virus-laden e-mail messages using random addresses found in a variety of files, such as cached Web pages and the Windows address book. The virus also deletes Word documents, JPG picture files, Audio Video Interleaved files, Excel spreadsheets and a few other types of files.
