MyDoom variant targets Microsoft

The MyDoom worm continued to spread across the Internet on Wednesday, clogging up e-mail traffic and hurting productivity as a new variant emerged to target Microsoft Corp's Web site, security experts said on Wednesday.

Computer security companies warned people not to open any suspicious attachments in official-looking e-mail messages.

Since appearing earlier this week, the worm, also dubbed Novarg or Shimgapi, has infected computers across the globe by enticing users to open a file attachment that releases a program that potentially allows other attackers to gain unauthorized access.

Computer security vendor Symantec Corp said that attackers were already trolling the Web for infected computers so that they could be used to launch new attacks and send spam to spread the virus further.

The financial damage from the virus-like program -- from network slowdown to lost productivity -- is already being measured in the billions of dollars, according to experts.

The latest version of the worm is designed to flood Microsoft's Web site with requests for information in an attempt to bring it down, experts said. This strategy is similar to that of the first version, which targeted the Web site of the SCO Group Inc, the small software maker suing International Business Machines Corp over the use of code for the Linux operating system, they noted.

'It's interesting in that it potentially has a denial of service attack on Microsoft,' said Jimmy Kuo, a researcher at Network Associates Inc's McAfee anti-virus unit.

Kuo said that it was difficult to tell whether the variant, called 'MyDoom.b,' was spreading across the Internet, or 'in the wild.' So far, anti-virus companies have received and analyzed the variant from only a few sources.

The MyDoom variant appeared to have other similar aspects to the first version, in that it exempts e-mail addresses for government agencies, some universities, and some computer security companies, including Symantec.

Computers running any of the latest versions of Microsoft's Windows operating system e-mail program are at risk of being infected, although the worm doesn't exploit any flaws in Windows or software.

Instead, MyDoom is designed to entice the recipient of an e-mail to open an attachment with an .exe, .scr, .zip or .pif extension.

Since the worms often appear as error messages from 'Mail Administrators' and other official-looking addresses, many people inevitably open an attachment after finding minimal information in the message. Users who receive the worm and simply ignore or delete it will be able to avoid any damage.

In response to the worm's targeting its Web site, SCO offered a $250,000 reward for 'information leading to the arrest and conviction of those responsible for this crime.' SCO has drawn the ire of many Linux advocates for its claims that Linux software includes copyrighted code from the Unix operating system.

The attacks from infected computers on SCO and Microsoft are scheduled to begin on February 1 and continue to February 12.