MyDoom variant attacks Microsoft.com

Same author, less damage

A variant of the prolific MyDoom worm which is programmed to attack both Microsoft.com and SCO's Web site has been unleashed.

Like its predecessor, MyDoom-B spreads via email or the KaZaA file-sharing network.

The worm made its first appearance this afternoon and is, so far, less common than MyDoom-A, according to Alex Shipp, senior AV technologist at mail filtering firm MessageLabs.

AV vendors are still analysing the malware.

Denis Zenkin, of Russian AV outfit Kaspersky Labs, told El Reg that he is convinced the variant was released by the same person or group responsible for the original virus.

Revamping a virus requires access to source code - which hasn't yet been published on virus-writing sites, according to Zenkin.

Kaspersky also reckons MyDoom-B is probably using machines infected by the original virus to propagate, another factor which points to the same perpetrator being behind both attacks.

AV vendors are in the process of updating protection to defend against the worm. For now probably the best advice is to treat unsolicited attachments with extreme scepticism. ®

Related Stories

SCO posts $250,000 worm bounty
Latest Email worm has SCO-facing payload
MyDoom is the worst virus ever
Viruses and hackers make Windows more secure - Gates

Sponsored: Network DDoS protection