Also known as W32.Novarg.A@mm, the worm only activates when an e-mail attachment is opened and it is programmed to launch an attack on the web site of The SCO Group from 1st February.
"Sobig.F move over," said Mark Sunner, chief technology officer at MessageLabs. "Mydoom has just surpassed Sobig.F as the fastest spreading virus ever."
According to the anti-virus firm, users are being tricked by the nature of the attachment. Sunner explains: "With a text file icon instead of graphics that lead people to believe it is innocuous, this virus appears to have hit a sweet spot in execution and propagation."
MessageLabs said it stopped more than 1.2 million copies of the worm in the first 24 hours of the attack – with a peak infection rate of 1 in 12 e-mails. Its first intercept was in an e-mail sent from Russia.
The mass-mailing worm uses e-mail and Kazaa shared directories to propagate. Infection occurs if the e-mail attachment is opened by, or the Kazaa program is downloaded to a computer using a Windows operating system. The advice, as always, is not to open the attachment, and to delete any suspicious e-mail messages.
The consequences of infection are still being assessed. One obvious result is the flood of e-mails now swamping the internet as the virus tries to replicate itself – with an inevitable slowing of network speeds.
But the infection has a more sinister side. According to Symantec, another anti-virus firm, the virus could be used to give a hacker remote access to an infected computer. It is also programmed to launch a denial of service attack – where a server is overloaded to the point of collapse – on The SCO Group's web site from 1st February. The SCO Group is in the middle of a very bitter dispute with the Linux community over alleged infringements of SCO's intellectual property rights.
The likelihood is therefore that the virus has been created by a pro-Linux supporter.
According to Graham Cluley, senior technology consultant for anti-virus firm Sophos:
"It appears that the author of MyDoom may have taken the war of words from the courtrooms and internet message boards to a new level by unleashing this worm which attacks SCO's website. If we ever get our hands on MyDoom's creator my guess is that he will be an open source sympathiser. Of course, it's the last kind of assistance the open source community would want at this time."
