The worm is slowing the Internet; it may use infected computers to attack SCO's Web site on Feb. 1.
MyDoom continued its voracious infection rate throughout Tuesday, clogging E-mail in-boxes and degrading overall Internet performance. Antivirus companies tracking the worm's spread say they're catching infected E-mails in every one out of nine to 10 E-mails.
Secure E-mail services provider MessageLabs says it has intercepted more than 1.76 million infected E-mails since MyDoom was first found on infected systems in the Russian Federation.
On Tuesday afternoon, Web-site performance-monitoring company Keynote Systems Inc. reported that the effects of the MyDoom worm had dragged down Internet performance. According to the company, Web-page downloads were delayed up to 3.9 seconds.
Antivirus companies warn that MyDoom spreads through peer-to-peer networks and by sending E-mails with random subject headings, including "Hello." MyDoom also carries E-mail attachments with various file names, including body.zip, text.zip, and readme.zip. The worm also opens a port to listen for potential future instructions.
Upon activation--usually when a recipient clicks on an E-mail attachment--the rogue program searches though address books and sends itself to E-mail addresses it finds. It chooses one as the sender, so recipients may believe the message comes from someone they know.
Unlike other mass-mailing worms, MyDoom doesn't try to trick victims with promises. Rather, messages carry innocuous-sounding subject lines, like "Error" or "Server Report" and messages in the body such as "Mail transaction failed. Partial message is available."
The latest Internet attack appears aimed at setting up computers for a Feb. 1 attack against the Web server of SCO Group Inc., which has angered the Linux community by launching a legal challenge to the open-source operating system. SCO claims Linux contains its copyrighted code.
SCO has been the target of several attacks during the last year, with the latest taking down the company's server for more than a day in December.
According to some experts, the latest worm appeared to be spreading even faster than other major virus attacks, such as last year's Sobig and Mimail.
Antivirus software maker Symantec Corp. said 9% of the infections have been reported by businesses, with consumers reporting the rest. That's higher than average for corporate infection. Symantec has ranked the virus a level 4 on a 1-to-5 scale, with 5 being the highest.
"The volume that we're seeing right now hasn't really decreased," a Symantec spokesman said during a teleconference Tuesday. "We're still seeing the same volume on an hourly basis as we'd seen fairly early on when this threat broke out. That tells us it's still spreading and people are still becoming infected with this."
IT's Reputation: What the Data SaysInformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
What The Business Really Thinks Of IT: 3 Hard TruthsThey say perception is reality. If so, many in-house IT departments have reason to worry. InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business views IT's performance in delivering services - and, more important, powering innovation. The news isn't great.
InformationWeek Must Reads Oct. 21, 2014InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.