MyDoom continued its voracious infection rate throughout Tuesday, clogging E-mail in-boxes and degrading overall Internet performance. Antivirus companies tracking the worm's spread say they're catching infected E-mails in every one out of nine to 10 E-mails.
Secure E-mail services provider MessageLabs says it has intercepted more than 1.76 million infected E-mails since MyDoom was first found on infected systems in the Russian Federation.
On Tuesday afternoon, Web-site performance-monitoring company Keynote Systems Inc. reported that the effects of the MyDoom worm had dragged down Internet performance. According to the company, Web-page downloads were delayed up to 3.9 seconds.
Antivirus companies warn that MyDoom spreads through peer-to-peer networks and by sending E-mails with random subject headings, including "Hello." MyDoom also carries E-mail attachments with various file names, including body.zip, text.zip, and readme.zip. The worm also opens a port to listen for potential future instructions.
Upon activation--usually when a recipient clicks on an E-mail attachment--the rogue program searches though address books and sends itself to E-mail addresses it finds. It chooses one as the sender, so recipients may believe the message comes from someone they know.
Unlike other mass-mailing worms, MyDoom doesn't try to trick victims with promises. Rather, messages carry innocuous-sounding subject lines, like "Error" or "Server Report" and messages in the body such as "Mail transaction failed. Partial message is available."
The latest Internet attack appears aimed at setting up computers for a Feb. 1 attack against the Web server of SCO Group Inc., which has angered the Linux community by launching a legal challenge to the open-source operating system. SCO claims Linux contains its copyrighted code.
SCO has been the target of several attacks during the last year, with the latest taking down the company's server for more than a day in December.
According to some experts, the latest worm appeared to be spreading even faster than other major virus attacks, such as last year's Sobig and Mimail.
Antivirus software maker Symantec Corp. said 9% of the infections have been reported by businesses, with consumers reporting the rest. That's higher than average for corporate infection. Symantec has ranked the virus a level 4 on a 1-to-5 scale, with 5 being the highest.
"The volume that we're seeing right now hasn't really decreased," a Symantec spokesman said during a teleconference Tuesday. "We're still seeing the same volume on an hourly basis as we'd seen fairly early on when this threat broke out. That tells us it's still spreading and people are still becoming infected with this."