The anti-virus industry has raised alert levels on a new variant of the Mydoom virus that is currently spreading in the wild.

The worm appears to be a re-emergence of the Mydoom-O version that targeted Google with some success in July last year.

The worm attempts to re-send itself, not by harvesting email addresses from user accounts, but by searching AltaVista, Google, Lycos and Yahoo for addresses posted on websites. Its quick spread last year caused the Google website to be disrupted.

The new version is slightly repackaged in an attempt to avoid anti-virus detection, but analysts believe Google is safe for now.

"Right now, we're not seeing anything like as many reports of this new version of the MyDoom virus as we did last July," said Graham Cluley, senior technology consultant for anti-virus firm Sophos.

Russian outfit Kaspersky believes the worm itself is not new at all (despite some news reports suggesting otherwise) but simply uses a different packer (MEW instead of UPX).

Variants of the Mydoom virus have a long and chequered history. First found on January 26, 2004 it is widely regarded as the fastest travelling internet worm yet. It initially used system error messages to fool people into executing it and capitalised on first hitting the web during US business hours, resulting in its rapid spread. Variants of the original still regularly appear on end-of-month top ten virus lists documenting viruses in the wild.

www.kaspersky.com
www.sophos.com