Finnish computer security experts warned on Tuesday of a new worm, known as Doomjuice, that is expected to attack computers infected by Mydoom.
The virus, first detected by Helsinki-based company F-Secure on Monday night, has so far infected at least 30Â 000 computers worldwide since it was activated on Sunday, said the company’s director of antivirus research, Mikko Hypponen.
Like Mydoom.A and Mydoom.B, the new worm is designed to strike Microsoft Corporation’s Windows operating systems and is programmed to launch a worldwide attack on the website of SCO, one of the largest Unix vendors in the world.
“Unlike Mydoom, it does not spread via e-mail. It comes through a backdoor left open by Mydoom,” Hypponen said. “People won’t even realise their computers are being attacked, and then they’ll have both Mydoom and Doomjuice in their computers.”
Although Mydoom is programmed to stop spreading on February 12, Doomjuice could run forever, he warned.
“At least until all computers everywhere infected by both worms have been cleaned up, and that could be years,” Hypponen said.
Doomjuice’s ability to spread is limited because it will only attack computers infected by Mydoom, Hypponen said.
“And lots of them are being cleaned up already at a quick rate.”
Doomjuice drops the original source code of the Mydoom.A worm in an archive to folders on infected computers.
“This proves to us that Doomjuice and Mydoom.A are written by the same people,” Hypponen said. “The source code of Mydoom.A has not been seen circulating in the underground before.”
Last month, Microsoft promised $250Â 000 to anyone who helps find and prosecute the author of the fast-spreading Mydoom virus.
The cash reward is the third so far under a $5-million programme it announced in November to help United States authorities catch authors of damaging virus and worm infections aimed at consumers of the company’s software.
F-Secure, a Helsinki-based company, was one of the first to warn of the dangers of the e-mail Mydoom worm, also known as Novarg. F-Secure said it is difficult to assess fully how destructive Doomjuice has been so far, but that one sensor monitoring a fifth of the world’s internet traffic on Monday found 30Â 000 hits. — Sapa-AP
On the net: F-Secure: F-Secure.com