A new variant of the Mydoom internet worm spreading quickly by e-mail on Wednesday has proved less virulent than previous members of the virus family but far more destructive if encountered, internet security experts said.
”We’re a little worried, because this one actually deletes files,” said Mikko Hypponen, with the Finnish Security firm F-Secure.
The original Mydoom.A worm, discovered late last month, infected up to one million computers worldwide in just a few days, clogging the internet and causing huge delays in the delivery of e-mails.
Since then, a number of Mydoom versions have been making the e-mail rounds, wreaking havoc on the way.
The new Mydoom.F version of the virus, which so far accounts for about 3% of all e-mail traffic worldwide, has spread far slower than Mydoom.A, which at its peak accounted for more than 60% of all e-mail traffic, Hypponen said.
But unlike the previous versions of the virus, Mydoom.F actually goes into an infected computer’s hard drive and deletes Windows files like Word documents, Excel spread-sheets, Access databases and image files, he said.
”It’s still getting around, and it’s destructive. We’re worried,” he said. ”The longer people keep their PCs on, the more files they risk losing. This worm keeps going back to attack again and again.”
Hypponen said it was unlikely that the same person who created the first Mydoom worms was behind the new version, pointing out that the Mydoom.C version of the worm spread the original source code to tens of thousands of computers, making it impossible for investigators to establish a unique link to its creator.
”Anyone could have done this. Most likely it’s some kid,” Hypponen said.
F-Secure has received reports of the virus from all of the Scandinavian countries, the United States and across Asia, Hypponen said. — Sapa-AFP