A brand new variant of the MyDoom worm – MyDoom.f – exists to attack the Microsoft and Recording Industry Association of America (RIAA) Web sites – and will delete files on affected host machines.
This worm first crawled to life online on February 20. It will attempt to launch denial of service (DoS) attacks against the two group's sites.
This worm deletes 40 per cent of the graphic files, Word documents, Excel spreadsheets and Access databases it finds on infected computers. It uses a wide variety of different subject lines, message bodies and attachment names.
Like all the MyDoom variants, MyDoom.f also threatens further harm as it opens a backdoor on infected computers that could allow malicious hackers to run unauthorized code remotely.
The worm will launch a DoS attack on Microsoft and the RIAA between the 17 and 22 of any month. There is a 33 per cent chance that the attack will be against www.riaa.com – otherwise the attack will be against www.microsoft.com.
"This worm is being sighted in larger numbers, suggesting that not all computers have properly protected themselves with the latest anti-virus updates," says Brett Myroff, CEO of NetXactics. "Protection is essential if you are to play your part as a responsible 'Net citizen – or else your computer could become part of the zombie army which will launch the attack on the Web sites of Microsoft or the RIAA."
Unlike earlier versions of MyDoom, this version will not terminate itself at a future date.