Virus alert: Latest MyDoom causing pain for users

The latest MyDoom variant - MyDoom.O - is beginning to cause havoc for some email and internet users amid rumours circulating on the internet that the self-propagating worm is the most likely cause of lengthy downtime for search giant Google.

UK email filtering firm MessageLabs identified the mass mailer on Monday and said the virus' SMTP engine sends emails to addresses harvested from infected machines.

The 'sender's' email address is spoofed and it is thought the worm also spoofs the mailer-daemon@ address - commonly used to indicate a delivery failure, thus enhancing the complex layers of social engineering. The creator will doubtless be hoping it tricks recipients into believing a genuine mail has been returned for a reason they'll be tempted to ascertain.

Natasha Staley, information security analyst at MessageLabs, told silicon.com: "It's a clever move. People are used to the 'naked celebrity' angle and there's nothing about this more low-key approach that screams out as being anything suspicious."

Most likely to be caught out are less threat-savvy home users who may assume an important email has failed to reach the intended recipient and open the returned attachment.

The executable attachment is approximately 27,648 bytes in size, according to MessageLabs. The virus is also packed with UPX v1.0x and stored in a ZIP attachment.

While MessageLabs had intercepted around 25,000 copies of the virus by 18:30(BST) Staley cautioned that there is still a way to go before it apes the success of the first MyDoom worm which broke through the million mark within the first 24 hours of spreading.

"It's not batten down the hatches time," said Staley. "Nobody should be rushing out and buying tinned food and bottled water just yet."

However, Staley said the full effects of the virus may not be known until it fully impacts upon US and Asia Pacific networks.

While caution is obviously advised when opening any suspect email, the subject lines to be wary of in this instance include: "delivery failed", "Message could not be delivered", "Mail System Error - Returned Mail", "Delivery reports about your e-mail", "Returned mail: see transcript for details", "Returned mail: Data format error instruction", "MAILER-DAEMON", "Mail Administrator", "Automatic Email Delivery Software", "Post Office", "The Post Office", "Bounced mail", "Returned mail" and "Mail Delivery Subsystem".

Google was unable to comment on currently unfounded rumours that lengthy downtime on its search site is down to the virus. Popular tech gossip site Slashdot.org was reporting that to be the case as of 19:00(BST). A spokeswoman for Google UK said she was unable to comment pending an update from the US.