Virus update: Mydoom is everybody's gloom

MyDoom - or Shimg - has become the first major infection of 2004, and while the year is still young it will take some beating if it's not to still be the worst come year-end.

Within 24 hours of it first appearing, MessageLabs had intercepted 1.2 million copies of MyDoom, leading the antivirus vendor to pronounce it the fastest-spreading virus of all time.

While vendors have been quick to point out that the email itself is nothing special, its rate of spread and self-propagation has surprised many.

The virus first appeared in Russia and spread overnight - following the sun as business worldwide woke up to infected inboxes.

Simon Perry, divisional vice president security strategy at Computer Associates, expressed an element of surprise that something almost retro in its design can cause such havoc.

"It's nothing unusual as far as technique - it propagates via address list. But it is doing so very effectively," he said. "It seems that we can still have your bog-standard email blaster giving us grief, even in this day of the vulnerability exploit."

However, Perry made it clear that the writer hasn't left everything to chance. The worm does have some tools in its arsenal to evade detection and aid propagation.

"The main reason it is spreading so effectively is that it is highly adaptive in the email form it takes. It spoofs origin address, alters email title, email content and attachment at random," he said.

To date the most headline grabbing element of the worm's existence has been its apparent anti-SCO mission - leading some to suggest it is the latest offensive in the newly coined 'Linux Wars' as techies air their frustrations at SCO's open-source licensing claims.

Graham Cluley, senior technology consultant for Sophos, said: "The MyDoom worm takes the Linux Wars to a new intensity. It appears that the author of MyDoom may have taken the war of words from the courtrooms and internet message boards to a new level by unleashing this worm which attacks SCO's website."

"If we ever get our hands on MyDoom's creator my guess is that he will be an open-source sympathiser. Of course, it's the last kind of assistance the open-source community would want at this time," added Cluley in a statement.