Virus warning: Latest MyDoom takes aim at Record Industry

A variant of the MyDoom virus aims to take down the website of the much-despised Recording Industry Association of America (RIAA).

The variant has started spreading, albeit slowly, and security experts expect it to target the main website of the music industry after seeing it already cripple the SCO website.

The variant, MyDoom.F, deletes several different types of files stored on an infected computer and aims to attack the websites of Microsoft and the Recording Industry Association of America with a flood of data, antivirus companies said on Friday.

Neither site may feel much pain, however, as the virus has failed to spread quickly.

Craig Schmugar, virus research manager for Network Associates' vulnerability emergency response team, said: "It is not very prevalent. We haven't seen anything beyond [a single] sample in the past 24 hours."

The original MyDoom spread through email in late January, infecting a new computer every time an unwary person opened the attached file containing the program. Between several hundred thousand and two million computers were infected, according to estimates.

Antivirus firms believe that the writer of the MyDoom.F virus is different from the person believed to have authored the first two versions of the code. A later worm, Doomjuice, spread to computers that were already infected by MyDoom and dropped copies of the original virus' source code. It's thought that the author of MyDoom.F used that code to write this new virus.

Vincent Weafer, senior director for the antivirus research centre at security company Symantec, said: "Right now it feels like someone took the original one and modified it. That's just a gut feeling."

The MyDoom.F virus spreads using a variety of subject lines and message text, usually attaching itself to the message as a Zip compressed file. The virus infects Windows computers when the user opens the file.

PCs compromised by the virus send out virus-laden email messages using random addresses found in a variety of files, such as cached Web pages and the Windows address book. The virus also deletes Word documents, JPG picture files, Audio Video Interleaved files, Excel spreadsheets and a few other types of files.

Robert Lemos writes for News.com