Experts say Mydoom could make up to 30% of all e-mail traffic

They fear that the thousands of PCs infected by the first Mydoom bug are being used to spread the new variant.

The second strain, called Mydoom.b, is programmed to attack the websites of Microsoft and software firm SCO.

Microsoft has joined SCO in offering a $250,000 reward to find those behind what is now ranked as one of the largest virus outbreaks ever.

At its height, Mydoom made up 30% of all e-mail traffic, according to anti-virus firms

Unauthorised access

The virus arrives as an e-mail attachment which sends itself out to other addresses if opened, and may allow unauthorised access to computers.

It only affects computers using Microsoft Windows and also spreads through file-sharing networks, like Kazaa, installing a "backdoor" onto machines if launched.

MYDOOM DETAILS From: random e-mail address To: address of the recipient Subject: random words Message body: several different mail error messages, such as: Mail transaction failed. Partial message is available Attachment (with a textfile icon): random name ending with ZIP, BAT, CMD, EXE, PIF or SCR extension When a user clicks on the attachment, the worm will start Notepad, filled with random characters Mydoom questions? Click here

Anti-virus firm Kaspersky Labs said it fears that the backdoor installed on many machines is already being used to spread the new variant.

Web monitoring firms have detected a huge increase in the amount of scanning for infected machines.

Some of this scanning could be due to companies finding and cleaning infected machines but some of it is thought to be the work of malicious hackers keen to exploit the army of machines compromised by Mydoom.

An infected computer could allow attackers to get unauthorised access to a user's machine and use it to bring down websites, according to security experts.

The Mydoom variant is designed to attack www.microsoft.com, the main Microsoft website, as well as the SCO website, which had been the target of the original worm.

The attacks are scheduled to begin on 1 February and continue until 12 February.

100m infected e-mails

The worm, also known as Novarg, is bigger and faster than last year's Blaster and Sobig ones.

According to Finnish security experts F-Secure, Mydoom flooded the internet with more than 100 million infected e-mails in its first 36 hours.

PROTECT YOURSELF FROM VIRUSES Install an anti-virus program. Keep it up to date Get the latest patches and updates for your operating system Never automatically open e-mail attachments Download or purchase software from trusted, reputable sources Make backups of important files

"Current estimates show that currently between 20% and 30% of all e-mail traffic worldwide is generated by this worm," said the company.

The spread of the virus prompted an FBI investigation.

SCO has been involved in a legal row with the open-source community, after claiming versions of the Linux operating system used code it said it owned.

Mydoom does not take advantage of any flaws in Windows software. Instead, many of the e-mails look like they have been sent from organisations like charities or educational institutions, to fool recipients into opening it.

Anyone who has received the worm should avoid opening or double clicking the attachment. They should also ensure their anti-virus software is updated, so that if the attachment is opened by accident, the software will catch it.

If anti-virus software does not spot an infection once the attachment is launched, people should download the free tools available to deal with it.