Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Dangerous Mydoom Variant Appears: Page 2 of 3

The worm modifies the host file on the compromised system so that 65 Web sites resolve to the IP address of 0.0.0.0, making them inaccessible.

The list of affected sites include major names in the anti-virus and security trade, including Symantec, McAfee, F-Secure, Sophos, Network Associates, and Kaspersky Labs. Microsoft's Office Update and Windows Update, as well as other Microsoft download locations, are also on the list.

That makes it much more dangerous than its predecessor, said Ken Dunham, the malicious code director for security firm iDefense.

"This new variant is worse than Mydoom.a," he said, because the lack of access to security and anti-virus sites will make it impossible for many users, particularly consumers, to obtain updates to protect or clean their systems. "This will result in a longer lifespan for Mydoom.b," he said.

Dunham, along with other security experts, suspect that Mydoom.b is being launched from computers already infected with the original Mydoom.a. "If this is the case," said Dunham, "Mydoom.b will likely become very prevalent in just a few hours."