The latest variant of Mydoom is taking the virus' anti-Microsoft approach to greater depths by destroying Word and Excel documents that it finds on an infected computer.
MyDoom.F is continuing to spread, anti-virus companies are warning, but this variant not only aims denial-of-service attacks at Microsoft (and the RIAA), it also deletes .doc, .xls and .jpg files on the host computer.
While Mydoom.F is not as widespread as previous variants, it is more destructive to users, warns Mikko Hyppönen, director of antivirus research at security firm F-Secure. "Mydoom.F gradually goes through your system, again and again, deleting files," Hyppönen said.
Computer users are advised to update their anti-virus software again - as soon as possible - to limit possible damage. Mydoom.F is just the latest threat spawned from the original Mydoom.A virus that began circulating last month.
F is thought to have been created by people that picked and altered the virus' code once it had been posted on the Internet. The Mydoom.B variant was designed to drop the source code, Hyppönen explained, presumably so it would be more difficult to track Mydoom code's authors.
"The original Mydoom is the work of spammers and these spammers have nothing to gain from deleting files," Hyppönen said. "They want to lay low and have computers work."
Meanwhile, another worm is doing the rounds on instant messaging software ICQ, reports Stacy Cowley.
Bizex targets ICQ users with invitations to visit a site which, when visited, installs malicious code on the user's computer. Anti-virus company Kaspersky Labs has already called it an "epidemic" and estimated that 50,000 across the world are already infected.
Symantec is less concerned, giving the threat level as low, but with the worm only just having appeared it is difficult to know, at the moment, what the true picture is.
The Bizex worm sends a message directing recipients to a website called Jokeworld. Once the site is loaded, it begins infecting the target computer, accessing the recipient's ICQ list to send copies of itself to other users and scanning the infected computer for information on installed payment systems, including those for Wells Fargo and American Express.
Kaspersky Labs said the worm seems an attempt to make money by stealing financial information. But the attempt appears to have been short-lived. The security company said the Jokeworld Web site closed down just four hours after the worm made its debut.
Of course, if only you could stop people clicking on suspicious links in the first place...