- http://isc.sans.org/...date=2004-07-26
Updated July 26th 2004 19:30 UTC
"...The latest version of MyDoom, which started arriving in peoples mail boxes in force today, uses search eninges to find more recipients for its message. Once the virus is started, it searched the users files for domain names. Once it spotted a domain name (e.g. '@example.com', or in 'www.example.com'), it will search various search engines for valid e-mail addresses within these domains. These search engines include Lycos, Google, Altavista, Yahoo and possibly others...Google and Lycos appear to have problems responding to queries as a result...Antivirus vendors are currently publishing updated signature files. Please update ASAP. Infected machines can be identified by looking for excessive traffic to search engines and smtp traffic. The virus is UPX packed..."
(...and is responsible for jamming much of the web today)

--------------------------------
EDIT/ADD:
Symantec has developed a removal tool - updated to cover W32.Mydoom.M@mm
- http://securityrespo...moval.tool.html
Last Updated on: July 26, 2004 02:36:26 PM PDT
Edited by apluswebmaster, 26 July 2004 - 04:47 PM.