CA: MyDoom.o surge on the way

Computer Associates says it expects another spike in MyDoom.o worm activity at around 10pm PST, just as Europe starts opening for business.

CA senior virus researcher, Jakub Kaminski, said system administrators needed to ensure their virus software is up to date in preparation for the surge.

Computer Associates says the worm was present in 400 of around 1,000 suspected virus samples submitted to its Richmond, Melbourne, computer security lab since midnight.

According to Kaminski, like the new variant of Bagle -- Bagle.AE -- which appeared and began spreading rapidly late last week, MyDoom.o transports as an e-mail attachment and requires user intervention to continue spreading.

Unlike Bagle.AE, security researchers have managed to come up with some theories behind MyDoom.o's apparent success.

According to Kaminski, while previous MyDoom variants generally relied on Window's e-mail address book, MyDoom.o has the capacity to generate valid e-mail addresses by querying directory services provided by Alta Vista, Lycos and Google search engines.

Kaminski also pointed out that the worm is using spoofed e-mail addresses to disguise its origin each time its spreads from a host computer it has infected. That makes it harder for system administrators to spot and isolate infected machines.

CA said that worm writers need to act more quickly to update their anti-virus software.