Warning of gestating worm

A new mass-mailing worm is preparing to spread, according to monitoring firm MessageLabs

Email-filtering company MessageLabs has issued an early warning to antivirus vendors that a new mass-mailing worm may be on the march. The anti-virus community had about eight to 12 hours, starting from about 1 p.m. today (2 a.m. GMT) to prepare for the suspected new worm, according to MessageLabs. The filtering company says the timeframe is based on the head-start its vigil over email systems gives it in comparison to traditional antivirus vendors.

The company said the attachment was sufficiently different from other mass mailing worms in circulation -- such as the MyDoom variants -- for it to class the threat as new.

MessageLabs spokesperson, David Banes, said its scanning engine had filtered about 800 emails bound for its clients that carried a suspicious 12-kilobyte pay load.

While the company is yet to carry out a detailed analysis of the code, there are indications that its creators are seeding the email in preparation for a denial-of-service attack.

The attachment contains a mail engine, a list of domain names associated with Undernet.org and some parts of the code suggest it may be designed to communicate with a chat room.

MessageLabs was unable to say whether the email's activity was concentrated in any geographical region.

MessageLabs said the threat alarm policy of its scanning engine, Sceptic, was guided by a number of criteria, including detection frequency and the characteristics of the threat.