Bounty on creators of e-mail worm

Mydoom has been bigger and faster than Sobig

The malicious e-mail worm, Mydoom, is still burrowing through global e-mail networks, but will plateau in the next two days, said security experts.

Carried in an e-mail attachment, it sends itself out to other e-mail addresses if opened, and may allow unauthorised access to computers.

Experts said it was designed to cripple software firm SCO's website, by flooding it with data on 1 February.

SCO said it was offering a $250,000 reward to find who was responsible.

The US company has been involved in a legal row with the open-source community, after claiming versions of the Linux operating system used code it said it owned.

'Spill the beans'

"Although Mydoom's author may be sympathetic to the open source community's case, and this may have been the reason they targeted SCO, responsible members of the community would never condone such illegal activity," said Graham Cluley, senior technology consultant for Sophos.

MYDOOM DETAILS From: random e-mail address To: address of the recipient Subject: random words Message body: several different mail error messages, such as: Mail transaction failed. Partial message is available Attachment (with a textfile icon): random name ending with ZIP, BAT, CMD, EXE, PIF or SCR extension When a user clicks on the attachment, the worm will start Notepad, filled with random characters

"It is hoped that this reward may tempt the computer underground into 'spilling the beans' about who might be responsible for this latest attack on all users of the internet."

Mydoom, which only affects computers using Microsoft Windows, also spreads through file-sharing networks, like Kazaa, and installs a "back door" onto machines if launched.

This is a bit of software which allows a computer to be remotely controlled. It listens to commands sent over the net and acts on them.

An infected computer could allow attackers to get unauthorised access to a user's machine and use it to bring down SCO's website, according to security experts.

"It is impossible to say how many systems have been infected, but if we have seen 1.9 million copies, then that is some indication," said Natasha Staley, information security analyst at MessageLabs told BBC News Online.

"It will be a virus that is around for some time and damage will continue to be caused."

Home computer users are likely to be affected more by the worm because they might not have the most up-to-date anti-virus software if they have not logged on for a few days, she added.

Bigger than Sobig

The worm, also known as Novarg, is bigger and faster than last year's Blaster and Sobig ones, and has clogged networks globally since Monday.

Sobig, at its peak, infected one in every 17 e-mails, causing severe problems for many networks.

But Mydoom has surpassed this, infecting one in every 12 e-mails at its peak, said MessageLabs.

PROTECT YOURSELF FROM VIRUSES Install an anti-virus program. Keep it up to date Get the latest patches and updates for your operating system Never automatically open e-mail attachments Download or purchase software from trusted, reputable sources Make backups of important files

Some reports have said one in every nine e-mails sent globally carried the virus at one point.

A FBI spokesperson said it was "actively investigating" the Mydoom worm to find out where it originated.

"We have not done a full assessment, but it's serious enough to warrant the FBI to look into this," he said.

The first copies to be intercepted by MessageLabs came from Russia, but Ms Staley said it was extremely difficult to ascertain its origin.

Last year, the FBI arrested at least two people believed to be behind versions of the Blaster virus that created havoc on the net.