Slowly but surely the Mydoom virus is dying out.
Microsoft dodged Mydoom
Figures from mail filtering firm MessageLabs show that the number of copies of the virus being caught everyday are swiftly diminishing.
The peak day of infection was 28 January when 4.5m copies of the malicious program were caught.
But only 300,000 copies of the virus were caught on 3 February as people clean up compromised machines and stop them spewing out infected messages.
Despite the slowdown Mydoom has already become the fastest spreading virus ever and looks set to challenge the Sobig.F program for the most active virus of all time.
Mydoom first emerged on 26 January and since then has infected machines in 214 countries according to MessageLabs. So far the firm has caught more 21m copies of Mydoom.
MYDOOM COPIES CAUGHT
27 January - 4.2m
28 January - 4.5m
29 January - 3.7m
30 January - 3.6m
31 January - 1.5m (Saturday)
1 February - 980,000 (Sunday)
2 February - 1.1m
3 February - 300,000
But the numbers it is catching every day are diminishing suggesting that the virus is now under control and home users and companies are bringing infected machines under control.
The virus did not rely on technical tricks to spread so far and wide, instead it played on the gullibility of users to open the e-mail message bearing it and click on the infected attachment.
Some versions of the virus posed as technical messages that claimed to contain the text of undelivered e-mail messages.
What also helped it spread was its avoidance of e-mail addresses associated with anti-virus and security companies. As a result some anti-virus firms took far longer to react to the outbreak than usual.
As well as generating huge amounts of e-mail the virus also used infected machines to launch so-called denial of service attacks on websites.
From: random e-mail address
To: address of the recipient
Subject: random words
Message body: several different mail error messages, such as: Mail transaction failed. Partial message is available
Attachment (with a textfile icon): random name ending with ZIP, BAT, CMD, EXE, PIF or SCR extension
When a user clicks on the attachment, the worm will start Notepad, filled with random characters
The original or "A" variant of the virus targeted software firm SCO and made the sco.com web address unusable. That attack is due to end on 12 February.
A "B" variant of the virus targeted Microsoft but there were so few copies of this novel version in circulation that the attack caused the software giant no problems.
MessageLabs has reportedly only stopped 100 copies of the Mydoom.B virus.
Despite this Microsoft did take some precautions and changed a key parameter of its web address that would help it if the site had to be moved quickly.
Net monitoring firm Keynote said there was a slight wobble on the Microsoft site in the early morning but said this was unlikely to be due to the attentions of Mydoom.B.
Keynote said the slight change in response times could have been due to lots of people visiting the Microsoft.com site for information about the virus.