The malicious e-mail worm, Mydoom, is still burrowing through global e-mail networks, but will plateau in the next two days, said security experts.
Carried in an e-mail attachment, it sends itself out to other e-mail addresses if opened, and may allow unauthorised access to computers.
Experts said it was designed to cripple software firm SCO's website, by flooding it with data on 1 February.
SCO said it was offering a $250,000 reward to find who was responsible.
The US company has been involved in a legal row with the open-source community, after claiming versions of the Linux operating system used code it said it owned.
'Spill the beans'
"Although Mydoom's author may be sympathetic to the open source community's case, and this may have been the reason they targeted SCO, responsible members of the community would never condone such illegal activity," said Graham Cluley, senior technology consultant for Sophos.
MYDOOM DETAILS
"It is hoped that this reward may tempt the computer underground into 'spilling the beans' about who might be responsible for this latest attack on all users of the internet."
Mydoom, which only affects computers using Microsoft Windows, also spreads through file-sharing networks, like Kazaa, and installs a "back door" onto machines if launched.
This is a bit of software which allows a computer to be remotely controlled. It listens to commands sent over the net and acts on them.
An infected computer could allow attackers to get unauthorised access to a user's machine and use it to bring down SCO's website, according to security experts.
"It is impossible to say how many systems have been infected, but if we have seen 1.9 million copies, then that is some indication," said Natasha Staley, information security analyst at MessageLabs told BBC News Online.
"It will be a virus that is around for some time and damage will continue to be caused."
Home computer users are likely to be affected more by the worm because they might not have the most up-to-date anti-virus software if they have not logged on for a few days, she added.
Bigger than Sobig
The worm, also known as Novarg, is bigger and faster than last year's Blaster and Sobig ones, and has clogged networks globally since Monday.
Sobig, at its peak, infected one in every 17 e-mails, causing severe problems for many networks.
But Mydoom has surpassed this, infecting one in every 12 e-mails at its peak, said MessageLabs.
PROTECT YOURSELF FROM VIRUSES
Some reports have said one in every nine e-mails sent globally carried the virus at one point.
A FBI spokesperson said it was "actively investigating" the Mydoom worm to find out where it originated.
"We have not done a full assessment, but it's serious enough to warrant the FBI to look into this," he said.
The first copies to be intercepted by MessageLabs came from Russia, but Ms Staley said it was extremely difficult to ascertain its origin.
Last year, the FBI arrested at least two people believed to be behind versions of the Blaster virus that created havoc on the net.
^ Back to top | BBC Sport Home | BBC Homepage | Contact us | Help | ©