"This is the fastest spreading worm in Internet history. It’s apparent to us that even with the broad media and industry attention, emails users will continue to fall victim to the worm," said Scott Chasin, chief technology officer, MX Logic. "At this point, we still have not seen the peak of the worm’s infection. It will be interesting to see what happens over the next few days, especially after the first of February when the worm is expected to execute its denial-of-service payload."

Also called "Novarg" or "WORM_MIMAIL.R," the MyDoom worm arrives in an email as a .zip file attachment, which enables it to bypass traditional gateway filters, and is typically named, for example, "document.zip," "message.zip," or "readme.zip." It can have various extensions, including ".exe.," "pif," ".command," or ".scr" attachment. Many times, the email will appear to be an error report stating that the message body can’t be displayed and has instead been attached in a file.

When the included attachment is opened, the computer immediately plants a "backdoor" program that lets the worm author send commands to the infected machine, possibly instructing the worm to distribute spam or enable IP spoofing capabilities. MyDoom propagates by harvesting victim email addresses from ten different file types. Additionally, the worm is set to initiate a denial-of-service attack against the domain sco.com Feb. 1, 2004, through Feb. 12, 2004.