"Looking at the amount of e-mail traffic, Mydoom has passed the Sobig.F virus as being the largest outbreak ever," Mikko Hyppoenen, head of anti-virus research at the Finnish group F-Secure, told AFP on Wednesday. 

"Globally it has generated over 100 million infected e-mails," he added. 

The Sobig.F virus, which struck in August of 2003, infected millions of computers and caused over 300 million infected e-mails to be sent during its first week. 

Normally computer virus outbreaks wane after 24 hours, when most computer users have had a chance to update their anti-virus protection software. 

Rapid spread

On Wednesday morning, 36 hours after being first detected, the Mydoom outbreak showed no signs of abating however, instead continuing to spread rapidly throughout the world. 

Analysts said it was likely to surpass Sobig.F's 300 million mark in less than three days at the current pace. 

The Mydoom virus outbreak, also known as Novarg, erupted late on Monday European time, which was during normal office hours in North America. As a result, most of the infected computers and e-mail traffic are in Canada and the United States. 

In other parts of the world, computer technicians had time to update their companies' anti-virus software before employees came to work on Tuesday morning, which helped contain the outbreak, Hyppoenen pointed out. 

More efficient

More of the infected computers
are in Canada and the US

Following the record-breaking number of viruses in 2003, Internet service providers (ISP) and computer technicians have also become more efficient in their fight against the bugs. 

"Companies and ISPs are filtering their e-mail traffic quite aggressively for infected mails, and most of the end-users will not see the problem at all, but it is affecting network traffic," Hyppoenen noted. 

The New York-based security firm MessageLabs said it had intercepted some 1.8 million copies of the bug during the first 24 hours alone. 

The Mydoom virus was found in one of every 12 e-mails, while the Sobig.F was found in every 17, MessageLabs marketing chief Brian Czarny said. 

By early Wednesday it was believed that between 390,000 and 500,000 computers had been infected around the world, Hyppoenen said. 

Investigation

"MyDoom is unlike many other mass-mailing worms we have seen in the past, because it does not try to seduce users into opening the attachment by offering sexy pictures of celebrities or private messages"

Graham Cluley
Senior technology consultant

The US Federal Bureau of Investigation has launched an investigation into the bug, which is believed to be an attack on a large Utah-based vendor of the Unix operating system, SCO, as it is programmed to overload its website. 

"It is pretty obvious SCO is targeted in the attack, probably because some Linux users are angry over SCO trying to make Linux a closed system and make a profit from it," Hyppoenen noted. 

SCO has offered a $250,000 reward for information leading to the arrest and prosecution of Mydoom's creators. 

The other purpose of Mydoom is to relay spam, unsolicited e-mail advertisements, Hyppoenen noted. 

Part of Mydoom's "success" is that it - unlike many earlier bugs - poses as an error note with the main text message attached, prompting users to open the attachment to read it, thereby inadvertently launching the virus. 

"MyDoom is unlike many other mass-mailing worms we have seen in the past, because it does not try to seduce users into opening the attachment by offering sexy pictures of celebrities or private messages," said Graham Cluley, senior technology consultant for Sophos, a British security firm.