The security firm F-Secure said the new worm, dubbed Doomjuice or Mydoom.C, spreads between computers that are already infected with the original Mydoom.A worm.
The original Mydoom worm had infected more than one million computers worldwide at its peak in late January and highlighted the vulnerability of the internet to infections that allow affected computers to be controlled for hacker attacks.
Doomjuice uses the so-called "backdoor" program installed by Mydoom.A that allows a hacker to gain access to an infected computer, F-Secure said.
"To locate machines with the backdoor open, Doomjuice scans random IP (Internet Protocol) addresses... If the port is open the worm sends itself in a specially crafted package that makes the Mydoom.A infected machine execute the file thus infecting it with Doomjuice too."
Doomjuice triggers a so-called denial of service (DDoS) attack against www.microsoft.com by trying to overload the site with information requests.
"In order to overload www.microsoft.com the worm starts 16-80 parallel threads that connect to the website and try to download the main page in an infinite loop," F-Secure said.
Mydoom.B, the second version of the worm, also launched an attack on Microsoft, but failed to shut down the website. Mydoom.A shut down the site of SCO, owner of the Unix operating system.
The British-based security firm mi2g said that Microsoft's website "has been intermittently inaccessible on a few occasions from major North American, European and Asian cities on Saturday and Sunday as MyDoom continued to spread relentlessly and MyDoom.b upgraded MyDoom.a infected machines."
"MyDoom is still out there and spreading," said mi2g's DK Matai.
"It has picked up momentum in the last 48 hours once again. This is a dangerous global epidemic. There are over a million computers still infected that have their backdoors open and they are being upgraded to MyDoom.b which targets Microsoft."