"Leading antivirus software companies issued alerts for MyDoom.O, which was first detected Monday and arrives in e-mail message attachments that, when open, install the virus and open a back door that remote attackers can use to access infected machines. While similar to other versions of MyDoom, the O-variant is testing a new approach: using major search engines to harvest e-mail addresses on Web domains that it discovers, slowing those sites, according to Johannes Ullrich, chief technology officer at The SANS Institute's Internet Storm Center.
"The standard scheme is for viruses to look (for e-mail addresses) in the Web cache," he said, referring to the store of previously visited Web pages stored on computer hard drives. But if MyDoom.O finds an e-mail address, in addition to sending a copy of itself to the address, it also does a Web search on the Web domain and uses the search results to discover more addresses in that domain, according to Ullrich."
Read more here
http://maccentral.macworld.com/news/2004/07/27/mydoom/
