The supposedly new version of Mydoom that is being discussed today is not new at all. We have been detecting it since July 26, 2004.

We detect the email worm some av vendors are calling version Mydoom.bb as Email-worm.Win32.Mydoom.m. The so-called new version is the same worm only only packed with a different packer - this time it was MEW, whereas in the summer it was UPX.

We've intercepted a few samples of a new Mydoom variant this morning.

Infected messages contain the texts "Mery Chrismas & Happy New Year! 2005 will be the beginning!" and "Happy New year and wish you good luck on next year!". So far it doesn't seem to be an outbreak, but we are monitoring it closely.

Detection has been made available with the latest antivirus database update as "Email-Worm.Win32.Mydoom.ad".

A new Bofra variant has been reported. We already detect it generically as "I-Worm.Bofra.gen". The new variant has a distribution node located at the following URL:

http://kjh0.narod.ru/

Just like we did with previous Bofra variants, we are talking to narod.ru adminstrators to take the site offline ASAP.

I-Worm.Mydoom.ad, which we detected yesterday, and its modification Mydoom.ae, which we detected today, have both been renamed in our antivirus databases as I-Worm.Bofra.a and .b.

These worms used the source code of Mydoom, but most virus analysts agree that they are actually a new family. And we agree with this opinion.