A new worm has been detected which exploits the backdoor left from the Mydoom virus(es).

Connects to TCP port 3127, which is opened by the backdoor component of W32.Mydoom.A@mm, to receive commands. If the worm gets the command, it sends a copy of itself to the remote machine. The backdoor component of W32.Mydoom.A@mm will accept the file and executes it.

Launches a DoS attack against www.microsoft.com by sending HTTP Get requests.
More information can be found here.

Here is another worm exploiting the backdoor left by Mydoom.

Scans the network, looking for systems infected with Mydoom. This worm attempts to connect to sequential IP addresses on ports 3127, 3128, and 1080, starting with a random IP address. When a connection is established, W32.HLLW.Deadhat sends a copy of itself to the Mydoom server, in effect replacing Mydoom on the remote machine.
More info on W32.HLLW.Deadhat

Cheers: