It's a few days old but see no mention of this here yet..

"New Worm May Pose as MessageLabs Advisory in Attempt to Spread"

MessageLabs, the world’s largest provider of managed email security services, is today warning computer users against a new worm known as W32/Nodoom.A. As yet, no copies of the worm have been intercepted from the wild. MessageLabs is issuing this advisory due to the fact that the worm refers to a non-existent advisory issued by MessageLabs.


The worm contains its own SMTP engine in order to send itself to addresses harvested from infected machines. In order to find target email addresses, W32/Nodoom.A searches files with the following extensions:


The worm has been programmed to execute during January and February 2004.

W32/Nodoom.A also spoofs the sender field of the email making it difficult to ascertain where the infected file has been sent from.

Email Characteristics

From: Spoofed

Subject: Various.. (etc)
read more about it here

W32.Nodoom.A@mm is a mass-mailing worm that uses its own SMTP engine to send itself to all the email addresses it finds in the files with the extensions .dbx, .eml, .htm, .html, .mbx, .mmf, .nch, .ocs, .tbb, or .txt. The "From" address of the email is spoofed.

This threat is compressed with FSG.

Also Known As: Win32.Nodoom.A[CA], W32/Nodoom.a@MM [McAfee], WORM_NODOOM.A [Trend Micro]

Infection Length: 5,568
mydoom.. Nodoom, what's next.. OURdoom ?