Ok, so far I've seen 3 types, one with a link & .eml attachment, link & no attach, and one from a paypal spoofed address w/ link. The paypal one is extremely convincing. The subject line is like, "Payment received!" or whatever. I got really worried and checked my bank balance on the spot before before even thinking it was another mydoom variant... It's a safe bet people are going to click that link inside. I checked my balance before opening the email, but the untrained eye won't be able to tell that paypal wouldn't link you to an IP inside their email.

Tiger- Every email I've seen has linked to the same IP. You can block all access to that IP, prolly not a bad idea.

IP is 10.55.3.245 on varying ports. Also, the emails all seem to have some sort of antivirus label in their source, (X-AntiVirus: Checked for viruses by Gordano's AntiVirus Software) and similar. I've never heard of them, so you could probably filter by them until you have something stronger to key on.