A number of parasite Doom variants have been found in the wild, according to an alert sent out by iDefense Inc. this morning and by looking at the various descriptions of reports being posted by the anti-virus companies. Known as Mydoom.C, SyncZ, Doom.C, DoomJuince, Vesser and DeadHat, the malicious code ( or codes ) appears to be scanning the Internet for systems already infected by the original Mydoom.A worm, with Vesser and DeadHat also scanning the P2P networks. When finding a vulnerable machine, it uploads itself via TCP Port 3127, and creates a copy of itself in the Windows System directory as well as several other files in various Windows directories. This virus, like the Mydoom.B version before it, attempts to find so-called zombie computers to launch a denial-of-service (DoS) attack on Microsoft's Web site. However, it does not appear to seek to e-mail itself to other systems.

http://www.securitynewsportal.com/index.shtml