The anti-virus community had around eight to 12 hours from around 1pm today to prepare for the suspected new worm, according to MessageLabs. The filtering company says the timeframe is based on the head-start its vigil over e-mail systems gives it over traditional anti-virus vendors.
The company said the attachment was sufficiently different from other mass mailing worms in circulation -- such as the MyDoom variants -- for it to class the threat as new.
MessageLabs spokesperson, David Banes, said its scanning engine had filtered around 800 e-mails bound for its clients which carried a suspicious 12-kilobyte pay load.
While the company is yet to carry out a detailed analysis of the code, there are indications its creators are seeding the e-mail in preparation for a denial of service attack.
The attachment contains a mail engine, a list of domain names associated with Undernet.org and some parts of the code suggest it may be designed to communicate with a chat room.
MessageLabs was unable to say whether the e-mail's activity was concentrated in any geographical region.
MessageLabs said the threat alarm policy of its scanning engine, Sceptic, was guided by a number of criteria, including detection frequency and the characteristics of the threat.
