A new ultrafast Internet worm continued to spread Tuesday, inundating corporate and home computers with bogus e-mails and opening systems to hackers.

The worm, called MyDoom or Novarg, spreads through the Internet by e-mail and is moving from user to user at record levels, sending hundreds of e-mails a minute. Network security officials labeled it the fastest-spreading worm ever.

MessageLabs Inc., a New York-based e-mail security company, first intercepted Novarg on Monday morning. Within 24 hours, the company said, it had stopped more than 1.2 million copies of Novarg. After investigation, the company issued a warning saying the worm was found in one in 12 e-mails sent by the company's users.

"This thing is scary," Ron Newman, chief operating officer of Houston-based IT security company Secure Commerce Systems, said Tuesday. Secure Commerce contracts with state and city governments and large companies.

So far, Dallas-Fort Worth has had no serious outbreaks. IT security officials with the city of Arlington said they quickly detected the worm and were able to quarantine it.

Mary Gugliuzza, a spokeswoman for the city of Fort Worth, said the city had two incidents of external exposure, but network security isolated them. Brian Lucas, a network administrator with Texas Christian University, said TCU didn't see a large effect.

But Newman, who has been in IT security for about 15 years and is responsible for Secure Commerce's Dallas-Fort Worth offices, said he is worried, given what the worm has done so far.

"We had [recent worms] Blaster and So.Big, and when you look back, you'll see it took nearly a week before each reached peak activity," Newman said. "This one was within a few hours. It's an extreme volume in such a short amount of time."

Newman's assessment parallels those of other IT security professionals. The Blaster worm shut down the state of Maryland's Motor Vehicle Administration computer system for two days. The FBI investigated but has made no arrests.

Novarg, named after language involved in its code, is a bit different from Blaster. Blaster exploited a problem within the Microsoft Windows operating system that allowed it to spread by itself.

In contrast, Novarg is carried in e-mail. The body of the e-mail typically has an innocuous error message, such as "The message contains Unicode characters and has been sent as a binary attachment" or "Mail transaction failed. Partial message is available."

The message itself is benign; the ailment is carried in the attachment. Many office workers have been warned about blindly clicking on an attachment, but because the message seems harmless, they do so anyway.

When activated, Novarg searches through the computer's address books and sends itself to e-mail addresses it finds. If the computer has 1,000 e-mail addresses, 1,000 e-mails will be sent. The worm places the name of the infected computer's owner in the message header to further dupe unsuspecting recipients.

Mike Williams, a network administrator with the University of North Texas, said Tuesday that he figured something was wrong when he received an e-mail from himself.

"I'm sitting here working and I see an e-mail from me to me," he said. "And I'm sitting here thinking, I know I didn't send this. I look into it, and I see it came from a machine in the Geography Department. Then I knew something was up."

Williams said the university has about 10,000 computers on campus, with 30,000 to 50,000 e-mail users. The university's virus protection was able to stop any infections. But the worm still sent 1,400 e-mails in an hour.

"We're fine, but when a virus is found in an e-mail, it alerts the originator of the message," he said. "So the most we're getting is people wondering what's going on."

The worm is also set to attack a Utah-based software company's Web site and shut it down.

The company, the SCO Group, is involved in a intellectual property lawsuit with IBM and Novell. The company has a dispute over the Unix operating system, which it owns. SCO said Tuesday that it is offering $250,000 for information that leads to the arrest of the culprit. The company said it is working with agents from the Secret Service and the FBI.

Christopher Faulkner, chief executive of CI Host, a Web host and data center in Bedford, said that his company has seen up to 5,000 infected e-mails sent per minute. The company hosts about 205,000 Web sites, with about 10 million e-mail accounts.

Faulkner said that the high volume slows down e-mail servers. A lot of Internet service providers have spam filtering programs that examine every piece of e-mail sent; if those filters aren't shut off, he said, the mail servers may grind to a halt.

In order to keep traffic moving, Faulkner said, it would be best for ISPs to temporarily shut off spam filters and leave e-mail checks to the computer user's discretion.

Novarg does more than send itself in infected e-mail. It also installs a "back-door" program that can allow a hacker to gain access to a computer and either install more malicious software or use that machine to attack another computer.

Novarg even places a keystroke recorder on a user's PC that can store and transmit every keystroke -- from credit card numbers to passwords.

When Florida-based Symantec Corp., the leading expert on Internet security, first encountered the worm Monday evening, the company rated it level 3 out of 5 in severity. Tuesday, the company bumped the rating to level 4, the same level as Blaster and So.Big.

"We have never seen a level 5 rating," said Oliver Freidrichs, a Symantec senior manager. "Nothing precludes it. We have been lucky. We are hoping that we don't see a category 5 ever."

Don't catch the worm

Here are some basic tips for staying away from the latest computer worm, which replicates itself and travels through a network.

• Your office probably has network precautions, but home users are vulnerable. The best way to prevent MyDoom-Novarg from infecting your PC is to scrutinize all e-mail, examining particularly e-mail with attachments. Be sure you know the source of an attachment before opening it.

• If unsure of an attachment, don't open it. If possible, examine its filename extension. So far, the following extensions have been associated with the Novarg worm: .cmd, .pif, .scr, .exe and .bat.

• Vendors of anti-virus software frequently release virus updates. Home users need to stay up to date with any anti-virus software. Users can refer to the Symantec Corp.'s Web site for a list of active viruses and worms or for software that can remove the worm from an infected system. Although such removal software cannot detect bad e-mail or a virus, it is the best solution if an attack occurs.

-- Star-Telegram