"Systems infected with Mydoom are wide open to every kind of attack," said Chien. "All it takes is a medium level of technical proficiency on the part of a hacker," he added, once scanning has identified a machine infected with the worm.
Attackers could upload key-logging software -- used by identify thieves to uncover passwords and usernames, credit card information, e-mail account info, and other data typed on the system -- install Trojan horses to turn the PC into a spamming proxy, or upload pirated application and multimedia files to use the unsuspecting system as an illegal file server.
"There's no question that hackers are scanning for and connecting to and utilizing this back door," said Chien.
To compound the problem, Mydoom.b, a copycat worm unleashed Wednesday, also scans for the original worm's open ports, said Chien, and when it finds an infected system, "copies itself over the original to 'upgrade' that machine." Fortunately, Mydoom.b seems to be spreading very slowly. Chien attributed that partly to luck -- the original may have been seeded to a small number of computers with particularly large e-mail address files -- and partly to the defenses that users have thrown up against Mydoom before Mydoom.b appeared.
The only silver lining in the potential assault by this army of hackers, and it may be only temporary, said Chien, is that automated tools for accessing this back door are not yet widespread on the Web.