Systems infected with MyDoom.A over the past month are being hit by new malware via the backdoor, as the worm delivers its second payload.

The new code, named Doomjuice, instructs infected machines to launch a distributed denial of service attack (DDoS) against Microsoft.

The move is an attempt to harness infected systems with compatible code, and suggests that it comes from the same authors.

"This proves to us that this and Mydoom.A are written by the same people," said Mikko Hypponen, director of antivirus research at F-Secure.

"The source code of MyDoom.A has not been seen circulating in the underground before."

MyDoom.A began scanning random IP addresses looking for infected machines on 9 February. Once the worm finds one it accesses via port 3127 and writes itself onto the Windows System Directory as 'intrenat.exe'.

In addition to the DDoS attack Doomjuice finds the source code for MyDoom.A and archives it within infected systems.

Antivirus firms are monitoring the spread of Doomjuice and are advising customers to update virus signatures and run system scans.