New Mydoom variants ag and ah spreading...

Only ah seems to be in the wild, ag however is using a zero day exploit...
Like other Mydoom variants, this virus harvests email addresses from the local system, creates addresses by combining common names carried within the virus body with harvested domain names, and spams those addresses with email messages. It also avoids addresses containing specific letters or words. Unlike earlier variants, the infectious messages do not contain an attachment, but rather a hyperlink directing people to an infected machine. Following the hyperlink results in an infection occurring on the target victim's system, if they are running a vulnerable Microsoft Internet Explorer web browser.
Through a buffer overflow, the virus downloads and executes the main virus component. This component injects itself into the EXPLORER.EXE process and creates six threads to carry out various tasks. Even if the main executable file is terminated and deleted, these threads in EXPLORER.EXE must be suspended/terminated in order for propagation to stop.