Dasher A and B exploit a vulnerability in the Distributed Transaction Coordinator in Windows 2000 and XP code that was patched in October.
Dasher A was detected on Thursday but failed to spread far because it was poorly written and hosted on a server in China, which is currently down. Dasher B has a functioning server and has proved more successful.
It is based partly on exploit code released onto the web earlier in the month and scans networks for unpatched systems via port 1025. Once it finds one it installs and scans the new network.
"This new worm aims to install software that tries to infect other vulnerable systems, and can be used to log keystrokes and turn the computer into a remotely controlled 'bot' system," said a spokesman from Internet Security Systems.
"By opening suspicious emails and attachments, users install the dangerous spyware on their computers where it can cause considerable damage."
The worm is spreading relatively slowly but companies are being warned to watch for traffic spikes in port 1025, patch all systems as soon as possible and update antivirus protection.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago