The first version of MyDoom was called MyDoom.A, followed by MyDoom.B, which additionally modified the host file of an infected computer to prevent the use of antimalware software. However, MyDoom.B did not spread as fast as the previous variant. When it launched a DDoS attack against Microsoft in 2004, the botnet was not big enough to take down the site.A bunch of other MyDoom variants – C, F, G/H, U, V, W, X – were spotted in the wild later, but none achieved the notoriety of the A variant.
When was MyDoom popular?
MyDoom was first spotted on January 26, 2004, when internet users around the world started to get emails with suspicious attachments. Most people in those days didn’t have a clue about phishing emails, social engineering, or hacking attacks. No wonder many of them clicked on a link and helped spread MyDoom like wildfire.The malicious email contained the message “I'm just doing my job, nothing personal, sorry.” The spread of MyDoom was so fast that slowed the global internet by ten percent on the day of its launch. One in ten email messages in the world at the time of the attack was associated with this notorious worm. On January 28, MyDoom reached its peak and then started to slowly decline. However, the virus was slowed down not by cybersecurity experts but by its developers, as variant B had bugs.
The biggest attack
On January 26, MyDoom took down Google, preventing people from using Google Search. Another popular search engine, Yahoo, was slowed down but managed to keep operating.MyDoom also blocked access to websites of over 60 security companies, so users couldn’t download antivirus software to clean their computers. Tech industry leaders like Microsoft offered a $250,000 bounty to anyone who could track down the attackers. However, the culprits were never found. Estimates say that MyDoom caused $38 billion in damages, making it one of the worst viruses ever. Security researchers believe MyDoom has infected around 50 million computers worldwide.
Is MyDoom still active?
While more than 18 years have passed since the launch of MyDoom, the worm is still active and running. However, it is contained in just over 1% of malicious emails worldwide, mostly those sent by spammers originating from China and the US.MyDoom hasn’t changed its tactics throughout the years: once the worm infects a computer, it starts searching for other email addresses through which to distribute itself.
How to tell if a device is infected with MyDoom
If you have a feeling that your computer may be infected with MyDoom or any other type of malware, pay attention to its performance. However, MyDoom is considered to be a sophisticated worm, so it can be hard to notice any difference for non-professionals. Here’s what you need to look for:
- Your computer has become slower than usual.
- Unexpected pop-ups appear.
- The computer fan is constantly running.
- The default homepage changes.
- You notice toolbars in your browser you don’t remember adding.
- Mass emails are being sent from your account.
- Your security software is disabled for no reason.
More attentive readers can also check for specific signs attributed to MyDoom:
TCP ports are opened. MyDoom.An opened ports in the range of 3127-3198. Other variants opened ports such as 80, 139, 445, 1080, 8080, and 10080. The virus needs an open port to establish a backdoor and take control over the infected computer.
A random .txt file appears. Some variants of MyDoom create a .txt file containing random data.
The host file is overwritten. MyDoom can overwrite the host file, so you can’t use your antivirus software.
No comments:
Post a Comment