MyDoom – Still active 15 years later

MyDoom, said to be the world’s most destructive email worm is still active 15 years after being unleashed and is believed to have caused over $38 billion worth of damage, according to ZDNet.


Researchers at Palo Alto Networks’ Unit 42 observed 663,000 emails carrying MyDoom last year, making up one percent of all malware-laden emails.

MyDoom first emerged in 2004 and is still regarded as one of the fastest spreading and most destructive computer viruses of all time – at one point, the worm generated up to a quarter of all emails being sent worldwide.

It spread by scraping email addresses from infected Windows computers and spread to victim’s contacts by sending a new version of itself as a malicious attachment in phishing emails. If the attachment was opened, the process would repeat and MyDoom spread to more victims, roping them into a botnet that could perform Distributed Denial of Service (DDoS) attacks.

Alex Hinchliffe, a threat intelligence analyst at Unit 42, told ZDNet that the malware uses a worm-like propagation technique, but it relies on human interaction in order to keep spreading.

“The main reason for the high and consistent volume of MyDoom malware is that once infected, MyDoom will work aggressively to find other email addresses on the victim's system to send itself on to,” Hinchliffe said. “This worm behavior means, for the most part, the malware is self-sufficient and could continue to do this forever, so long as people open the email attachments.”

Hinchliffe added that vigilance is the key to preventing these types of malware from succeeding. Ongoing security awareness training can help your employees identify and avoid malicious emails and attachments.

The full ZDNet story can be found here:

Recent posts