Fastest-spreading email worm 'MyDoom' turns five

gallery

The Windows computer virus MyDoom first appeared on January 26th 2004, and very soon overtook a virus called SoBig as the fastest-spreading email worm ever.

Five years is a long time in the IT industry, and at the time botnets (a collection of software robots that ran autonomously and automatically) weren’t really understood.

MyDoom was one of the first fast-spreading email viruses that created what we understand now as botnets, a resource which criminals can use to send out lots of spam.

Paul Wood, senior analyst at MessageLabs, said that at first it was difficult to find out how many computers were infected, because the impact on email systems was very dramatic.

He said that the MyDoom virus, when it spread, spoofed the “from” address, and in those days people hadn’t configured their mail gateway in the same way that they have now.

“Your virus signatures identified an email that contained this malware, and would naturally send an email back to the recipient saying that they had just tried to send a virus," he said.

“That contributed to a huge volume of traffic because these spoofed email addresses would send it to people who hadn’t sent an email originally, who were now being sent a copy of a virus.”

The proportion of email traffic that contained malware before MyDoom was one in 130. As soon as the attack started this shot up to one in 12 at its peak.

Wood added: “The levels, even though they fluctuated, never really came to below one in 60 until early in 2006.”

Between 2004 and 2005 there was a botnet war between criminals who wanted to take a stake in the new found botnet market. As such, MyDoom tried to take out other viruses and claim the botnet crown.

“We are still intercepting variants of MyDoom even today, but in relatively low numbers now," added Wood. "That may be due to computers that have not been cleaned up, and may never be cleaned up because of what they are and where they are.”

Email to a friend

Print this page