If we are connected to the Internet, we are exposed. Computer security threats have only grown in recent years. Every day, according to the AV-TEST instituteAre registered over 450,000 new malware and crapware samples (potentially unwanted software). Viruses, worms, Trojan horses, spyware, ransomware; In the network there are dangers of all types and colors, and we are witnesses (or victims) of these.
But before FluBot became famous for “the FedEx SMS scam”, before a 17-year-old boy headed the Lapsus$ ransomware gang that targeted big companies like Microsoft, Samsung or Nvidia, and even before phishing was used as a military tool, there was the mydoom worm. We are talking about the fastest and most damaging worm in history, a headache that has yet to be matched.
The worm that was a nightmare 18 years ago
In January 2004, when many of us were using Windows XP computers and browsing at speeds between 256 and 1,024 Kbps, some users began receiving emails with the subject line “Message could not be delivered” and an attachment “Message.zip” (the subject and attachment could also have other names). Since the message seemed harmless, many people would have it without caution.
Some might imagine that it was a warning from a legitimate email that had bounced. And, if we focus on work environments, for example, nobody wants to be reprimanded for a message that should have come out and didn’t, right? What those who entered this email did not know is that they were close to falling into a trap, in other words, that their computer was going to be infected.
According to the Cybersecurity and Infrastructure Security Agency (CISA, for its acronym in English), Mydoom was able to infect any computer with Windows 95 or higher operating system. When opening the attachment malicious code was executed which was responsible for sending the malware to other email addresses, laying the groundwork for denial of service attacks and camouflaging itself so as not to be detected.
A series of tasks whose effectiveness and complexity had little chance of comparison. From a technical point of view, Mydoom placed a copy of itself in C:\Windows\ and modified the system registry to go unnoticed and persist even after a reboot. Also open two backdoor (backdoors) on TCP ports 3127 to 3198, allowing remote access to infected computers.
This malware had the ability to search the computer for email addresses to be sent from compromised systems and thus reach a higher level of infection. In addition, a variant could spread through Kazaa, a popular P2P file-sharing application (usually music, images, and videos) at the time, and blocked access to hundreds of antivirus websites.
A thorough analysis of the code by cybersecurity researchers revealed that MyDoom was programmed to start a Denial of Service (DDoS) attack against the company SCO Group on February 1, 2004. A variant of the malware also included a DDoS attack against Microsoft for February 3, 2004. This raised alarm bells and prompted an investigation by the FBI.
Before potential DDoS attacks, according to SCO Group offered a $250,000 reward for “information leading to the arrest and conviction of those responsible for this crime.” Microsoft took a similar stance, also offering $250,000. MyDoom’s programmer did not finally show up, nor did accurate data that could generate a solid hypothesis, and the days of attacks finally arrived.
MyDoom fulfilled its first objective: taking the SCO Group page out of service.
On February 1, the DDoS attack against SCO Group begins and the company’s home page quickly goes down. As CNET accountthis forces an alternative page to be put online, www.thescogroup.com. “This large-scale attack, caused by the MyDoom computer virus, is estimated to have infected hundreds of thousands of computers worldwide,” Jeff Carlon, chief technology officer of SCO Group, said at the time.
Microsoft, for its part, resists the February 3 attack, according to Computer World. Apparently, the muscle of the Redmond company along with a planned advance preparation prevented MyDoom from achieving its second objective. The company noted on its website that it was doing its best to stay online.
According to the BlackBerry Cylance threat research team, it is the fastest spreading worm that ever lived. Also, at its peak, it generated between 16 and 25% of all emails sent worldwide. This caused a global slowdown in Internet performance that affected the productivity of millions of people and lost millions of dollars.
Webfx analysis points out that the costs derived from antivirus protection, removal of the threat, lost time, among other factors caused by MyDoom translated into losses of 38 billion dollars in 2004, an amount that adjusted for inflation reaches the 59 billion dollars today. MyDoom was a nightmare, and although it continues to circulate on the net, its fame has made all known and up-to-date antiviruses capable of detecting it.
Images | Christiaan Colen (Flikr) | BlackBerry Cylance
![[Img #74806]](https://thelatestnews.world/wp-content/uploads/2025/01/Intergalactic-carbon-in-our-bodies-300x200.jpg)
Add Comment