The Darkest Malware to Exist: What Is MyDoom Virus and Can It Hurt Me?

An estimated 38 billion dollars. Or the damage caused by one computer virus, MyDoom. Considered the most notorious malicious type of software in history, MyDoom is a computer worm that affects Windows devices. It has infected millions of computers worldwide since 2004 and is still active. Want to learn more about the virus and how you can keep yourself safe? Read along to find out. 

What is the MyDoom virus?

MyDoom virus is the fastest-spreading email worm and the most damaging computer virus to this day. Also known as Novarg, W32.MyDoom@mm, Shimgapi, and Mimail.R. MyDoom was made to create zombies out of hundreds of thousands of computers. The code was:

1. Quick. No other worm had spread that fast. 
2. Effective. MyDoom infected more than 500,000 computers in just one week. 
3. Costly. Estimated damages are more than $38 billion.

How does MyDoom work? 

This tiny bit of code spreads from one computer to another via malicious email attachments. After a victim clicks on the attachment, MyDoom gets inside their operating system, scans the address book, and sends emails to all the contacts on the list. Those contacts then open the infected email from what seems like a trusted source and infect their own computers. And so it goes.  

That said, the MyDoom worm:

1. Infects. Clicking on the attachment lets the code access the Windows environment. 
2. Spreads. The code looks through contacts stored on the victim’s computer and spreads them as an email attachment. 
3. Launches. On a set date, the infected computers launch requests for either SCO Group’s (former American software company) or Microsoft’s website. 
4. Stays. The attackers leave a backdoor open, just in case they want to access the system again. MyDoom doesn’t expire or uninstall. 

But how did it manage to spread so fast? Let’s look at the facts one-by-one. 

The history of MyDoom virus

January 26th 2004. Tens of millions of commuters make their daily drive to offices. They sit down to open their emails — each person’s inbox is unique, but a few workers can’t help but spot one email amongst typical messages. That email’s message varies — for some it’s a failed delivery notification, for others it’s a simple “hey there!”. Wary of an unknown email address, most people think it’s spam. However, a few handful of people do open the email. And several actually click the attached link. That’s all it took to unleash MyDoom — the most expensive computer virus in history. 

MyDoom timeline  

Here’s how it went down from then on.

• January 26, 2004. MyDoom is spotted. By lunchtime in America, the virus has spread globally, with one in ten emails containing the virus. Global Internet speeds slow down by 10 percent.
• January 27. The FBI and Secret Service begin to investigate the origins of the worm. A $250,000 reward is offered for info leading to the arrest of MyDoom’s developer. 
• January 28. The second version of the worm, MyDoom.B, begins to spread. Half of all email traffic in the world contains the virus. The virus blocks access to over sixty Internet security companies. The financial impact climbs, both from lost revenue and increased technical assistance for users. 
• January 29. Microsoft raises a previous bounty and offers $500,000 for catching MyDoom’s creators. 
• February 1. A massive distributed denial-of-service (DDoS) attack against the SCO Group is launched. Over 1 million computers are unleashed in a botnet built by MyDoom. 
• February 3. A DDoS attack against Microsoft is launched, but unsuccessfully. 
• February 9, 2004. Doomjuice is unleashed — it spreads only to infected computers, using the backdoor created by MyDoom.B to gain access. A new DDoS attack against Microsoft is launched. The bounty skyrockets to $650,000.  
• February 12. The first version of MyDoom is programed to stop spreading. But the perpetrators continue to have access to over half a million computers. 
• March 1. MyDoom.B self-terminates. 
• July 26, 2004. Another MyDoom variant brings down search engines, like Google, AltaVista and Lycos. 
• Early 2005. MyDoom has been largely neutralized. 
• July 2009. MyDoom’s code targets government and financial networks in South Korea and the US. The overall impact was low. 
• 2009 — now. Traces of the virus continue to infect unwary Internet users around the world. 

Who stopped the MyDoom virus? 

Mydoom, or at least its B variant, was the architect of its downfall. MyDoom.B had bugs that didn’t let the code spread as quickly as the A version. So, when the DDoS attack against Microsoft was laucnhed on February 3, 2004, the botnet wasn’t large enough to take down their sites. 

Is MyDoom still active?

Yes. Although now well past its heyday, MyDoom is still in the picture with the same tactics. However, in 2019, the analysis by Unit 42 showed that it makes up just 1.1% of all email traffic worldwide. But for such an old virus, that’s actually impressive. The vast majority of IP addresses distributing the virus are in China, the US, and Great Britain. MyDoom distribution has its old phishing tactic — email subject lines lure the user into opening an attachment sent from a spoofed email address. 

How to tell if your computer is infected

Have a feeling that your device may be infected with MyDoom or other malware? MyDoom is a sophisticated worm, so it can be hard to notice any difference for non-experts. However, you should look out for the following signs — MyDoom or not, they indicate something is off with your computer.

• Much slower device performance 
• Lots of unexpected pop-ups 
• Problems shutting down and restarting your computer
• Frequent system crashes 
• Overworked hard drive (the fan seems to be whirring when you aren’t doing much)
• Lagging browser 
• Emails are being sent from your account
• Malfunctioning security software
• Opened TCP ports (3127-3198) — the virus needs an open port to create a backdoor and take control over the device
• A random .txt file appearance 

Unfortunately, no solution can keep you 100% safe from malware. Especially when you voluntarily click on a suspicious link. But there are some precautions you can take to reduce risks of getting your device infected. 

How to protect yourself against viruses and other malware

Maintaining digital hygiene may prevent you from falling victim to different types of malware. Follow these steps to minimize risks. 

• Pay attention to sender addresses. Worms like MyDoom rely on you to download the virus. If you get an email from people you don’t recognize, don’t click on the message at all.
• Don’t open suspicious attachments. Got a strange email message that contains an attachment? Think twice before clicking on it. 
• Update software on time. Get needed security updates and fixes for your computer as soon as they are available. Don’t stall. 
• Get antivirus software. Install reliable third-party software to improve your security and run regular computer scans to see if your device may be at risk. 
• Use an ad and malware blocker. We recommend using the NetGuard feature integrated in our own VeePN, a virtual private network (VPN) service. It’ll identify malware-ridden files and stop you from landing on malicious websites. A nice bonus is that VeePN NetGuard blocks trackers and intrusive ads on the spot. They will bother you no more. 

Bottom line

Although its glory days are over, MyDoom remains a serious threat. To recap: 

1. MyDoom is the fastest-spreading computer worm to date, first discovered in 2004. 
2. It targets Windows-based devices and replicates itself via email attachments.
3. The virus had infected over 50 million computers globally and caused an estimated $38 billion in damages. It even took down Google’s search engine for one day. 
4. The person behind MyDoom is still unknown to this day.
5. This malware is still infecting computers almost 20 years after it was discovered.

Even if you don’t have billions of dollars to lose, you still have to keep yourself protected when browsing online. In this case, consider getting a trustworthy VPN service. VeePN keeps you safe by hiding your IP address and encrypting your private information. And although virus protection isn’t on VPN’s job description, it does keep you safe against some types of attacks. 

Use a VPN to keep your data from being exposed to bad actors. The very same kind who might try to infect your device with malware.  

FAQ

What does MyDoom virus do?

This computer worm affects Windows devices. It spreads from one computer to another via malicious email attachments. After a victim clicks on the attachment, MyDoom penetrates the device, scans the address book, and sends emails to all the contacts on the list. Learn more in this article. 

Is the MyDoom virus still around?

Although well past its prime, MyDoom is still in the cyber landscape. 1.1% of global email traffic still contains the worm. Phishing tactics are usually used to spread MyDoom, with cybercriminals exploiting human weaknesses to fish out sensitive information.  

Was the creator of MyDoom ever found?

Some experts felt that MyDoom resembled other worms developed in Russia. However, no one knows exactly who created this code. It’s believed that MyDoom’s real purpose was to grant whoever unleashed it a backdoor access to Microsoft and SCO Group’s computers. 

Written by VeePN Research Lab VeePN Research Lab is dedicated to provide you latest posts about internet security and privacy.

Knowledge is power,
VeePN is freedom

Get VeePN Now