MyDoom Turns 1, Impact Grows - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

03:34 PM

MyDoom Turns 1, Impact Grows

One year after the debut of the MyDoom worm, security experts are characterizing it as the first worm to demonstrate the staying power and technical know-how of hackers.

One year after the debut of the MyDoom -- one of 2004's nastiest pieces of malicious code -- security experts on Friday reviewed its impact and pegged the worm as a major milestone in malicious code.

"We'll look back ten years from now and see MyDoom as a turning point," said Scott Chasin, the chief technology officer for e-mail security vendor MX Logic.

The first MyDoom -- there have been over 30 variants appear in the last 12 months -- hit the Web Jan. 26, 2004, with results ranging from an across-the-Internet slowdown to taking the SCO Group's Web site offline for more than a month. Along the way, both Microsoft and SCO posted $250,000 bounties on the MyDoom author(s). Neither reward has been collected.

The most recent version of the worm, dubbed, appeared only a week ago.

"MyDoom represents the milestone in the motivation behind why worms are released," said Chasin. "It was the signal of the commercialization of e-mail worms."

Jimmie Kuo, a research fellow with McAfee's AVERT group, seconded that motion. "MyDoom really kicked off the 'viruses for profit' notion," he said. "It was the start of the trend in 2004 of viruses moving from annoyances to profit makers."

Before MyDoom's debut, both said, the typical motivation for a virus writer was to get 15 minutes of infamy. MyDoom, however, put the dollars into malware, since even from the beginning it included a backdoor component that allowed the sender to later access the PC. These backdoors are crucial to the creation of networks of compromised machines that are then rented out or sold to spammers or other criminals (such as cyber-extortionists that threaten a denial-of-service attack on a company's Web site if payment's not made).

Both experts also pointed to MyDoom as the first instance of a worm to demonstrate the staying power and technical know-how of hackers.

"[MyDoom has] proven that there is an underground open-source community of worm writers who are sharing source code and virus-writing techniques not only with each other, but now also with spammers and phishers," said Chasin.

"MyDoom showed that there's a professional development effort going on among malware writers," agreed Kuo. "In the past, a virus writer would write one worm, get some notoriety, but then tire of it. Now they're paid to do this, so after they release one and its eventually blocked by security firms, they write another."

That, in turn, led to viruses flying under the radar for much of the second half of the year. While the first half of 2004 was extraordinarily busy at anti-virus labs -- "We didn't get much sleep from January through May," said Kuo -- the last half has been comparatively quiet.

On the surface, that is.

"MyDoom's writers haven't been loud or egotistical or shown any signs of pride of workmanship, so to speak," said Chasin. "That's the next big trend in malicious code, that both the authors and their work are going to be stealthier."

"The more noise you make, the more people patch," said McAfee's Kuo.

Keeping quiet is important to post-MyDoom virus and worm writers. Their goal, after all, is to accumulate collections of compromised machines that they can then lease or sell. Increasingly, those PCs are attacked via operating system of Web browser vulnerabilities. Making noise, as Kuo said, only gets the attention of users, who rush to patch against the problem.

The appetitive for new zombie systems is voracious and never ending, said Kuo, because a compromised PC may be used only once or twice by a spammer or attacker before it's discarded or unavailable. "The ISPs are quick to block IP addresses they see sending out large numbers of messages," noted Kuo. "After each viral or spam run, they need more machines to replace the ones they've had to throw away."

Because bots are then disposable, that means the work of virus writers is never done; nor is the work of end-users and enterprises trying to keep hackers out.

Bottom line? MyDoom was, and is, bad news.

"I'd rank MyDoom as the worst worm of the year," said Chasin.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
Is Cloud Migration a Path to Carbon Footprint Reduction?
Joao-Pierre S. Ruth, Senior Writer,  10/5/2020
IT Spending, Priorities, Projects: What's Ahead in 2021
Jessica Davis, Senior Editor, Enterprise Apps,  10/2/2020
Register for InformationWeek Newsletters
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll