MyDoom Turns 1, Impact Grows - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

03:34 PM

MyDoom Turns 1, Impact Grows

One year after the debut of the MyDoom worm, security experts are characterizing it as the first worm to demonstrate the staying power and technical know-how of hackers.

One year after the debut of the MyDoom -- one of 2004's nastiest pieces of malicious code -- security experts on Friday reviewed its impact and pegged the worm as a major milestone in malicious code.

"We'll look back ten years from now and see MyDoom as a turning point," said Scott Chasin, the chief technology officer for e-mail security vendor MX Logic.

The first MyDoom -- there have been over 30 variants appear in the last 12 months -- hit the Web Jan. 26, 2004, with results ranging from an across-the-Internet slowdown to taking the SCO Group's Web site offline for more than a month. Along the way, both Microsoft and SCO posted $250,000 bounties on the MyDoom author(s). Neither reward has been collected.

The most recent version of the worm, dubbed, appeared only a week ago.

"MyDoom represents the milestone in the motivation behind why worms are released," said Chasin. "It was the signal of the commercialization of e-mail worms."

Jimmie Kuo, a research fellow with McAfee's AVERT group, seconded that motion. "MyDoom really kicked off the 'viruses for profit' notion," he said. "It was the start of the trend in 2004 of viruses moving from annoyances to profit makers."

Before MyDoom's debut, both said, the typical motivation for a virus writer was to get 15 minutes of infamy. MyDoom, however, put the dollars into malware, since even from the beginning it included a backdoor component that allowed the sender to later access the PC. These backdoors are crucial to the creation of networks of compromised machines that are then rented out or sold to spammers or other criminals (such as cyber-extortionists that threaten a denial-of-service attack on a company's Web site if payment's not made).

Both experts also pointed to MyDoom as the first instance of a worm to demonstrate the staying power and technical know-how of hackers.

"[MyDoom has] proven that there is an underground open-source community of worm writers who are sharing source code and virus-writing techniques not only with each other, but now also with spammers and phishers," said Chasin.

"MyDoom showed that there's a professional development effort going on among malware writers," agreed Kuo. "In the past, a virus writer would write one worm, get some notoriety, but then tire of it. Now they're paid to do this, so after they release one and its eventually blocked by security firms, they write another."

That, in turn, led to viruses flying under the radar for much of the second half of the year. While the first half of 2004 was extraordinarily busy at anti-virus labs -- "We didn't get much sleep from January through May," said Kuo -- the last half has been comparatively quiet.

On the surface, that is.

"MyDoom's writers haven't been loud or egotistical or shown any signs of pride of workmanship, so to speak," said Chasin. "That's the next big trend in malicious code, that both the authors and their work are going to be stealthier."

"The more noise you make, the more people patch," said McAfee's Kuo.

Keeping quiet is important to post-MyDoom virus and worm writers. Their goal, after all, is to accumulate collections of compromised machines that they can then lease or sell. Increasingly, those PCs are attacked via operating system of Web browser vulnerabilities. Making noise, as Kuo said, only gets the attention of users, who rush to patch against the problem.

The appetitive for new zombie systems is voracious and never ending, said Kuo, because a compromised PC may be used only once or twice by a spammer or attacker before it's discarded or unavailable. "The ISPs are quick to block IP addresses they see sending out large numbers of messages," noted Kuo. "After each viral or spam run, they need more machines to replace the ones they've had to throw away."

Because bots are then disposable, that means the work of virus writers is never done; nor is the work of end-users and enterprises trying to keep hackers out.

Bottom line? MyDoom was, and is, bad news.

"I'd rank MyDoom as the worst worm of the year," said Chasin.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
CIOs Face Decisions on Remote Work for Post-Pandemic Future
Joao-Pierre S. Ruth, Senior Writer,  2/19/2021
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
CRM Trends 2021: How the Pandemic Altered Customer Behavior Forever
Jessica Davis, Senior Editor, Enterprise Apps,  2/18/2021
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll