Today I’ll tell you a bit about a very interesting piece of malware called Mydoom, which has been operating on the internet since the ancient year of 2004.
MyDoom is a worm created to infect operating systems of the Windows family. The worm spreads via emails with malicious attachments, and the infection itself occurs when they are opened.
The size of the worm’s carrier file is about 28 kilobytes. During research into MyDoom, a text string was found inside its code: « sync-1.01; andy; I'm just doing my job, nothing personal, sorry ». Quite ironic and businesslike.
What MyDoom and its modifications are capable of upon infecting a PC:
- Spreading its copies by mailing itself to email addresses found in various files;
- opening a backdoor in the operating system;
- skillfully disguising itself in the system;
- blocking access to antivirus company websites;
- carrying out targeted DDoS attacks against specific IP addresses;
- autonomous operation.
Initially, the resources of SCO Group (at the time the owner of the Unix OS assets) and Microsoft were subjected to DDoS attacks. Incidentally, the companies actively cooperated with each other.
A funny fact — some companies suspected supporters of the Linux OS of creating the worm 😉 The arguments were SCO’s legal claims in attempts to license the use of the free GNU/Linux operating system. The company even offered a reward of 250 thousand dollars for information that would help catch the creators of MyDoom.
At the peak of its activity, spam coming from MyDoom reduced global internet traffic by 10%. At that time, MyDoom generated 16-25% of the total number of all emails in the world.
One of the main features of MyDoom is its persistence: the malware is still active across the global network to this day. Between 2015 and 2018, infected emails made up more than 1% of all email traffic on the internet.
In 2019, MyDoom even demonstrated a small increase in the number of malware samples, as well as an increase in the number of malicious emails.

Source: Xakep.ru
In 2011, experts at McAfee recognized MyDoom as the most «expensive» malware in history: the damage caused by the malware, through large spam campaigns aimed at reducing productivity and hindering trade at large and medium-sized companies, ultimately amounted to 38 billion dollars.
Here’s an example of an email with the worm:

Source: Xakep.ru
Researchers note that MyDoom is essentially fully self-sufficient and autonomous. The worm can spread forever, as long as people keep opening email attachments.
For a more detailed breakdown of the history of MyDoom’s activity, I recommend watching the video on YouTube:
Video from the channel: overbafer1
A funny coincidence?!
On the same day, before watching the video above, I received a strange email that looked a lot like MyDoom’s spam. The text of the email said that my email sent to such_and_such_address@yahoo.com had been blocked, along with some other gibberish with corrupted encoding. Except I hadn’t sent any emails to such an address. And I almost, once again, didn’t believe in the existence of reptilians ;).

MyDoom?
So there you go. Be vigilant and never open attachments from suspicious emails. The method of infection is as old as the world and is still relevant.
Thanks for reading 😉
Sources:

