Categories: SecurityWorkspace

Destructive 15-Year-Old Worm Still Infecting New Systems

MyDoom, a 15-year-old malware strain that still holds the record for the fastest-ever worm spreading via email, is still actively attacking systems today, researchers have warned.

The malware made headlines when it first appeared in 2004, breaking previous records held by Sobig and ILOVEYOU, and that initial speed of transmission has not been surpassed to this day.

MyDoom makes infected Windows systems part of a botnet that can carry out destructive denial-of-service attacks.

The speed of its initial transmission allowed one variant to build a botnet so large that it was able to successfully take down Google on 26 July, 2004, rendering the search engine unusable for the better part of a workday.

Spam botnet

The botnet also slowed the operations of other search engines including AltaVista and Lycos.

MyDoom turns infected systems into servers that send junk email messages, and at one point it accounted for 25 percent of all email being sent worldwide.

The malware also spreads itself via the same method, sending itself to people in the system’s contact lists.

Its activity has declined relative to that of other malware over the years, but MyDoom is still highly active 15 years after its first appearance, said researchers at Unit 42, a unit of Palo Alto Networks.

One percent of all emails containing malware this year have been infected with MyDoom, they said, adding that the malware has caused an estimated $38 billion (£31bn) in damage over its lifespan.


“First seen in 2004, MyDoom is still active today – a testament to its original destructiveness,” wrote Unit 42 researcher Brad Duncan in an advisory.

“Enough infrastructure has remained infected throughout the years that we continue to see MyDoom in today’s threat landscape.

“Although a relatively small percentage of malware-based emails contain MyDoom, this malware remains a constant presence.”

The firm said MyDoom remains so prevalent today because it can remain undetected on a user’s system indefinitely, working behind the scenes to find new addresses to send copies of itself to.

Most of the systems distributing the malware today are in China, followed by the US and the UK, with those targeted being distributed across the world.

The infected emails often use subject lines indicating that a message has failed to get through and prompting the recipient to open the attachment to find out why.

But other subject lines include random characters, “hi”, “hello” and “Click me baby, one more time”.

Such simple measures are likely to remain effective as long as people continue to open attachments, Unit 42 said.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Microsoft Executive Indicates Departmental Hiring Slowdown

Amid concern at the state of the global economy, a senior Microsoft executive tells staff…

1 day ago

Shareholders Sue Twitter, Elon Musk For Stock ‘Manipulation’

Disgruntled shareholders are now suing both Twitter and Elon Musk, over volatile share price swings…

1 day ago

Google Faces Second UK Probe Over Ad Practices

UK's competition watchdog launches second investigation of Google's ad tech practices, and whether it may…

1 day ago

Elon Musk Raises His Contribution To Twitter Acquisition

But one of Elon Musk's biggest backers on the Twitter board has tendered his resignation…

2 days ago

Broadcom Confirms VMware Acquisition For $61 Billion

Entry into cloud infrastructure software for US chip firm Broadcom after it confirms reports it…

2 days ago