Categories: SecurityWorkspace

Destructive 15-Year-Old Worm Still Infecting New Systems

MyDoom, a 15-year-old malware strain that still holds the record for the fastest-ever worm spreading via email, is still actively attacking systems today, researchers have warned.

The malware made headlines when it first appeared in 2004, breaking previous records held by Sobig and ILOVEYOU, and that initial speed of transmission has not been surpassed to this day.

MyDoom makes infected Windows systems part of a botnet that can carry out destructive denial-of-service attacks.

The speed of its initial transmission allowed one variant to build a botnet so large that it was able to successfully take down Google on 26 July, 2004, rendering the search engine unusable for the better part of a workday.

Spam botnet

The botnet also slowed the operations of other search engines including AltaVista and Lycos.

MyDoom turns infected systems into servers that send junk email messages, and at one point it accounted for 25 percent of all email being sent worldwide.

The malware also spreads itself via the same method, sending itself to people in the system’s contact lists.

Its activity has declined relative to that of other malware over the years, but MyDoom is still highly active 15 years after its first appearance, said researchers at Unit 42, a unit of Palo Alto Networks.

One percent of all emails containing malware this year have been infected with MyDoom, they said, adding that the malware has caused an estimated $38 billion (£31bn) in damage over its lifespan.

Destructive

“First seen in 2004, MyDoom is still active today – a testament to its original destructiveness,” wrote Unit 42 researcher Brad Duncan in an advisory.

“Enough infrastructure has remained infected throughout the years that we continue to see MyDoom in today’s threat landscape.

“Although a relatively small percentage of malware-based emails contain MyDoom, this malware remains a constant presence.”

The firm said MyDoom remains so prevalent today because it can remain undetected on a user’s system indefinitely, working behind the scenes to find new addresses to send copies of itself to.

Most of the systems distributing the malware today are in China, followed by the US and the UK, with those targeted being distributed across the world.

The infected emails often use subject lines indicating that a message has failed to get through and prompting the recipient to open the attachment to find out why.

But other subject lines include random characters, “hi”, “hello” and “Click me baby, one more time”.

Such simple measures are likely to remain effective as long as people continue to open attachments, Unit 42 said.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

14 mins ago

Dutch PM Raises Cyber Espionage Case With China’s Xi

Beijing visit sees Dutch Prime Minister Mark Rutte discuss cyber espionage incident with Chinese President…

1 hour ago

Vodafone Germany Confirms 2,000 Job Losses, Amid European Restructuring

More downsizing at Vodafone after German operation announces 2,000 jobs will be axed, as automation…

17 hours ago

AI Poses ‘Jobs Apocalypse’, Warns Report

IPPR report warns AI could remove almost 8 million jobs in the United Kingdom, with…

18 hours ago

Europe’s Longest Hyperloop Test Track Opens

European Hyperloop Center in the Netherlands seeks to advance futuristic transport technology, despite US setbacks

19 hours ago

NHS Scotland Confirms Clinical Data Published By Ransomware Gang

NHS Dumfries and Galloway condemns ransomware gang for publishing patients clinical data after cyberattack earlier…

21 hours ago