MyDoomMyDoom
MyDoomMyDoom began appearing in inboxes in 2004 and soon became the fastest spreading worm ever to hit the web, exceeding previous recordsset by the Sobig worm and ILOVEYOU. A side note, though I knew people affected by Sobig and ILOVEYOU, I did not see either of these in the wild.The reason that MyDoom was effective was that the recipient would receive an email warning of delivery failure – a message we haveall seen at one time or another. The message prompted the recipient to investigate thus triggering the worm.Once the attached file was executed, the worm would send itself to email addresses found in the local address book and also put a copy in a shared folder (KaZaA). Like Klez, MyDoom could spoof email but also had the ability to generate traffic through web searches, which placed a significantload on search engines like Yahoo and Google.MyDoom was also significant for thesecond payload that it carried, which was a DDoS attack on the SCO group; albeit not the coordinated sort of attack we would now expect to see with modern bot-nets. The origination of the virus is attributed or suggested to besomeone in Russia, but no one was ever able to confirm.Lastly, MyDoom contained the text “andy; I’m just doing my job, nothing personal, sorry,” which led many to believe that the virus was constructed for a fee for a spammer, though this also was not confirmed.
Comments
Post a Comment