The MyDoom Windows worm, also known as Novarg, and Shimgapi will be the subject of our focus for this post. The MyDoom worm was first discovered on January 26, 2004 and it has the infamous record of being the fastest spreading worm ever.
MyDoom seems to have been commissioned by spammers to send junk mail through infected computers. The worm contains the following text which suggests that the author of the worm was paid: "andy, I'm just doing my job, nothing personal, sorry." Who Andy is and his relation to the author is still unknown.
The first variant of the worm, known as MyDoom.A, carried two payloads. The first of which was to create a backdoor to allow the author to remotely control the computer without the user's knowledge or consent. The second payload was to launch a Denial Of Service attack against the website of the controversial company known as SCO Group. The second payload achieved destructive results despite the payload only working on 25% of infected computers.
A "B" variant carried the two payloads that the "A" carried, but the B variant also blocked access to Microsoft websites and to websites of antivirus companies. MyDoom resurfaced in the July 2009 cyber attacks that affected the US, and South Korea. MyDoom is estimated to have infected over 1,000,000 computers over the lifespan of the worm.
Thanks for reading this post. Remember to comment with any questions or comments in the comment form below.
No comments:
Post a Comment