// Hacking NEWS // MyDoom: 15 Years Later, the Malware Remains Active

in #news5 years ago

MyDoom still exists fifteen years after its creation and has been awarded the title of the most destructive computer virus of all time.

A version of malware is still actively distributed 15 years after its first occurrence. It has caused more than $38 billion in damage since its inception.

MyDoom first appeared in 2004 and is still considered one of the most destructive and widespread computer viruses of all time.

At its peak, the worm generated up to a quarter of the emails sent around the world.

Malware spreads by retrieving email addresses from infected Windows computers and spreads to the victim's contacts by sending a new version of the malware as an attachment. If the attachment is open, the process repeats itself and MyDoom spreads to more victims, connecting them to a botnet that can perform Denial of Service (DDoS) attacks.

The impact of MyDoom was such that on July 26 2004, it neutralized Google, preventing users from searching the web for most of the day. Other popular search engines of the time, including Yahoo, Lycos and Alta Vista, also experienced a drop in performance as a result of the attack.

MyDoom makes resistance

Exactly fifteen years after this episode, MyDoom is still active and according to the analysis of Unit 42, the research division of the cybersecurity company Palo Alto Networks, one percent of all malicious emails sent in 2019 were infected by MyDoom.

This may seem small, but it is an important number given the impressive number of malicious emails distributed worldwide - and it testifies to MyDoom's persistence and autonomy.

"The main reason for the high and consistent volume of MyDoom malware is that once infected, MyDoom will work aggressively to find other email addresses on the victim's system to send itself on to". Alex Hinchliffe, the intelligence threat analyst for Unit 42, told ZDNet.

"MyDoom will work aggressively to find other email addresses on the victim's system to send itself on to. This worm behaviour means, for the most part, the malware is self-sufficient and could continue to do this forever, so long as people open the email attachments."

The vast majority of IP addresses distributing MyDoom in 2019 are in China, followed by the United States and Great Britain in second and third place, but these represent less than 10% of spam sent by infected Chinese systems.

Target audiences vary: Palo Alto Networks detects MyDoom spam sent around the world.

The MyDoom distribution remains similar to its initial operation, with e-mail subject lines designed to fool the user by opening an attachment sent from a falsified e-mail address.

In many cases, they are based on delivery failure notifications suggesting that the user must open the malicious document to find out why.

Other subject lines include random strings, "hello", "hi" and "Click me baby, one more time". The decoys seem basic, but they are sufficient to remain effective.

However, this type of threat could be rendered ineffective by educating users. And I hope that my articles help you to be so!

"We should be learning about basic levels of cyber hygiene that may prevent such emails from being successful. Things like spotting suspicious file types and being vigilant to odd-looking email sender addresses," said Hinchliffe.

Stay Informed, Stay Safe

DQmdpsoEfLe5nRg4Q1oKWHNjLdMnAucCYfRou1yF5Yiwrzs.png

DQmNuF3L71zzxAyJB7Lk37yBqjBRo2uafTAudFDLzsoRV5L.gif