One year on and MyDoom keeps getting smarter

MyDoom is arguably the most successful mass mailing worm in history. One year after it was discovered, MyDoom has spawned more than 30 variants and is still evolving.

MyDoom is arguably the most successful mass mailing worm in history. One year after it was discovered, MyDoom has spawned more than 30 variants and is still evolving.

MyDoom first appeared on January 26 and according to antivirus firm F-Secure, during its first day the worm generated more than 100 million e-mails and was responsible for "a major part of all e-mail traffic globally". During its first two weeks MyDoom hit SCO's Web site with one of the largest DDoS attacks ever recorded and kept the site offline for more than a month.

MyDoom, which was quickly followed by the various Bagle and Netsky variants, indicated that virus writing had been adopted by underground organisations that are motivated by money rather than fame, according to Scott Chasin, chief technology officer at e-mail security specialists MX Logic.

"MyDoom signalled the end of the juvenile worm author and was the bridge to the commercialisation of virus and worm writing. There has been a global shift away from the egocentric teenage hacker to the economic-orientated threat. It has also taught us that there is an underground open-source community that actively trades in virus-writing techniques," said Chasin.

Adam Biviano, senior systems engineer at antivirus firm Trend Micro, said that MyDoom didn't do anything that antivirus firms had not seen before, but it was far more efficient than previous worms.

"Mass-mailing viruses are nothing new -- we saw the first one with Melissa in the late '90s - but MyDoom was written in a more sophisticated language so it was able to both fool content filtering systems into allowing its e-mails through and trick users into executing it's payload," said Biviano.

Over the past year, Biviano said that worms have generated a large number of variants -- more then 30 for MyDoom alone -- each of which improve on the previous design in order to stay one step ahead of the IT security community.

"If a vendor comes out with a new product to stop security vulnerabilities being taken advantage of - like on Microsoft's Windows XP SP2 - then the new variants simply take that into account by changing the list of controls and processes that need to be terminated," said Biviano.

Biviano said he expects variants of MyDoom and other big worms to continue being created and released into the wild.

"I have seen nothing that gives any indication that this will stop any time soon. If you build a smarter mousetrap the mouse gets cleverer," said Biviano.

MX Logic's Chasin agrees that more variants are on the way but he said one of the biggest challenges will be to try and overcome the social engineering aspect.

"The source code, which anyone can access if they do a smart Google search, is the foundation of future threats. The big problem is the social engineering effect -- there is a lot we can do from a technology perspective to minimise the risks but there is always a weak link in the chain and that is usually the human operator," said Chasin.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All