4 of 17Image
Windows has included an update utility since Windows 95, and Automatic Updates were introduced with Windows Me in 2000.
It wasn’t until 2003, however, that Microsoft systematized its process for issuing security updates. Security updates are provided on the second Tuesday of each month—Patch Tuesday. Non-security updates are provided on the fourth Tuesday of each month. Microsoft began this program so that corporate customers could plan for testing and installation of security updates. Although it was a controversial decision, today it’s generally regarded as effective.
On rare occasions—once a year or so—Microsoft releases an “out of band” update to address an issue that can’t wait till the next month’s Patch Tuesday.
This was one of the first truly creative mass-mailing worms, using an extensive menu of options to fool recipients into clicking the malicious payload. It mixed and matched subjects, message bodies, attachment names, and fake assurances that the file had been scanned by a reputable antivirus program and declared clean. The author was an 18-year-old German, who had also written the infamous Sasser worm.
Netsky was annoying (one variant caused infected PCs to beep in the wee hours of the night) but not destructive. (This CA writeup has more details.)
The source code contained numerous insults aimed at other virus writers.
Up until this worm appeared, most malware was the work of vandals. Mydoom was, according to Microsoft’s security analysts, “one of the earliest examples of a botnet and for-profit malware.” You can read technical details in these writeups from Avira and SecureList.
Upon execution, the malware opened a message window in Notepad, displaying nonsense text. In the background, it installed its payload, which then proceeded to send out email messages using its own SMTP engine and the victim’s address book. If the recipient clicked the attachment, they became part of the botnet and began spreading it to their friends as well.
The worm also used file-sharing programs like Kazaa to spread its payload.
The authors of Mydoom included several taunting references to Netsky in their code.