5 of 17Image
This was one of the first truly creative mass-mailing worms, using an extensive menu of options to fool recipients into clicking the malicious payload. It mixed and matched subjects, message bodies, attachment names, and fake assurances that the file had been scanned by a reputable antivirus program and declared clean. The author was an 18-year-old German, who had also written the infamous Sasser worm.
Netsky was annoying (one variant caused infected PCs to beep in the wee hours of the night) but not destructive. (This CA writeup has more details.)
The source code contained numerous insults aimed at other virus writers.
Up until this worm appeared, most malware was the work of vandals. Mydoom was, according to Microsoft’s security analysts, “one of the earliest examples of a botnet and for-profit malware.” You can read technical details in these writeups from Avira and SecureList.
Upon execution, the malware opened a message window in Notepad, displaying nonsense text. In the background, it installed its payload, which then proceeded to send out email messages using its own SMTP engine and the victim’s address book. If the recipient clicked the attachment, they became part of the botnet and began spreading it to their friends as well.
The worm also used file-sharing programs like Kazaa to spread its payload.
The authors of Mydoom included several taunting references to Netsky in their code.
The work that eventually became XP SP2 was originally supposed to be a new version of Windows. But the multiple security threats that had hammered Microsoft over the previous several years caused Microsoft to concentrate all work on security and de-emphasize changes in the user interface.
As Windows boss Jim Allchin later told Mary Jo Foley, the decision to make this a free service pack and not a paid upgrade was a deliberate attempt to maximize its adoption. Microsoft had seriously underestimated the security challenges that it would confront with Windows XP, and the improvements in SP2 really did make a difference.
For businesses, it offered much better administrative tools and deployment options than Windows 2000. For consumers, it included the Security Center shown here, which has continued to evolve to this day.
And it turned on the Windows Firewall by default, fixing the mistake that had been so helpful to earlier network-based worms.