6 of 17Image
Up until this worm appeared, most malware was the work of vandals. Mydoom was, according to Microsoft’s security analysts, “one of the earliest examples of a botnet and for-profit malware.” You can read technical details in these writeups from Avira and SecureList.
Upon execution, the malware opened a message window in Notepad, displaying nonsense text. In the background, it installed its payload, which then proceeded to send out email messages using its own SMTP engine and the victim’s address book. If the recipient clicked the attachment, they became part of the botnet and began spreading it to their friends as well.
The worm also used file-sharing programs like Kazaa to spread its payload.
The authors of Mydoom included several taunting references to Netsky in their code.
The work that eventually became XP SP2 was originally supposed to be a new version of Windows. But the multiple security threats that had hammered Microsoft over the previous several years caused Microsoft to concentrate all work on security and de-emphasize changes in the user interface.
As Windows boss Jim Allchin later told Mary Jo Foley, the decision to make this a free service pack and not a paid upgrade was a deliberate attempt to maximize its adoption. Microsoft had seriously underestimated the security challenges that it would confront with Windows XP, and the improvements in SP2 really did make a difference.
For businesses, it offered much better administrative tools and deployment options than Windows 2000. For consumers, it included the Security Center shown here, which has continued to evolve to this day.
And it turned on the Windows Firewall by default, fixing the mistake that had been so helpful to earlier network-based worms.
In January 2005, Microsoft released the first version of the Malicious Software Removal Tool. It has updated this tool and delivered it as part of the Patch Tuesday update delivery every month since then. The goal of the MSRT is to remove “specific, prevalent malicious software families” from supported Windows versions.
It’s been extremely effective at its primary job, cleaning up millions of PCs in the past seven years. An unanticipated benefit of releasing the monthly tool is that it provides Microsoft with copious amounts of data about the prevalence of malware “in the wild.”
Full details about the MSRT, including a list of which families of malware were included in each monthly update, is available in a lengthy and well-maintained Knowledge Base article.