Despite the hype, the fast-spreading "mass-mailer", which tricked recipients into running a viral attachment, is fairly unsophisticated and nothing new, according to AusCERT's Jamie Gillespie. While the worm spread quickly enough to become infamous, it failed to make any significant impact on Government or corporate sites, Gillespie said.
"This is a very average worm that socially engineered enough people to spread rapidly," he told ZDNet Australia. "It included no significant advances in virus propagation and still required manual intervention for it to spread."
AusCERT, which is based at the University of Queensland, operates an incident reporting scheme which it uses to assess the impact of worms such as MyDoom.
"Usually AusCERT will receive reports from corporations or government bodies," Gillespie said. "[We] haven't received any reports from corporate sites indicating anything other than a slow down of mail servers."
Because the worm was generating so much e-mail traffic when its infection rate peaked, some mail servers slowed down and users experienced some delays, Gillespie explained. While he says the issue was over-hyped, the side affect may well be positive, he added. If users are made aware of the risks, Gillespie said, they will be more likely to take heed before opening suspicious attachments in the future.
"[Hype] can have the downside of crying wolf syndrome. When a really destructive virus is spreading, people may think it's just another regular virus," he said, adding that "some media may have portrayed MyDoom in a more dangerous or dire light" that was realistic.
Security consultant Daniel Lewkovitz agrees with Gillespie; MyDoom was unsophisticated and some reporting of the issue was over-hyped.
"I don't think they predicted the end of the Internet on Tuesday as they have in the past," he said. "I think what made it sexy was the Denial of Service attack it was going to launch at SCO."
The MyDoom worm loaded infected systems with software that would cause them to launch a synchronised Denial of Service attack against the Web site of U.S. based software-maker SCO.