How Virulent Are They?

In a word, VERY; perhaps the fastest spreading viruses ever. According to mail filtering firm MessageLabs, at their height, the viruses were making up 1 in 12 of all e-mail messages. The former fastest virus, Sobig-F, only managed to reach 1 in every 17 mail messages. In only two days MessageLabs had caught almost 4.6m copies of the program.

Mydoom Subject Lines

  • hi
  • error
  • mail delivery system
  • mail transaction failed
  • server report
  • status
  • test
  • random characters

Finnish anti-virus firm F-Secure has declared it the worst e-mail worm ever and said the virus was responsible for up to 30% of all e-mail traffic.

This figure includes messages created by the virus itself, systems automatically responding to the arrival of the message and angry e-mails from people telling others that they are sending out infected mail. As the virus spoofs the sender of any e-mails it sends, these messages just generate more traffic.

The virus was thought to have originated in Russia and has now spread to almost 200 countries. It spread swiftly because it was released during the US working day and quickly found its way through corporate networks.

What does Mydoom do to an infected machine?

It plunders your Outlook address book for new addresses to send itself to and then uses its own internal e-mail engine to despatch them. The virus tries to hide its spread by avoiding e-mail addresses of many anti-virus and security firms as well as government and military agencies.

Mydoom Message Text

  • test
  • The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment
  • The message contains Unicode characters and has been sent as a binary attachment.
  • Mail transaction failed. Partial message is available.
  • Mydoom also tries to stop PCs contacting the websites of anti-virus companies to get the latest updates to anti-virus software.

More worryingly, the virus opens up a backdoor on infected machines that can be exploited by anyone with the right tools and know-how. Already, security firms have reported an increase in scanning for infected machines which suggests someone is preparing to use these machines for another purpose.

The virus, and the Mydoom.B variant, are also programmed to launch so-called Denial of Service attacks on selected websites after 1 February. The original Mydoom worm targets the website of software firm SCO and the new version is programmed to bombard the Microsoft website with bogus data early next month.

What can I do to protect myself?

Quite a lot.

Regularly update your anti-virus software particularly during outbreaks of this magnitude. Run a virus scanner to see if your system is infected and remove any malicious programs you find. If you have a broadband connection use a personal firewall to close the backdoors that some malicious programs install on your PC.

Mydoom Attachment Names

  • body
  • data
  • doc
  • document
  • file
  • message
  • readme
  • test

Be suspicious of e-mail from people that you do not regularly correspond with, especially if the mail message arrives with a file attached. If you get any files bearing suspect subject lines, delete them without opening. During a big outbreak it might be worth turning off the preview pane in Outlook.

Top of page