This document provides detailed information about the MyDoom virus, including its history, effects, and how it spreads. MyDoom was one of the fastest spreading computer viruses ever when it first appeared in January 2004. It spread through email and exploited backdoors to infect over 1 million computers worldwide. The virus targeted websites like SCO Group and Microsoft but caused minimal damage. While its creator remains unknown, MyDoom consisted of multiple variants and continued affecting systems until 2019. The document outlines tips for preventing the spread of MyDoom, such as keeping antivirus software updated, avoiding unknown files, and regularly backing up important data.
1. Title: [Review] MyDoom Virus: The Most Destructive & Fastest Email Worm
Keywords: mydoom,mydoomvirus,mydoomworm, whatismydoom, mydoomvirusdamage
Description: What is the MyDoom Virus? Who created MyDoom? How does MyDoom develop?
How to prevent MyDoom from further spreading? Answers are here!
URL: https://www.minitool.com/backup-tips/mydoom-virus.html
Summary: This long article written by MiniTool elaborates on everything you want to learn about the
MyDoom virus, including its definition/meaning, creator,spreading, history, effects,as well as how to
stop it from affecting others. More other information to be discovered below!
What Is MyDoom?
MyDoom,also calledW32.MyDoom@mm, Mimail.R,Shimgapi,orNovarg, isa kindof computer
virusthat affects the MicrosoftWindows operatingsystem (OS). ItwasfirstseenonJanuary26th,
2004. Exceedingpreviousrecordssetbythe ILOVEYOUand Sobig, MyDoomvirusbecame the
fastest-spreadingemail wormever, arecordthat as of 2021 has yetto be surpassed.
MyDoom wasnamedby CraigSchmugar,an employee of McAfee computersecuritycompany.He
was alsoone of the earliestdiscoverersof the virus.Craigselectedthisname since he noticedthe
text“mydoom”withinaline of the MyDoom source code. “It wasevidentearlyonthatthiswould
be verybig.I thoughthaving‘doom’inthe name wouldbe appropriate”,saidCraig.
Who Created MyDoom?
MyDoom wormappearsto have beencommissionedbyemail spammerstodeliverjunke-mailsvia
infectedcomputers. The spamcontainsa textmessage “andy;I’mjustdoingmyjob,nothing
personal,sorry”,leavingalotof people believingthatthe malware’screatorwaspaidto work.
2. Tip: Early on,some securitycompaniesstated theiridea that thevirus originated froma programmer
in Russia.Yet, the actualcreator of the virusis unknown.
Initial analysisof Mydoomsuggestedthatitwasa variantof the Mimail virus,so there isan alternate
name of MyDoomcalledMimail.R.Thatpromptsspeculationthatthe MyDoomcomputer virus was
createdby the same authoras the virusMimail.Lateranalyseswere lessconclusive astothe link
betweenthe twoviruses.
Speculative earlycoverage thoughtthatthe mainpurpose of MyDoomwasto perpetrate a
distributed denial-of-service (DDoS)attackagainstSCOGroup. Around25% of Mydoom.A-affected
computerstargetedSCOGroupwitha floodof traffic.
Trade pressconjecture,spurredonbySCOGroup’sownclaim, saidthat thismeantthe malware was
createdby a Linux or open-source supporterinretaliationforSCOGroup’scontroversial legal actions
and publicstatementsagainstLinux.
However,thistheorywasrejectedimmediatelybysecurityresearchers.Since then,ithasalsobeen
rejectedbylawenforcementagentsinvestigatingthe worm, whoattribute malware MyDoomto
organizedonline crime gangs.
https://www.minitool.com/backup-tips/is-vimms-lair-safe.html
How Does MyDoom Spread?
MyDoom ismainlytransferredthroughemail,appearingasa transferringerrorwithsubjectlines
containing“error”,mail transactionfailed”,“test”or“mail deliverysystem”indifferentlanguages,
such as EnglishandFrench.
The email isattachedwitha file that,if executed,resendsthe virustoemail addressesfoundinlocal
fileslike auser’saddressbook.Italsocopiesitself tothe “sharedfolder”of peer-to-peerfile sharing
applicationKazaainan attemptto spreadthatway.
Smartly,MyDoomavoids attackingemail addressesof certainuniversitiesincludingStanford,UC
Berkeley,Rutgers,andMIT,as well ascertaincompaniessuchas SymantecandMicrosoft.Some
earlyreportsheldthatthe virusavoidsall .eduaddresses,butit’snottrue.
The initial versionMyDoom.A isthoughtascarrying2 payloads.One isa backdooron port 3127/TCP
to enable remote control of the infectedcomputerbyputtingitsownSHIMGAPI.DLLfile inthe
system32directory andopeningitas a childprocessof WindowsExplorer.Thisisessentiallythe
same backdooras what was foundin Mimail.
https://www.minitool.com/backup-tips/avast-virus-chest.html
The other isa denial-of-service attackagainstthe websiteof the controversial companySCOGroup,
timedtocommence February1st,2004. Yet,not a few virusanalystsdoubtedwhetherthe payload
wouldactuallyworkornot. Later testshowsthatit functionsinonly25% of affectedsystems.
The secondversionMyDoom.B,carryingthe same payloads asthe initial versionA,alsotargets the
Microsoftwebsite andblocksaccesstoMicrosoftwebsitesandpopularonline antivirus sites.It
modifiesthe hostsfile toblockantivirusprogramsaswell astheirupdates.The smallernumberof
copiesof MyDoom versionBincirculationmeansthatWindowsserverssufferedfew damagesfrom
the B version.
3. MyDoom Virus History / MyDoom Virus Effect
Belowisthe timelineof the MyDoomVirusevent.
January 26, 2004,
MyDoom wasfirstidentifiedatabout8 AM EST (1300 UTC), right before the startingof the workday
inNorth America.The earliestemailsoriginatedfromRussia.Afterafew hoursuntil the noonof the
day,the virus’sfastspreadsloweddown overall Internetperformancebyaround10% and average
webpage load timesbyapproximately50%.It wasreportedthat MyDoommalware wasresponsible
for about10% of email messagesthen.
Althoughthe denial-of-service attackwasscheduledtobeginonFebruary1st
,2004, SCO Group’s
website wentoffline brieflyinthe hoursafterthe virus wasfirstreleased. WhetherMyDoomitself
was responsible forthisornot is unknown.
Tip: SCO Group claimed thatit was thetarget of severaldistributed denial of service attacksin 2003
thatwere notrelated to computerviruses.
January 27, 2004
SCO Groupprovideda250 thousandUS dollarsrewardforinformationrelatedtothe designerof
MyDoom.In the UnitedStates,the FBI and the SecretService startedinvestigatingthe virus.
January 28, 2004
Mydoom.b wasdiscovered.The firstmessage sentbyitwas identifiedatabout1400 UTC andalso
appearedtooriginate fromRussia.The new versionincludedthe original denial-of-serviceattack
aimedat SCOGroup and an identical attackagainst www.microsoft.com startingonFebruary3rd,
2004.
Yet,both attacks are suspectedtobe eitherbrokenornon-workabledecoycode intendedtoconceal
the MyDoom exploit.MyDoom.Balsopreventedaccesstothe sitesof more than sixtycomputer
securityfirmsandpop-upadvertisementsofferedbyonline marketingcompanieslike DoubleClick.
On thisday,the spreadof MyDoom wasat its peak.SecuritycompaniesreportedthatMyDoomwas
responsible forapproximately20% of emailsthatday.
https://www.minitool.com/backup-tips/polymorphic-virus.html
January 29, 2004
The spreadof MyDoom beganto decrease asbugsinthe source code of versionBof Mydoom
preventeditfromspreadingasfastas firstanticipated.Microsoftoffered a$250,000 rewardfor
informationleadingtothe arrestof the creator of MyDoomB.
February 1, 2004
An estimated1millioncomputersinthe worldinfectedbyMyDoombeganthe worm’smassive
distributeddenial-of-service attack,the largestsuchattackto date. On thisday,the virusarrivedin
AustraliaandEast Asia.SCOremoved www.sco.com fromthe DNSaround1700 UTC on January1st.
Tip: There is asyet no independentconfirmation of sco.comsuffering theplanned DDoS.
February 3, 2004
The virus’sdenial-of-serviceattackonMicrosoftbegan,for whichMicrosoftpreparesbyofferinga
website thatwouldn’tbe affectedbythe virus,calledinformation.microsoft.com.Luckily, MyDoom
virusdamage remainedminimal and microsoft.comremainedfunctional duringthe attack.
4. That was attributedtothe comparativelylow distributionof the MyDoom.Bvariant,the highload
tolerance of Microsoftwebsite servers,andpreparationtakenbyMicrosoft.Some expertsstated
that the burdenduringthe virusattack islessthanthat of Microsoftsoftware updates andother
such web-basedservices.
February 9, 2004
Doomjuice,a“parasitic”virus,beganspreading.Itmade use of the backdoorleftbyMyDoom to
spread.Doomjuice didn’tattacknon-affectedmachines.Itspayload,similartoone of MyDoom.B’s,
isalso a denial of service aimingatMicrosoft.
February 12, 2004
MyDoom.A isprogrammedto stopspreading.Yet,the backdoorremainsopenafterthisdate.
March 1, 2004
MyDoom.Bis programmedtostop spreading.SimilartoMyDoomA,its backdoorremainsopen.
https://www.minitool.com/backup-tips/memz-virus.html
July 26, 2004
Anothervariantof MyDoom attacks Google, Yahoo, Lycos, andAltaVista,completelystoppingthe
functionof the Google searchengine forthe largerportionof the workdayandcreatingnoticeable
slow-downsinthe AltaVistaandLycosenginesforhours.
September 10, 2004
The versionU, V,W, and X of MyDoom appeared,spreadingworriesaboutanew andstronger
MyDoom wasbeingprepared.
February 18, 2005
MyDoom versionAOappeared.
July 2009
MyDoom resurfacesinthe July2009 cyber-attacksaffectingSouthKoreaandthe USA.
2019
15 yearslater,the fastestspreadingand mostdestructive computervirusMyDoomstill persisted
and itwas usedinphishingattacks. Accordingto an analysisbyUnit42, 1% of all e-mailscontaining
virusessentduring2019 have beenMyDoomemails. The vastmajorityof IPaddressesdistributed
MyDoom in2019 are inChina, the US, and the UK.
Click to tweet
How to Prevent MyDoom from Spreading?
Accordingto the timelineof the MyDoomvirus,youcan figure outthat there are probablystill
MyDoom infectionsinthe world.Maybe somedayyouwill receiveanelectronicmail letterfrom
your friendcontainingthe worm.If youopenthe attachedfile withoutknowingitisavirus,the
attack will executeandcopieswillbe senttoyourcontacts… Maybe itwill resultinanotherglobal
attack…
Horrible,right?Then, youmustwantto know how to prevent MyDoomfromspreadingoutfromyou
once you receive it.Here,some tipsare recommendedtoyou.
5. Tip 1. Always Keep Antivirus Open
I believemostof youhave at leastone securityprograminstalledonyourcomputers.Atleast,each
WindowsOSisequippedwith afirewall WindowsDefender. All youneedtodois to keepitonwhile
usingyourmachine.Then,if youhappentoreceive anemail containingavirus,the firewall will
probablystopyoufrom openingordownloadingittoyourlocal storage by sendingyoua warning
message.
https://www.minitool.com/backup-tips/is-windows-defender-enough-020.html
Tip 2. Never Open Unknown Files
You’dbetterneveropenunknownfiles.If youreceive afile thatyoudon’tknow,tryyourbestto first
figure outwhatit is,especiallywhetheritissafe ornot, before youfinallyopenit.If the file is
attachedto the email senttoyou byone of your contacts,youcan replytoask for whatit isbefore
downloadingittoyourmachine.If the file isconfirmedtobe safe andclean,youcan openit;if it’s
not,just completelydeletethe email togetherwiththe attachment.
Tip 3. Regularly Scan Computer for Virus
To onlycheckfor newlyreceivedfilesisnotenough!Some virusesmayhave hibernation andthey
will attackyour systemusuallyafewdayslatersince theygetonyourmachine.So,youare
suggestedto scan andhave a full checkof yourentire computerincase of potential risks relyingon
securitysoftware.And,youshoulddothe processregularlyandfrequently sinceyouneverknow
whenthe hibernated viruswill wake up.
Tip 4. Don’t Forget to Back up Important Files
ThoughMyDoom onlyslowsdownyourcomputerperformance andblockyoufromaccessingsome
online services/websites, itisstill helpful tomake a backupof your crucial and frequentlyusedfiles.
Once you have a backupof them,if youare influencedbyMyDoominone of your devices,youcan
restore those filestoanotherhealthydeviceandcontinue yourwork.
Also,if youare infectedby ransomware like NotPetyaandWannaCry,youroriginal fileswill be
encrypted,destroyed,ordeleted.Anyhow,youcan’taccessthem.Then,if youhave a previous
backupof those items,youcanrestore themto anothercomputerandreduce yourdata loss.
https://www.partitionwizard.com/clone-disk/protect-yourself-from-ransomware.html
Then,howto create a backupof importantfilesandfolders?Youcanjustcopy and paste themto a
saferplace,butit requiresthe same amountof storage space as the source files.If youhave lotsof
filestobe backedup,or if youplanto back up yoursystem, large storage space isneeded.
You can alsorelyon Windowsbuilt-infeaturesandutilities.Yet,theyare somehowcomplicatedto
operate andlack some popularanduseful functions.Thus,theycan’tsatisfyusers’needs.
Fortunately,there are professional andreliable third-partyapplicationsthatcanback up
files/folders,systems,harddisks,partitions/volumes,etc.basedoncustomers’special needs.They
are specializedinschedule backup,backupwithschemes(savingstorage space), andmanyother
backupoptions.
One of suchexcellentbackupprogramsis MiniTool ShadowMaker.Itcanquicklybackup yourfamily
photos/videos,favorite songs,workdocuments,customizedoperatingsystem, andsoon.To use it,
firstof all,downloadandinstall itonyourdevice.Then,follow the below guide tocreate aninitial
backupof importfiles.
6. SM-Trial
Step1. Launch MiniTool ShadowMaker andclick KeepTrial on itsfirstscreen.
Step2. Then,it will enteritsmaininterface.There,click Backupinthe top tab menus.
Step3. In the Backup tab, clickthe leftmodule toselectthe source filesyouwanttoback up.
Step4. Clickthe right module toselectadestinationforsaving the backupimage.
Step5. It will redirectyoutothe Backup tab and displaythe preview of the backuptask.Have a
checkof the task and confirmitby clickingBack up Now inthe lowerright.
Alt=MiniTool ShadowMakerBackupPreview
It will startto back up yourimportantfiles.Justkeepyourcomputeronduringthe process.Youcan
alsocreate a schedule toautomaticallybackupthose filesinthe future byclickingthe Schedule
buttoninthe lower-leftbeforeexecutingthe initialbackup.Or,youcan customize yourown backup
scheme tosave your diskspace by clickingScheme inthe lowerleft.
OK,that’s all relatedto the MyDoom virus.If youhave somethingtoshare withourreadersabout
MyDoom or othercomputerviruses,justwrite itinbelow commentzone.Or,if youencounterany
problemwhile usingMiniTool ShadowMaker,justcontactoursupportteamat
support@minitool.com.
MyDoom Virus FAQ
What Language Is MyDoom WrittenIn?
7. MyDoom source code is writtenin C++. Itsdisplayingmessageisindifferentlanguage including
EnglishandFrench.
Is MyDoom a Virus?
MyDoom isa Windowscomputervirusdeliveredvia the email system.
How Many VersionsofMyDoom Are There?
There are over20 versionsof MyDoom,fromversionA to versionX,aswell asversionAO.
WhichWas Worse MyDoom or ILOVEYOU?
In general,asthe fastest-spreadingandmostdestructive email worm, MyDoomisworse than
ILOVEYOU.Yet, MyDoomonlyslowsdownvictims’performance andblocksthemfromaccessing
certainwebsitesandservices;while ILOVEYOUwill overwrite office files, pictures,audiofiles,etc.,
and cause computersunbootable.