Every day, according to the AV-TEST institute, more than 450,000 new samples of malware and crapware (potentially unwanted software) are registered.
If we are connected to the Internet, we are exposed to computer security threats. These threats have only increased in recent years. Every day, according to the AV-TEST institute, more than 450,000 new samples of malware and crapware (potentially unwanted software) are registered. Viruses, worms, trojans, spyware, ransomware – there are dangers of all kinds and colors on the web, and we are witnesses (or victims) of them.
But before FluBot became famous for the “FedEx SMS Scam”, before a 17-year-old kid led the Lapsus$ ransomware gang that targeted big companies like Microsoft, Samsung or Nvidia, and even before phishing was used as military tool. , there was the Mydoom worm. We are talking about the fastest and most dangerous worm in history; a headache of epic proportions.
The virus that was a nightmare 18 years ago is finally gone
In January 2004, when many of us were using Windows XP computers and browsing at speeds between 256 and 1.024 Kbps, some users started receiving e-mail with the subject “Message not delivered” and the attachment “Message.zip” (the subject and attachment can have other names). Since the message seemed harmless, many people would open it without caution.
Some might think it’s a warning about a legitimate email being rejected. And if we focus on work environments, for example, nobody wants to be scolded for a message that should have been sent but wasn’t, right? What those who accessed this email did not know was that their computer would be infected with a virus.
According to the Cybersecurity and Infrastructure Security Agency (CISA), Mydoom was able to infect any computer running Windows 95 or later. Opening the attachment executed malicious code that was responsible for sending malware to other email addresses, setting the stage for denial-of-service attacks and camouflaging itself to avoid detection.
A number of tasks have been completed, some of which are more complex than others. Mydoom placed its copy in C:Windows and modified the system registry to go unnoticed and persist even after a reboot. It also opened two backdoors on TCP ports 3127 to 3198, allowing remote access to infected computers.
This malware had the ability to scan the computer for email addresses to send to in order to reach a higher level of infection. The variant could also spread via Kazaa, a P2P file-sharing application (typically used for music, images and video) and block access to hundreds of anti-virus websites.
A detailed analysis of the code by cyber security investigators revealed that MyDoom was intended to launch a denial of service (DDoS) attack against SCO Group on February 1, 2004. The malware variant also included a DDoS attack on Microsoft on February 3, 2004. This set off alarm bells for raised the alarm and triggered an FBI investigation.
Before the potential DDoS attacks, the SCO Group offered a $250,000 reward for “information leading to the arrest and conviction of those responsible for this crime.” Microsoft took a similar stance, also offering $250,000. In the end, the developer MyDoom did not appear, not even accurate data that could generate a solid hypothesis, and the days of the attack finally arrived.
MyDoom achieved its first goal: shutting down the SCO Group website.
On February 1st, a DDoS attack on SCO Group begins and their homepage goes down quickly. As CNET reports, this is forcing an alternative site, www.thescogroup.com, into action.
This large-scale attack, caused by the MyDoom computer virus, is estimated to have infected hundreds of thousands of computers worldwide, Jeff Carlon, chief technology officer at SCO Group, said at the time.
Microsoft, meanwhile, is resisting the February 3 attack, according to Computer World. Apparently, the Redmond company’s strength, along with planned advance preparation, prevented MyDoom from hitting its second target. The company noted on its website that it is doing everything it can to stay online.