Mydoom is a computer worm affecting the Microsoft Windows operating system that was first discovered in January 2004. After analysis of its source code, the worm’s function was determined to be twofold: it installed a backdoor on TCP port 3127, and launched a scheduled denial-of-service (DoS) attack against the website of SCO Group on February 1, 2004 (although this functionality only operated properly in around 25% of infected machines).

Mydoom spread itself through an infected email attachment to a message with subject line, “Error”, “Mail Delivery System”, Test”, or “Mail Transaction Failed”. Once the infected code is run, the worm automatically sends an infected email to every user in the infected machine’s address book, as well as copies itself to a user’s KaZaA (a peer-to-peer file sharing network) shared folder in an attempt to spread through additional means.

A newer variant, Mydoom.B, carried the same payload as the original Mydoom.A version, but additionally attempted to attack Microsoft as well as modify the infected machine’s host’s file to block attempts to download or properly use antivirus tools. Toward the end of 2004 and into the beginning of 2005 even newer versions of the worm surfaced, and in July 2009 part of the Mydoom code was reused in the cyber attacks against South Korea and the United States.

DDoSPedia Index