DDoSPedia An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

Security Research Center

Mydoom is a computer worm affecting the Microsoft Windows operating system that was first discovered in January 2004. After analysis of its source code, the worm’s function was determined to be twofold: it installed a backdoor on TCP port 3127, and launched a scheduled denial-of-service (DoS) attack against the website of SCO Group on February 1, 2004 (although this functionality only operated properly in around 25% of infected machines).

Mydoom spread itself through an infected email attachment to a message with subject line, “Error”, “Mail Delivery System”, Test”, or “Mail Transaction Failed”. Once the infected code is run, the worm automatically sends an infected email to every user in the infected machine’s address book, as well as copies itself to a user’s KaZaA (a peer-to-peer file sharing network) shared folder in an attempt to spread through additional means.

A newer variant, Mydoom.B, carried the same payload as the original Mydoom.A version, but additionally attempted to attack Microsoft as well as modify the infected machine’s host’s file to block attempts to download or properly use antivirus tools. Toward the end of 2004 and into the beginning of 2005 even newer versions of the worm surfaced, and in July 2009 part of the Mydoom code was reused in the cyber attacks against South Korea and the United States.


Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

Get Social

Connect with experts and join the conversation about Radware technologies.

Radware Blog
Security Research Center