RealTime IT News

MyDoom Leads Damaging January Attacks

Racking up approximately $38.5 million in economic damages around the world, the virulent MyDoom worm easily took the top spot in January's list of worst viruses.

MyDoom-A, the original and far worse than its MyDoom-B follow-on, compromised an estimated 450,000 to 500,000 computers, installing backdoor trojans and launching a crippling distributed denial-of-service attack against The SCO Group's Web site. MyDoom-B, which hit the wild only days after the launch of its predecessor, did not spread nearly as fast or as far, so its attempt to take down Microsoft Corp.'s Web site was not as successful.

Many anti-virus and security analysts have put MyDoom down as the fastest-spreading worm in history, saying it surpassed even the devastating Sobig-F virus that rolled over the Internet late last summer.

At its peak, MyDoom, a mass-mailing worm, accounted for one in every six emails, according to Central Command Inc., an anti-virus company based in Medina, Ohio. At its peak, Sobig-F accounted for one in eight emails.

But Chris Belthoff, a senior analyst with Sophos, Inc., an anti-virus company based in Lynnfield, Mass., says MyDoom's attack hasn't quite matched up to the devastation wrought by Sobig-F.

''This is certainly the fastest-spreading virus since Sobig,'' says Belthoff. ''Our data shows that Sobig was faster spreading and more pervasive, but MyDoom is way up there in terms of activity level and reports generated. And it did bring down the SCO site, forcing them to set up an alternative Web site.''

Even though, MyDoom was released in the last week of the month, it still accounted for 25 percent of all virus reports in January, according to a Sophos report. The Bagle worm was the second worst virus of the month, accounting for 16.3 percent of the reports. Sober-C took third place with 9.9 percent, Dumaru-A took a distant fourth with 5.3 percent, and Mimail-J grabbed fifth place with 3.1 percent.

''Bagle and MyDoom constitute the bulk of January's virus activity,'' says Belthoff. ''It was a bad month, primarily because of the activity surrounding those two viruses.''

Belthoff also says that the security community is on alert for a second MyDoom variant to be released.

''History shows that these types of viruses have follow-on variants,'' he adds. ''People should be on guard.''

Belthoff also says that the $250,000 bounty that SCO offered up for information about the MyDoom author could slow down or stall further variants.

''It's hard to say how successful those bounties are,'' he says. ''Microsoft has had a big bounty out on the authors of Sobig and Blaster, but they haven't found anybody yet. But there also hasn't been a variant of Sobig since then. That connection may be tenuous, but it could be that the bounty does make people think twice about putting out new variants.''