MyDoom Leads Damaging January Attacks

Racking up approximately $38.5 million in economic damages around the world, the virulent

MyDoom worm easily took the top spot in January’s list of worst viruses.

MyDoom-A, the original and far worse than its MyDoom-B follow-on, compromised an estimated

450,000 to 500,000 computers, installing backdoor trojans and launching a crippling

distributed denial-of-service attack against The SCO Group’s Web site. MyDoom-B, which hit

the wild only days after the launch of its predecessor, did not spread nearly as fast or as

far, so its attempt to take down Microsoft Corp.’s Web site was not as successful.

Many anti-virus and security analysts have put MyDoom down as the fastest-spreading worm in

history, saying it surpassed even the devastating Sobig-F virus that rolled over the

Internet late last summer.

At its peak, MyDoom, a mass-mailing worm, accounted for one in every six emails, according

to Central Command Inc., an anti-virus company based in Medina, Ohio. At its peak, Sobig-F

accounted for one in eight emails.

But Chris Belthoff, a senior analyst with Sophos, Inc., an anti-virus company based in

Lynnfield, Mass., says MyDoom’s attack hasn’t quite matched up to the devastation wrought by

Sobig-F.

”This is certainly the fastest-spreading virus since Sobig,” says Belthoff. ”Our data

shows that Sobig was faster spreading and more pervasive, but MyDoom is way up there in

terms of activity level and reports generated. And it did bring down the SCO site, forcing

them to set up an alternative Web site.”

Even though, MyDoom was released in the last week of the month, it still accounted for 25

percent of all virus reports in January, according to a Sophos report. The Bagle worm was

the second worst virus of the month, accounting for 16.3 percent of the reports. Sober-C

took third place with 9.9 percent, Dumaru-A took a distant fourth with 5.3 percent, and

Mimail-J grabbed fifth place with 3.1 percent.

”Bagle and MyDoom constitute the bulk of January’s virus activity,” says Belthoff. ”It

was a bad month, primarily because of the activity surrounding those two viruses.”

Belthoff also says that the security community is on alert for a second MyDoom variant to be

released.

”History shows that these types of viruses have follow-on variants,” he adds. ”People

should be on guard.”

Belthoff also says that the $250,000 bounty that SCO offered up for information about the

MyDoom author could slow down or stall further variants.

”It’s hard to say how successful those bounties are,” he says. ”Microsoft has had a big

bounty out on the authors of Sobig and Blaster, but they haven’t found anybody yet. But

there also hasn’t been a variant of Sobig since then. That connection may be tenuous, but it

could be that the bounty does make people think twice about putting out new variants.”