Experts from Palo Alto Networks published a report, according to which 15-year-old MyDoom worm (aka Novarg, Mimail and Shimg) is not just still “alive”, but even increases its activity.MyDoom appeared in 2004 and is considered one of the most famous threats in the entire history of observations.
“While not as prominent as other malware families, MyDoom has remained relatively consistent during the past few years, averaging approximately 1.1 percent of all emails we see with malware attachments”, — report Palo Alto Networks specialists.
This worm became a real record for the speed of spreading and even managed to partially paralyze search engines (Google, Yahoo!, AltaVista and Lycos), and at the peak of activity, spam from MyDoom reduced world Internet traffic by 10 percent. At that time, MyDoom generated 16-25% of the total number of all letters in the world.
In 2011, McAfee experts recognized MyDoom as the most “expensive” malware in history: losses due to loss of productivity and cessation of trade due to virus infection during large spam campaigns eventually consisted $38 billion.
MyDoom is distributed through emails with malicious attachments. On each new infected machine, malware searches for new email addresses in various files, and then sends its copies to all detected addresses. At the same time, spam is masked, for example, under notifications about unsuccessful delivery of a message, or the subject of the letter may contain random characters and the words “hello”, “hi” and so on. It would seem that such methods are most primitive ones, but they are still working today. Thats why MyDoom worm still active.
Palo Alto Networks experts write that in the period from 2015 to 2018, about 1.1% of all emails with malicious attachments contained the MyDoom worm. The victims of such malicious mailings are companies from a wide variety of industries, ranging from high technology, wholesale and retail, to healthcare, education and manufacturing.
In the first half of 2019, MyDoom even demonstrated a small increase in the number of malware samples, as well as an increase in the number of malicious emails sent and received by victims. The main sources of such correspondence are the USA, China and the United Kingdom.
The researchers point out that in fact MyDoom is still active, completely autonomous. The worm can spread forever, as long as people continue to open e-mail attachments.