Racking up approximately $38.5 million in economic damages around the world, the virulent
MyDoom worm easily took the top spot in January’s list of worst viruses.
MyDoom-A, the original and far worse than its MyDoom-B follow-on, compromised an estimated
450,000 to 500,000 computers, installing backdoor trojans and launching a crippling
distributed denial-of-service attack against The SCO Group’s Web site. MyDoom-B, which hit
the wild only days after the launch of its predecessor, did not spread nearly as fast or as
far, so its attempt to take down Microsoft Corp.’s Web site was not as successful.
Many anti-virus and security analysts have put MyDoom down as the fastest-spreading worm in
history, saying it surpassed even the devastating Sobig-F virus that rolled over the
Internet late last summer.
At its peak, MyDoom, a mass-mailing worm, accounted for one in every six emails, according
to Central Command Inc., an anti-virus company based in Medina, Ohio. At its peak, Sobig-F
accounted for one in eight emails.
But Chris Belthoff, a senior analyst with Sophos, Inc., an anti-virus company based in
Lynnfield, Mass., says MyDoom’s attack hasn’t quite matched up to the devastation wrought by
Sobig-F.
”This is certainly the fastest-spreading virus since Sobig,” says Belthoff. ”Our data
shows that Sobig was faster spreading and more pervasive, but MyDoom is way up there in
terms of activity level and reports generated. And it did bring down the SCO site, forcing
them to set up an alternative Web site.”
Even though, MyDoom was released in the last week of the month, it still accounted for 25
percent of all virus reports in January, according to a Sophos report. The Bagle worm was
the second worst virus of the month, accounting for 16.3 percent of the reports. Sober-C
took third place with 9.9 percent, Dumaru-A took a distant fourth with 5.3 percent, and
Mimail-J grabbed fifth place with 3.1 percent.
”Bagle and MyDoom constitute the bulk of January’s virus activity,” says Belthoff. ”It
was a bad month, primarily because of the activity surrounding those two viruses.”
Belthoff also says that the security community is on alert for a second MyDoom variant to be
released.
”History shows that these types of viruses have follow-on variants,” he adds. ”People
should be on guard.”
Belthoff also says that the $250,000 bounty that SCO offered up for information about the
MyDoom author could slow down or stall further variants.
”It’s hard to say how successful those bounties are,” he says. ”Microsoft has had a big
bounty out on the authors of Sobig and Blaster, but they haven’t found anybody yet. But
there also hasn’t been a variant of Sobig since then. That connection may be tenuous, but it
could be that the bounty does make people think twice about putting out new variants.”