Damn MyDoom

The start of 2004 has been one of the Internet’s busiest in terms of e-mail propagated trojans and worms like MyDoom and its variants that have slowed down cyberspace and resulted in numerous international system slowdowns. The result: global losses to the tune of $43.9 billion in 215 countries, according to an industry review website.

A new worm dubbed "Doom-juice" emerged this week and seemed to be taking over where the earlier MyDoom had inflicted major damage. This time, the virus propagates without the need for e-mail triggers and is fixated on specific websites.

One in every five Doomjuice, or MyDoom C, as some compu-ter security com-panies call it, is a variant of the infamous MyDoom worm that prolife-rates via e-mail. MyDoom has the negative distinction of being the fastest-spreading and most encompassing virus of all time when it was let loose in January this year.

MyDoom, also known as the Norvag and Mimail.R virus, accounted for one in every five e-mail messages sent during its peak. With these alarming statistics, MyDoom and its variants have all but eclipsed last year’s Bugbear and Sobig viruses.

The original e-mail that propagated MyDoom and My-Doom B, enticed e-mail reci-pients to click open bogus attach-ments that actually installed malicious software on host personal computers.

The United States, United Kingdom and France seem to have absorbed the most economic damage from the virus attacks, followed by China, Australia, Canada, South Korea, Germany, Italy and Spain.

The total economic damage the MyDoom virus has wreaked on the US is estimated to be approximately $12.2 billion to $15 billion.

Economic damage caused by malware such as viruses, trojans and worms is usually calculated in terms of help desk support, overtime payments, false positives, loss of business, bandwidth clogging, produc-tivity erosion, management time reallocation and cost of recovery.

Aside from this, the resulting downtime needed by companies to run antivirus software, back up critical files and repair software and hardware problems needs to be considered.

The MyDoom worms will command the PCs to then flood the websites of companies like the SCO Group and Microsoft Corp. in a widespread form of DOS (denial-of-service) attacks which will then overwhelm a server’s capacity by sending queries in the tens of millions. These queries bog down the system and keep real users or surfers from accessing the sites, even possibly shutting down the site’s servers from the frenetic activity.

Doomjuice seeks machines already infected by the MyDoom A or B viruses. The va-riant spreads di-rectly between infected machines and not via e-mail so it is not sprea-ding anywhere as fast as the initial MyDoom worms but can still result in considerable damage.

Doomjuice, which experts believe originated from the same source as the MyDoom’s, is designed to flood the SCO Group and Microsoft’s websites, among others, for request for data in an effort to bring them down via distributed DOS.

The website of SCO Group, a minor software company, was shut down for over a week after being totaled by the MyDoom virus. According to a Reuters report, Microsoft and SCO have each offered a $250,000 bounty for information leading to the capture of MyDoom’s authors. Microsoft said it is working with the Federal Bureau of Investigation, the US Secret Service and Interpol in investigating the MyDoom B worm, whose release Microsoft described as a "criminal attack."