My Doom Worm
- 2. Summary: Mydoom was named by Craig Schmugar, an employee of computer security firm McAfee and one of the earliest discoverers of the worm. Schmugar chose the name after noticing the text “mydom” within a line of the program's code. He noted: “It was evident early on that this would be very big. I thought having 'doom' in the name would be appropriate.” Mydoom is primarily transmitted via e-mail, appearing as a transmission error, with subject lines including “Error”, “Mail Delivery System”, “Test” or “Mail Transaction Failed” in different languages, including English and French. The mail contains an attachment that, if executed, resends the worm to e-mail addresses found in local files such as a user's address book. It also copies itself to the “shared folder” of peer-to-peer file-sharing application KaZaA in an attempt to spread that way. Mydoom avoids targeting e-mail addresses at certain universities, such as Rutgers, MIT, Stanford and UC Berkeley, as well as certain companies such as Microsoft and Symantec. The worm's rapid spread slowed down overall internet performance by approximately ten percent and average web page load times by approximately fifty percent.
- 3. Summary(Cont…) The virus can be prevent by not opening the e-mail and its attachment. 26 January 2004: Mydoom.A is identified in North America. 12 February 2004: Mydoom.A is programmed to stop spreading. However, the backdoor remains open after this date. 28 January 2004: Mydoom.B is created. This time it is a direct attack on Microsoft.com 1 March 2004: Mydoom.B is programmed to stop spreading; as with Mydoom.A, the backdoor remains open. The only thing they knew was that the virus originated from Russia. Many people in the U.S and other countries were affected.(Didn’t find a specific number)
- 4. My Opinion Overall, I think the impact was economic. The first version of the worm affected any average person who received and opened the e-mail, but the second version and other versions after affected specific companies like Microsoft. Since it slowed the internet, which is used in many countries in the world, I would definitely call that an economic impact.
- 5. My Opinion(Cont…) Since I couldn’t find anything about what the creator of Mydoom was thinking, I would say he wanted to have a little bit of fun. Although he probably knew it was illegal, he most likely created it to entertain himself. It’s probably not the only thing he could have done, but who knows. If you were to get this virus on your computer you should follow these steps or download one of the programs that were released to do get rid of it for you. 1. Restart your computer. 2. Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 several times after the POST screen. 3. Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter. 4. Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter. 5. In the left panel, double-click the following: HKEY_LOCAL_MACHINE>Software>Microsoft> Windows>CurrentVersion>Run 6. In the right panel, locate and delete the entry: • JavaVM="%Windows%\java.exe" • Services=“%Windows%\services.exe" (Note: %Windows% is the default Windows folder, usually C:\Windows or C:\WINNT.)
- 6. Resources: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYDOOM.M&VSect=Sn http://antivirus.about.com/cs/allabout/a/mydoom.htm http://en.wikipedia.org/wiki/Mydoom