The MyDoom virus, also known as Novarg, is another worm capable of developing a backdoor in a victim computer’s operating system.
The family of MyDoom e-mail worms continues to be an active threat because of unprotected personal computers and compromised computer systems even though the virus was programmed to shut down in February 2004. Due to widespread infections, the MyDoom creators can still mobilize a huge network of computers at any time. Virus experts suggest that marching orders sent to infected machines can allow them to execute offenses ranging from clogging Internet traffic to inflicting large-scale financial chaos on corporations and banks. Almost every week, new versions of the MyDoom e-mail worm still keeps coming out and hence this virus continues to clog mail servers located all over the world.
MyDoom Virus and its Variants
The original MyDoom virus is known to have two triggers. One trigger caused the virus to start a denial of service (DoS) attack starting Feb. 1, 2004. The second trigger caused the virus to stop distributing itself on Feb. 12, 2004. The backdoors created during the initial infections remained active even after the virus stopped spreading.
Several computer security experts point out that there is a slight difference between the earlier MyDoom versions and their variants. Their key purpose focuses on tweaking the code and expanding the worm’s capabilities.
MyDoom.b carried a modified code that appeared to be flawed according to a few experts. The coding errors resulted in this generation of the MyDoom worm to be less threatening.
MyDoom.c targeted computers that were already infected with MyDoom.a. Plus. Reports state that this variant did not spread through e-mail but instead used the existing open port.
MyDoom.d, also called Doomjuice.a, spread updated code but was otherwise identical to MyDoom.a. This variant initially sent single requests for a DoS attack against Microsoft and then switched to a multiple-request attack strategy.
MyDoom.e, also called Doomjuice.b, is capable of keeping up the attack with continuous, high-intensity DoS attacks on Microsoft’s homepage in any month from February through December on any day except those between the 8th and 12th of every single month. MyDoom.e develops requests to access Microsoft’s home page that looks like Internet Explorer requests.
Why MyDoom Virus is a Source of Evil?
Discovered in January 26, 2004, MyDoom.a spread via attached files with the extensions .bat, .cmd, .exe, .pif, .scr or .zip. The worm developed a back door into the system by opening TCP ports 3127 through 3198.
MyDoom does not own this open-port trick. Worms such as MiMail, Bagle, SoBig and others all have this capability. However, the MyDoom family take advantage of the technique by using it in a much more efficient manner when compared to other worms.
These open ports allow the worm to secretly “listen” for new instructions sent out by the worm’s author. An open port also develops a back door that allows an attacker to connect to the infected computer, thus controlling its network and individual resources.
Furthermore, the back door opened by MyDoom allows an attacker to remotely download and execute arbitrary files. The real threat here refers to the fact that this malware can get triggered any time because the TCP 3127 port continues to be open. Detoxifying the infection with antivirus software is the only way to close this back door.
This is where virus protection plays a vital role. Comodo provides Antivirus that is available with remarkable security features making it one of the best antivirus software in the IT security industry. This software helps in successfully protecting PC(s) against backdoors, viruses, Trojan horses, spyware, rootkits, adware, worms, and several other malware infections, also including the extremely dangerous zero-day threats.