MyDoom – a notorious worm once, that name has shaken millions of email users worldwide and is considered one of the most damaging malware types ever recorded in the calendar. History of network security and security – still lurking in several corners of the Internet, operates with automatic mode and actively targets email users worldwide.
MyDoom (also known as Novarg, Mimail and Shimg) is a family of malware believed to have been the least active since 2004. This malicious malware primarily targets users of online emailing services. They are designed to spread quickly across a wide range of ways through mass email (spam). In addition, some malicious variants of MyDoom are also capable of infecting targets through peer-to-peer networks.
- Warning: A fake FaceApp application that installs malicious code is installed on users’ devices
MyDoom has remained active since 2004
After successfully infecting the victim’s computer, the MyDoom worm will silently set up a backdoor on TCP ports from 3127 to 3198, thereby allowing an attacker to have remote access to the compromised systems. Login to distribute other malicious payloads. In some cases, the MyDoom variants also allow hackers to launch a denial of service (DoS) attack, paralyzing the target system.
As mentioned, email is the main spread tool of MyDoom. The worm can collect multiple email addresses from different files on the compromised system, then automatically send emails with a malicious copy of itself attached to all the addresses it finds. , while the owner of the compromised system is completely unaware.
- Ransomware is showing signs of booming around the world, and paying is no longer the most viable option.
The email template contains the MyDoom malware
Here are some noteworthy statistics, citing the in-depth analysis of MyDoom conducted by cybersecurity research group The Cylance Threat Research Team:
MyDoom has been holding the record for the fastest spreading email worm in the world since it was first discovered in 2004 so far.
MyDoom holds the record for the most destructive virus in the history of network security – security, with the estimated damage of 38.5 billion USD worldwide.
During its peak development, MyDoom generated malicious email accounts for 16-25% of the total number of emails sent every day worldwide.
The problem here is that after 15 years of being discovered, MyDoom still exists on the internet and is showing signs of strong growth again. Reports of MyDoom from many research groups and security service providers are still appearing almost every year and are on the rise in the past few months, with tens of thousands of cases of MyDoom infected emails being detected. every month.
- What is email encryption? Why does it play an important role in email security?
“Although it no longer thrives, creating large-scale attacks like other more modern malware families, MyDoom’s strong point is that this malware can still sustain is relatively stable on the internet despite being detected 15 years ago and increasingly facing more advanced email security tools On average, there is about 1.1% of the total emails we receive The discovery contained an attachment of this malware, “said Brad Duncan, head of security research Unit Unit 42 of Palo Alto Networks.
Tens of thousands of malicious emails are distributed around the world by MyDoom each month targeting a range of industries, from tech, wholesale and retail, to healthcare, education, and as general production.
- EvilGnome malware attacks Linux systems with rare tricks
Data for MyDoom between 2015 and 2018
From 2015 to 2018, MyDoom was found in 1.1% of all malicious emails detected by Palo Alto Networks security team, reaching an “average of 21.4% for all malware attachments.” Malware is spread via email spam. “
The difference in the number of attachments and email MyDoom is due to the polymorphic nature of this worm, which leads to a higher number of malware-related statistics, thus significantly increasing the number of samples. detected.
During the first half of 2019, Palo Alto Networks recorded a slight increase in the number of malware samples related to MyDoom detected, as well as a relatively significant increase in the number of malicious emails sent. and away from the victims (the system was infected with malware).
- Shade ransomware, the nightmare of five years ago is showing signs of coming back
MyDoom’s activity in 2019 is according to the statistics of Palo Alto Networks
Since the first case of infection was reported in 2004, MyDoom has been “devastating” for many years and has infected a large enough computer to keep this malware running. and its presence on the internet for many years, despite the fact that more and more advanced email security systems have been created, and are no longer as dangerous as they once were.
“Both China and the United States are the largest MyDoom” outbreaks “in the world. Malicious emails are mostly sent to and from these two countries, albeit essentially the malware distribution process. remains global and targets different countries, ”added Brad Duncan.
- Email tracking and privacy invasion – old and not old
For more details as well as statistics related to the way MyDoom spreads between servers, and the list of IOC indexes that contain hash values for the MyDoom EXE samples found in July of the year. 2019, please refer to the in-depth analysis of Palo Alto Networks MyDoom activity at: https://blog.talosintelligence.com 2019/07/rats-and-stealers-rush-through-heavens.html