Virulent MyDoom virus skirts feds, military users

The W32/MyDoom virus now raging across the Internet has special code designed to prevent it from attacking federal and military users, according to Symantec Corp.

'This particular virus tries to avoid sending itself to any domain with a .gov or .mil extension,' said Alfred Huger, senior director of engineering for Symantec security response. 'It contains a list that says do not mail to these domains or if these words are contained' in the address.

The virus' method of skirting the federal government 'certainly does work, but it isn't foolproof because there are government domains that don't contain these extensions,' he said. Huger also cited and local government domains as potential targets.

The security engineer added that the MyDoom virus, also known as Norvag, is designed to avoid domains of antivirus vendors and major software companies, such as IBM Corp. and Microsoft Corp. 'We think the reason that it does this is to give this [virus] author a little more time for MyDoom to spread before people who are likely to do something about it respond,' he said.

Huger predicted that MyDoom likely would lurk on the Internet for a long time, partly because it is targeted at home users who are less educated about systems security.

About the Authors

William Jackson is a Maryland-based freelance writer.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected