MyDoom worm leaves a legacy

After their initial rampage, the MyDoom or Novarg worms have slowed down but may haunt the Internet for some time to come.

Although most federal systems were untouched, in infected systems the worm and its variants opened a back door into each computer's TCP port. Hackers can exploit the doors long after the worms have stopped spreading.

'We've seen about 5,000 IP addresses scanning' for a back door, said David Loomstein, group product manager of the security response team at Symantec Corp. of Cupertino, Calif. There's no certainty yet who is doing the scanning or why, Loomstein said.

MyDoom, which appeared Jan. 26, quickly became one of the most successful e-mail worms in history. It spread by generating mail to addresses harvested from infected computers. But it contained instructions to avoid sending to .gov and .mil domains'apparently to avoid unwanted federal attention.

Targeting SCO, Microsoft

In addition to the back-door code, the original worm also carried instructions to launch a denial-of-service attack against the Web site of SCO Group Inc. of Lindon, Utah, on Feb. 1. A MyDoom.b variant was programmed to attack the Microsoft Corp. site on Feb. 3.

The SCO site fell under the attack traffic. An alternate site,, will remain online until at least Feb. 12, when the MyDoom attacks are expected to stop.

The Microsoft attack never got up much steam, although security analysts reported some speed degradation at

Microsoft has a distributed system for serving Web content, however, so it is more resistant to denial-of-service attacks. Also, the MyDoom.b variant targeting it never became as widespread as the original worm.

Time also was on Microsoft's side. By Feb. 1, the cleanup of infected machines had begun to outpace the rate of new infections.

Initially there were up to 800,000 infections per day, but that figure dropped to 200,000 a day by Feb. 1, said Vincent Gullotto, vice president of the antivirus emergency response team at Network Associates Inc. of Santa Clara, Calif.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected