MyDoom worm leaves a legacy

After their initial rampage, the MyDoom or Novarg worms have slowed down but may haunt the Internet for some time to come.

Although most federal systems were untouched, in infected systems the worm and its variants opened a back door into each computer's TCP port. Hackers can exploit the doors long after the worms have stopped spreading.

'We've seen about 5,000 IP addresses scanning' for a back door, said David Loomstein, group product manager of the security response team at Symantec Corp. of Cupertino, Calif. There's no certainty yet who is doing the scanning or why, Loomstein said.

MyDoom, which appeared Jan. 26, quickly became one of the most successful e-mail worms in history. It spread by generating mail to addresses harvested from infected computers. But it contained instructions to avoid sending to .gov and .mil domains'apparently to avoid unwanted federal attention.

Targeting SCO, Microsoft

In addition to the back-door code, the original worm also carried instructions to launch a denial-of-service attack against the Web site of SCO Group Inc. of Lindon, Utah, on Feb. 1. A MyDoom.b variant was programmed to attack the Microsoft Corp. site on Feb. 3.

The SCO site fell under the attack traffic. An alternate site,, will remain online until at least Feb. 12, when the MyDoom attacks are expected to stop.

The Microsoft attack never got up much steam, although security analysts reported some speed degradation at

Microsoft has a distributed system for serving Web content, however, so it is more resistant to denial-of-service attacks. Also, the MyDoom.b variant targeting it never became as widespread as the original worm.

Time also was on Microsoft's side. By Feb. 1, the cleanup of infected machines had begun to outpace the rate of new infections.

Initially there were up to 800,000 infections per day, but that figure dropped to 200,000 a day by Feb. 1, said Vincent Gullotto, vice president of the antivirus emergency response team at Network Associates Inc. of Santa Clara, Calif.

About the Author

William Jackson is a Maryland-based freelance writer.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected