After 15 years, the notorious MyDoom poison worm still exists and threatens email users worldwide
MyDoom, the once notorious poisonous worm, has once shattered millions of email users around the world and is considered one of the most serious types of malware ever recorded in the calendar. Security industry, network security - still lurking in a few corners of the Internet, operating with automatic mode and actively targeting email users around the world.
MyDoom (also known as Novarg, Mimail and Shimg) is a family of malicious software that is believed to have been at least active since 2004 until now. This malicious code targets primarily users of online mailing services. They are designed to spread quickly across a wide range of products through mass email (email spam). In addition, some of the harmful variants of MyDoom are also able to infect targets through peer-to-peer networks.
- Warning: Appeared fake FaceApp application to install malicious code on users' devices
MyDoom has been operating since 2004 until now
After successful infection on the victim computer, MyDoom poison worm will silently set up a backdoor on TCP ports from 3127 to 3198, thereby allowing an attacker to have remote access to compromised systems. Added to distribute other malicious payloads. In some special cases, MyDoom variants also allow hackers to launch a denial of service (DoS) attack, causing paralysis of the target system.
As mentioned, email is the main spreading tool of MyDoom. This worm can collect many email addresses from different files on the compromised system, then automatically send an email with a malicious copy attached to itself to all the addresses it finds. , while the owner of the compromised system is completely unaware.
- Ransomware (ransomware) is showing signs of explosion worldwide, paying is no longer the most effective option.
Email form containing malicious code MyDoom
Here are some noteworthy statistics, citing an in-depth analysis of MyDoom conducted by The Cylance Threat Research Team, a security research team:
MyDoom has been holding the record for the world's fastest-spreading email worm since it was first discovered in 2004 so far.
MyDoom holds the record for the most devastating virus in the history of security - cyber security, with the estimated damage of 38.5 billion USD worldwide.
At its peak, MyDoom created malicious email accounts for 16-25% of all emails sent every day worldwide.
The problem here is that after 15 years of being discovered, MyDoom still exists on the internet and is showing signs of strong growth again. Reports of MyDoom from many research groups and security service providers are still appearing every year and are on the rise in the past few months, with tens of thousands of cases of MyDoom infected emails being discovered. every month.
- What is email encryption? Why does it play an important role in email security?
"Although it is no longer a strong development, creating large-scale attacks like other modern malware families, MyDoom's strength lies in the fact that this malicious code is still able to maintain. Relatively stable presence on the internet despite being discovered 15 years ago and increasingly faced with more advanced email security tools, on average, about 1.1% of the total number of emails gets us found the attachment of the malware, "said Brad Duncan, head of Unit 42 security research group at Palo Alto Networks.
Tens of thousands of malicious emails distributed by MyDoom worldwide every month target a variety of industries ranging from high technology, wholesale and retail, to health care, education, as well as as production in general.
- Malicious Code EvilGnome attacks Linux systems with many rare tricks
Data about MyDoom between 2015 and 2018
From 2015 to 2018, MyDoom was found in 1.1% of all malicious emails discovered by Palo Alto Networks security team, reaching "an average of 21.4% for all malicious software attachments. Harm is recorded spread through spam emails ".
The difference in the number of attachments and emails MyDoom is due to the polymorphic nature of this worm, which leads to a higher number of malware-related statistics, thus significantly increasing the number of samples. detected.
In the first half of 2019, Palo Alto Networks recorded a slight increase in the number of detected MyDoom-related malware samples, as well as a significant increase in the number of malicious emails sent to and away from the victims (the system has been infected with malicious code).
- Shade ransomware, the nightmare of 5 years ago is showing signs of returning
MyDoom's activity in 2019 is based on Palo Alto Networks statistics
Since the first case of infection was recorded in 2004, MyDoom has been working hard for many years and infecting a large enough number of computers to help the malware stay active. and its presence on the internet for many years, despite the growing number of more advanced email security systems being created, as well as no longer maintaining the same danger as in the beginning.
"Both China and the United States are the largest 'MyDoom' outbreaks in the world. The email containing the worm is mainly sent to and from these two countries, although basically, the process of distributing malicious code "It's still global and targets many different countries," added Brad Duncan.
- Tracking email and privacy infringement - old problems that are not old
For more detailed information as well as statistics regarding how MyDoom spreads between servers, and the IOC index list containing hash values for MyDoom EXE patterns found in July of the year. 2019, please consult an in-depth analysis of Palo Alto Networks' MyDoom activity at: https://blog.talosintelligence.com/2019/07/rats-and-stealers-rush-through-heavens.html
You should read it
- Fileless malware - Achilles heel of traditional antivirus software
- The Adobe Flash update may contain malware that digs encrypted money
- The Purple Fox malware targets vulnerable Windows systems worldwide
- Warning malicious code is spread through email, there is a risk of losing all data
- Discover a new kind of malicious code that can record the phone call to extort money
- 9 things to do when detecting a computer infected with malware
- Detecting extremely serious vulnerabilities that allow hacking iPhone just by sending email, victims who are not open are also attacked
- Researchers create malware based on artificial intelligence
May be interested
- D32 Virus Removal Software updates new viruses on December 25, 2004d32 software (december 25, 2004) updates the viruses dob2k.worm.w32, dotnet.worm.w32, ebscam.htm.trj.w32, elizabeth.worm.w32, hydra.exe.worm.w32, hydra. gen.worm.w32, invalidssl.worm.w32, netsky.ag.exe.worm.w32, netsky.ag.gen.worm.w32, outa2k.worm.w32 and zombie.gen.worm.w32.
- Storm worm 're-exported' through a jokedangerous computer worms storm worm used to scan millions of computers and social networks. its variant is continuing to attack by email bearing the april fool's day theme.
- Will the Kama Sutra worm come back next week?security experts are now warning users around the world to protect themselves from the ability to return to the new dangerous computer worm kama sutra next week. kama sutra worm - also known as nyxe worm
- New worm alerts attack Yahoo Mail!a new worm targeting yahoo's popular email service is spreading to the internet, drilling into the hole in javascript. called yamanner, the worm 'knocked on' people's mailboxes
- The Purple Fox malware targets vulnerable Windows systems worldwidepurple fox, a strain of malware that was once spread around the world through sophisticated phishing email and exploit kits, has just shown signs of reappearing in a dangerous and unpredictable way. than.
- The most exclusive Yahoo Messenger worm eversecurity experts have uncovered a new type of wily, spreading via yahoo messenger and hijacked ie's home page, leading users to a ghost website. called yhoo32.explr, this 'fox' worm has the ability to multiply
- What is cyanide poison? How dangerous is cyanide poison?cyanide or cyanide is a chemical compound containing the cyano group (c≡n). this chemical is fast acting, potentially lethal in various forms of compound in a short time.
- How do viruses and worms spread on email?here are two examples to help you understand how email viruses work, based on symantec's information.
- How scary is the poison VX, the most terrifying neurotoxin in the world?vx is a neurotoxin that is considered to be the most powerful man ever created. it is 100 times stronger than srarin - a deadly poison in minutes in very small doses. the united nations has classified this poison as a list of weapons of mass destruction.
- Scabby hair with a 3 meter long sea worm has extreme huntingnot only is it a huge length, this bobbit sea worm also has an extremely terrifying way of preying on its prey.