MyDoom: The virus that changed the world

It's been exactly one year since the launch of the MyDoom virus that dominated many of 2004's security headlines and proved a dramatic milestone in the history of virus writing.

For many, MyDoom marked the dawning of an age of financially motivated attacks. The image of disaffected teens writing code in their bedroom was no more and the motivation appeared to have changed from 15 minutes of notoriety to a more prolonged and premeditated campaign to extort money from internet users worldwide.

The main reason for the creation of MyDoom was to vastly increase the number of compromised PCs worldwide which could surrender bandwidth for the sending of spam or the launching of denial-of-service attacks. The creation of these 'bot-net' networks represented a coming together of virus writers, spammers and organised crime.

And the link has certainly proven effective. Special Agent Ed Gibson from the FBI says: "But for the viruses there would be no spam."

Simon Perry, VP security strategy at CA, told silicon.com: "Most viruses until at least the middle of 2003 carried a destructive and disruptive payload but now that payload is far more discreet, downloading a Trojan or a piece of spyware onto the user's machine."

While the cruder viruses of the past would once kick down the door, smash up the place and disappear pretty quickly, Perry said viruses post-MyDoom now "sneak in, steal the door keys and walk out again unnoticed" - those 'keys' and the effective control of the machine is then handed over to the criminals behind the attack.

UK email security firm MessageLabs detected its first copy of MyDoom.A at 13.26pm on 26 January 2004.

Over the next 24 hours the company intercepted more than 1.2 million copies. At its peak infection rate MyDoom.A accounted for one in 12 emails.

Alex Shipp, MessageLabs' senior antivirus technologist, believes MyDoom.A "represented a step change in the virus landscape".

MyDoom also became one of the first viruses to spawn enough variants to complete the alphabet - given the convention of naming subsequent iterations alphabetically. MyDoom.Z appeared on the scene in September 2004. The variants are now going through the alphabet a second time. The latest variant, MyDoom.AM, appeared on 24 January according to Symantec.

Among the more curious tales in the MyDoom saga was a message embedded in iterations .U and .V, back in September 2004 which appeared to be a request for work from the virus writers.