Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Doomsday - One Year On

  • 27 January, 2005 11:03

<p>At 13.26pm on 26th January 2004, MessageLabs, the world’s leading provider of email security services to business, intercepted its first copy of W32/MyDoom.A. Within the first twenty-four hours, the company had stopped over 1.2 million copies.</p>
<p>MyDoom.A, which achieved a peak infection rate of 1 in 12 emails, has proved to represent a landmark in the history of computer viruses, and the legacy lives on….</p>
<p>MyDoom.A was not the first worm to demonstrate how effectively virus and spamming techniques could be combined, but it is still the most successful, and signalled the beginning of the widespread use of this method. Viruses and spam were once separate types of email attacks, but financial incentive has led to significant technical malware developments. Today, almost every virus MessageLabs stops is capable of aiding spam distribution.</p>
<p>The backdoor element of the malicious code also enables infected machines to be commandeered to launch denial of service attacks or perform other nefarious acts.</p>
<p>The window of vulnerability</p>
<p>MessageLabs intercepted its first copy of MyDoom.A at 13.26pm. Almost ten hours later anti-virus software vendors began releasing signature files to detect it. During that window of vulnerability, MessageLabs had already stopped approximately 170,000 copies of the worm, firmly establishing itself as a high-risk outbreak. It is impossible to accurately identify the number of machines infected during the initial ten hours of the outbreak, but it should be remembered that the 170,000 copies intercepted by MessageLabs only represents email scanned on behalf of its customers.</p>
<p>Plague of the virus variants</p>
<p>As MyDoom and its descendants have demonstrated, the window of vulnerability is well known and is commonly exploited by cyber-criminals. Viruses are no longer built to last, but often take a smash and grab approach. They are designed to infect the greatest number of machines before anti-virus software vendors have issued identity files.</p>
<p>By the time signatures are deployed the damage has been done – and the next variant of the virus is ready for release. The MyDoom family comprises more than 30 variants to date.</p>
<p>Top of the charts</p>
<p>The mass-mailing worm also spread via file sharing service, KaZaA, and had the ability to randomly generate or guess likely email addresses to send itself to. In a more sophisticated twist on the average mass-mailing worms seen previously, MyDoom.A also deployed subtle social engineering to dupe users into thinking it was a mail delivery error message. The combination of these methods ensured that 12 months on it was still the most widespread virus outbreak of 2004.</p>
<p>A lesson learnt?</p>
<p>As criminal involvement in the virtual world continues to accelerate, security attacks will increasingly be financially motivated. This will drive the development of more sophisticated malware and the frequency with which it is released as hackers work to ensure maximum impact.</p>
<p>Alex Shipp, MessageLabs’ Senior Anti-Virus Technologist, comments, “MyDoom.A represented a step change in the virus landscape indicating an apparent change in the prime objective of virus writing. As a result, ensuring that a company is protected against the continual stream of malware outbreaks now encountered poses a disruptive and challenging force for any IT department, particularly those using traditional, reactive security solutions.</p>
<p>“In 2004, the security industry acknowledged that if the window of vulnerability could be reduced to three hours or less, mass-mailing viruses could be a thing of the past. But, traditional anti-virus software is unable to meet this challenge. Consequently, multi-layered security defences incorporating proactive virus detection techniques will increasingly be adopted by organisations to combat the more complex, fast-spreading blended threats that are now commonplace.”</p>
<p>About MessageLabs</p>
<p>MessageLabs is the world's leading provider of email security and management services with more than 10,000 clients and offices in 12 countries. For more information, please visit</p>

Most Popular