MyDoom virus declared worst ever

Last modified: January 29, 2004, 12:09 PM PST

By David Becker
Staff Writer, CNET News.com

The MyDoom e-mail virus is only a few days old and still growing, but at least one security firm is ready to crown it as the worst ever.

Finnish security software and services company F-Secure made the coronation late Wednesday, declaring MyDoom the fastest-spreading worm ever and "the worst e-mail worm incident in virus history" in a letter research director Mikko Hypponen wrote.



		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

MyDoom raced onto the Internet on Monday, quickly clogging e-mail servers, as it propagated itself with millions of messages laden with malicious software code. An offshoot of the pest surfaced Wednesday but did not appear to be spreading nearly as quickly as the original.

F-Secure estimated that the worm was accounting for 20 percent to 30 percent of worldwide e-mail traffic Wednesday, putting it well ahead of previous nasties, such as the SoBig.F worm.

F-Secure credited the worm's fast spread to several factors, including aggressive harvesting of e-mail addresses and the fact that it was released in the middle of the North American workday, giving it several hours to spread unchecked among corporate networks.

Other security companies had evaluations almost as dire. MessageLabs, which screens e-mail, said it had intercepted more than 3.4 million copies of MyDoom, which infected one of every 12 messages at its peak. That compares with a total of 33 million infections and a peak rate of one in 17 for SoBig.F. MyDoom had already climbed to No. 5 on MessageLabs' list of the all-time most active viruses, surpassing previous annoyances such as SirCam.

Security software and services company Network Associates estimated on Thursday that between 400,000 and 500,000 PCs worldwide had been infected by MyDoom. Infection rates were averaging one out of every 10 messages for large customers and one out of three for small customers, indicating that the virus concentrates on PCs in the home, where security precautions are often less stringent than in the office.

"We do believe that home users represent the larger piece of the pie for infected systems," said Craig Schmugar, a virus research manager for Network Associates' McAfee division.

Schmugar said home users usually wait to download virus definitions and removal tools. "The weekend is a good time to do that, so we expect there'll be a good downturn Monday" in the number of infected systems, he said.

Sharon Ruckman, senior director at security software maker Symantec's Security Response center, said MyDoom generated an impressive volume of e-mail traffic at its peak Tuesday. But businesses and e-mail providers were much better prepared for the assault than with previous bugs, limiting MyDoom's damage.

"It's hard to compare it with LoveLetter and Melissa, where corporate e-mail systems were actually taken offline," she said. "Enterprises have good security systems in place, so they're seeing (MyDoom) trying to get in and blocking it."

Dig deeper: Viruses