ZDNet UK

CNET NETWORKS UK BUSINESS SITES:
atlarge.com
BNET UK
silicon.com
SmartPlanet.com
ZDNet.co.uk

ZDNet.co.uk - Winner of Best Business Website 2007

You are here: ZDNet.co.uk > News > Security

Security threats Toolkit

MyDoom crowned 'worst ever'

David Becker CNET News.com

Published: 29 Jan 2004 08:45 GMT

It's only two days old and still growing, but at least one security firm is ready to crown the MyDoom virus the worst ever.

Finnish security software and services company F-Secure made the announcement late on Wednesday, declaring the MyDoom the fastest-spreading worm ever and "the worst email worm incident in virus history" in a letter that research director Mikko Hypponen wrote.

MyDoom crawled onto the Internet on Monday, quickly clogging email servers, as it propagated itself with millions of messages laden with malicious software code. An offshoot of the pest surfaced on Wednesday but did not appear to be spreading nearly as quickly as the original.

F-Secure estimated that the worm was accounting for 20 percent to 30 percent of worldwide email traffic Wednesday, putting it well ahead of previous nasties, such as the SoBig.F worm.

F-Secure attributed the worm's fast spread to several factors, including aggressive harvesting of email addresses and the fact that it was released in the middle of the North American workday, giving it several hours to spread unchecked among corporate networks.

Other security companies had evaluations almost as dire. MessageLabs, which screens email, said it had intercepted more than 3.4 million copies of MyDoom, which infected one 1 of every 12 messages, at its peak. That compares with a total of 33 million infections and a peak rate of 1 in 17 for SoBig.F. MyDoom had already climbed to No. 5 on MessageLabs' list of the all-time most active viruses, surpassing previous annoyances such as SirCam.

Sharon Ruckman, senior director at security software maker Symantec's Security Response centre, said MyDoom generated an impressive volume of email traffic at its peak on Tuesday. But businesses and email providers were much better prepared for the assault than with previous bugs, limiting MyDoom's damage.

"It's hard to compare it with LoveLetter and Melissa, where corporate email systems were actually taken offline," she said. "Enterprises have good security systems in place, so they're seeing [MyDoom] trying to get in and blocking it."