MyDoom Now Worst Worm In E-History: F-Secure

With two days to go before its payloads launch a pre-programmed mass of denial-of-service attacks against SCO Group and Microsoft, MyDoom.A and MyDoom.B combined are being called the worst computer worms in the history of cyberspace, according to Finnish security firm F-Secure.

The company said that the programmed attack may also prove to be a smokescreen to lure attention away from the worms' backdoor components; components F-Secure thinks could have been included to facilitate massive new invasions of spam messages.

MyDoom.A appeared Jan. 26 and whipped around the Internet faster than any previously-known worm, including last year's Sobig and Blaster. MyDoom.B, a variant with Microsoft Windows Websites as its intended targets, appeared two days later. Both companies have put $250,000 bounties on the heads of the creators of the worms.

F-Secure says the prime reasons why MyDoom whipped around cyberspace so fast include its masking of infected e-mails to resemble system error messages, the fact that it first appeared in the height of business hours in the United States and could thus hit "several large corporate networks" immediately, and its aggressive collection and creation of e-mail addresses.

MyDoom's spread showed no signs of cooling off as of Jan. 30, despite earlier predictions that the spread would actually taper off several days before the deadline for launching the attacks programmed into the worm's payload. "It's still spreading voraciously," MessageLabs chief information analyst Paul Wood told reporters. "We've intercepted in excess of 8 million viruses since the very first copy started Monday.

The good news is that security investigators may have come closer to identifying MyDoom's masterminds. The author reportedly signed the worm with the name "Andy" and left this message: "I'm just doing my job, nothing personal. Sorry." But while the first infected messages looked as though they originated in Russia, according to one published report, it wasn't certain whether Russia was the actual source of the worm.