Malware profile by Bogdan Finn and Alexander Kneis
| Virus | Worm | Trojan | Ransomware | Botnet | Other |
|---|---|---|---|---|---|
| ✔️ |
- Year: 2004 1
- Author: unknown (origin from russia)2
- Language: C++ 2
- Infections: unknown number of infections
- Damage: $38.5 billion 2
MyDoom is a worm that infects Microsoft Systems. It is primary distributed via E-Mail and appears as a transmission error. It becomes the fastest spreading email worm ever (until 2004)
With subject lines including "Error", "Mail Delivery System" or "Mail Transaction Failed" in different languages1.
When Mydoom is executed, it copies itself to the Windows system folder as Taskmon.exe [...]. It also creates the file Shimgapi.dll in the system folder. This file is a backdoor trojan that opens TCP listening ports ranging from 3127 to 3198 and can download and execute arbitrary files. [...]. The worm creates or modifies several registry keys. [...]This ensure that the worm will run every time the computer is started. [...] It also ensures shimgapi.dll will be run by Internet Explorer when the web browser is run.2
The worm sends itself as an email using its own SMTP engine.