MYDOOM
Mydoom, MyDoom
Windows 2000, Windows Server 2003, Windows XP (32-bit, 64-bit), Windows Vista (32-bit, 64-bit), Windows 7 (32-bit, 64-bit)
Threat Type: Worm
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
Propagates via email, Propagates via peer-to-peer networks, Propagates via network shares
MYDOOM is a family of worms known for its mass-mailing capabilities. It propagates via network shares, email, and by exploiting vulnerabilities. Some variants also propagate via peer-to-peer (P2P) networks.
When executed, MYDOOM gathers information such as email addresses, user names, and domain names from the affected system's Windows Address Book and Temporary Internet Files folder. The stolen information is used to create more email addresses by prepending certain strings to the addresses gathered. MYDOOM then sends copies of itself via email, using its own Simple Mail Transfer Protocol (SMTP) engine.
A MYDOOM variant was used in DDOS attacks against websites in the US and South Korea in 2009. The said worm has the capability to delete certain network analysis tools, preventing early detection and deletion.
MYDOOM is also known for its "bot war" with another mass-mailing family of worms,