Notorious MyDoom Worm Still on AutoPilot After 15 Years


Notorious MyDoom Worm Still on AutoPilot After 15 Years (Jul 26, 2019)

A prolific malware strain dating back to 2004 called “MyDoom” has been found to still be automatically conducting its malicious activity. MyDoom is distributed via email with malicious attachments or links, or directly through peer-to-peer connections. Once a machine has been infected, the malware will open TCP ports 3127 and 3198 to grant threat actors remote access for additional malicious purposes. The malware’s automatic features are conducted after infection by collecting email addresses from a user and then send itself to the addresses with an attached copy of itself.

Recommendation: Always be cautious while reading email, in particular when it has attachments or comes with an urgent label or poor grammar. Use anti-spam and antivirus protection, and avoid opening email from untrusted or unverified senders.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.