[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Wednesday, 4 February, 2004, 15:49 GMT
Mydoom virus starts to fizzle out
Bill Gates, Microsoft chairman
Microsoft dodged Mydoom
Slowly but surely the Mydoom virus is dying out.

Figures from mail filtering firm MessageLabs show that the number of copies of the virus being caught everyday are swiftly diminishing.

The peak day of infection was 28 January when 4.5m copies of the malicious program were caught.

But only 300,000 copies of the virus were caught on 3 February as people clean up compromised machines and stop them spewing out infected messages.

Clean start

Despite the slowdown Mydoom has already become the fastest spreading virus ever and looks set to challenge the Sobig.F program for the most active virus of all time.

27 January - 4.2m
28 January - 4.5m
29 January - 3.7m
30 January - 3.6m
31 January - 1.5m (Saturday)
1 February - 980,000 (Sunday)
2 February - 1.1m
3 February - 300,000
Source: MessageLabs
Mydoom first emerged on 26 January and since then has infected machines in 214 countries according to MessageLabs. So far the firm has caught more 21m copies of Mydoom.

But the numbers it is catching every day are diminishing suggesting that the virus is now under control and home users and companies are bringing infected machines under control.

The virus did not rely on technical tricks to spread so far and wide, instead it played on the gullibility of users to open the e-mail message bearing it and click on the infected attachment.

Some versions of the virus posed as technical messages that claimed to contain the text of undelivered e-mail messages.

What also helped it spread was its avoidance of e-mail addresses associated with anti-virus and security companies. As a result some anti-virus firms took far longer to react to the outbreak than usual.

From: random e-mail address
To: address of the recipient
Subject: random words
Message body: several different mail error messages, such as: Mail transaction failed. Partial message is available
Attachment (with a textfile icon): random name ending with ZIP, BAT, CMD, EXE, PIF or SCR extension
When a user clicks on the attachment, the worm will start Notepad, filled with random characters

As well as generating huge amounts of e-mail the virus also used infected machines to launch so-called denial of service attacks on websites.

The original or "A" variant of the virus targeted software firm SCO and made the sco.com web address unusable. That attack is due to end on 12 February.

A "B" variant of the virus targeted Microsoft but there were so few copies of this novel version in circulation that the attack caused the software giant no problems.

MessageLabs has reportedly only stopped 100 copies of the Mydoom.B virus.

Despite this Microsoft did take some precautions and changed a key parameter of its web address that would help it if the site had to be moved quickly.

Net monitoring firm Keynote said there was a slight wobble on the Microsoft site in the early morning but said this was unlikely to be due to the attentions of Mydoom.B.

Keynote said the slight change in response times could have been due to lots of people visiting the Microsoft.com site for information about the virus.

Microsoft dodges Mydoom onslaught
03 Feb 04  |  Technology
Mydoom cripples US firm's website
01 Feb 04  |  Technology
Q&A: The Mydoom virus
29 Jan 04  |  Technology
Mydoom creator hunt intensifies
30 Jan 04  |  Technology
E-mail virus takes on new guise
30 Jan 04  |  Technology
Bounty on creators of e-mail worm
28 Jan 04  |  Technology
Mydoom virus 'biggest in months'
27 Jan 04  |  Technology

The BBC is not responsible for the content of external internet sites


News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific