Mydoom

Mydoom is reported to be the most damaging virus or worm ever released, followed closely by Sobig. It also set records for spreading ability.

When Mydoom is executed, it copies itself to the Windows system folder as Taskmon.exe (which is a legitimate file, though only when found in the Windows folder). It also creates the file Shimgapi.dll in the system folder. This file is a backdoor trojan that opens TCP listening ports ranging from 3127 to 3198 and can download and execute arbitrary files. A file named Message, which contains random letters when opened with Notepad is placed in the Temp folder and opened in Notepad.

The worm creates or modifies several registry keys. It adds the value "TaskMon = \System Folder\taskmon.exe to two keys, one a Local Machine and the other a Current User registry key, both ensure that the worm will run every time the computer is started. It cradds the value "(Default) = \(System Folder)\shimgapi.dll" to a root registry key that ensures shimgapi.dll will be run by Internet Explorer when the web browser is run. It also creates a Local Machine and current user version of another registry key.

Email monitoring service MessageLabs blocked 7.4 million copies of Mydoom.A. Mydoom.A had infected about one out of every 41 email messages. It was even at one point in one in every twelve emails, breaking Sobig's record of one in every 21. It accounted for 20-30% of worldwide email traffic shortly after its release to the wild. Major websites moved temporarily or permanently to new addresses to avoid the DoS attack. F-Secure antivirus expert Mikko Hypponen called Mydoom the "the worst e-mail worm incident in virus history". MessageLabs ranked it number 5 on its list of most active worms.

It caused slowdowns of internet traffic worldwide. Kaspersky estimated that 600,000 to 700,000 computers were infected with the worm. Thirteen percent were in the US, while one percent were in its home country of Russia. The comparative lack of infections in Russia was attributed to better security practices in Russia.

Mydoom and its variants are said to have caused $38.5 billion in damage. This number however comes from the Mi2g organisation, which is known for its extremely, often absurdly, high damage estimates.