The destructive email worm MyDoom is still very active more than fifteen years after it was first spotted, according to ZDNet. Researchers at Palo Alto Networks’ Unit 42 observed 663,000 emails carrying MyDoom last year, making up one percent of all malware-laden emails.
MyDoom is delivered via phishing emails, which usually pose as error reports informing the recipient that one of their sent emails wasn’t delivered. The messages contain attachments which purport to be the undelivered email. When a user opens one of these attachments to see which email they need to resend, their computer will be infected and the malware will use the compromised system to send out more phishing emails to other targets.
Alex Hinchliffe, a threat intelligence analyst at Unit 42, told ZDNet that the malware uses a worm-like propagation technique, but it relies on human interaction in order to keep spreading.
“The main reason for the high and consistent volume of MyDoom malware is that once infected, MyDoom will work aggressively to find other email addresses on the victim's system to send itself on to,” Hinchliffe said. “This worm behavior means, for the most part, the malware is self-sufficient and could continue to do this forever, so long as people open the email attachments.”
Hinchliffe added that vigilance is the key to preventing these types of malware from succeeding. New-school security awareness training can help your employees identify and avoid malicious emails and attachments.