Editing Mydoom (section)

==Technical overview==
Mydoom is primarily transmitted via [[e-mail]], appearing as a transmission error, with subject lines including "Error", "Mail Delivery System", "Test" or "Mail Transaction Failed" in different languages, including English and French. The mail contains an [[E-mail attachment|attachment]] that, if [[execution (computers)|executed]], resends the worm to e-mail addresses found in local files such as a user's address book. It also copies itself to the "shared folder" of [[peer-to-peer]] [[file sharing]] application [[Kazaa]] in an attempt to spread that way.

Mydoom avoids targeting e-mail addresses at certain universities, such as [[Rutgers University|Rutgers]], [[Massachusetts Institute of Technology|MIT]], [[Stanford University|Stanford]] and [[University of California, Berkeley|UC Berkeley]], as well as certain companies such as [[Microsoft]] and [[NortonLifeLock|Symantec]].  Some early reports claimed the worm avoids ''all'' [[.edu]] addresses, but this is not the case.

The original version, '''Mydoom.A''', is described as carrying two [[Payload (software)|payload]]s:

* A [[Backdoor (computing)|backdoor]] on [[TCP and UDP port|port]] 3127/tcp to allow remote control of the subverted PC (by putting its own SHIMGAPI.DLL file in the system32 directory and launching it as a [[child process]] of [[Windows Explorer]]); this is essentially the same backdoor used by [[Mimail]].
* A [[denial-of-service attack]] against the website of the [[SCO v. IBM|controversial]] company [[SCO Group]], timed to commence 1 February 2004. Many virus analysts doubted if this payload would actually function. Later testing suggests that it functions in only 25% of infected systems.<ref>{{Cite web |title=[Review] MyDoom Virus: The Most Destructive & Fastest Email Worm |url=https://www.minitool.com/backup-tips/mydoom-virus.html?amp |access-date=2023-10-12 |website=MiniTool}}</ref>

A second version, '''Mydoom.B''', as well as carrying the original payloads, also targets the Microsoft website and blocks access to Microsoft sites and popular online [[Antivirus software|antivirus]] sites by modifying the [[hosts file]], thus blocking virus removal tools or updates to antivirus software. The smaller number of copies of this version in circulation meant that Microsoft's servers suffered few ill effects.<ref>{{Cite web
|url      = http://news.bbc.co.uk/1/hi/technology/3459363.stm
|title      = Mydoom virus starts to fizzle out
|publisher      = BBC
|work      = BBC News
|date      = 2004-02-04
|access-date      = 2004-02-04
|archive-date      = 2004-04-16
|archive-url      = https://web.archive.org/web/20040416132835/http://news.bbc.co.uk/1/hi/technology/3459363.stm
|url-status      = live
}}</ref><ref>{{Cite web|url=https://abcnews.go.com/Technology/ZDM/story?id=97385|title=How to Thwart Renewed 'MyDoom' E-Mail Bug|website=[[ABC News (United States)|ABC News]] |access-date=2020-06-28|archive-date=2020-09-28|archive-url=https://web.archive.org/web/20200928232001/https://abcnews.go.com/Technology/ZDM/story?id=97385|url-status=live}}</ref>