Editing Mydoom (section)

==Timeline==
{{More citations needed section|date=June 2022}}
* '''26 January 2004:''' The Mydoom virus is first identified around 8am [[Eastern Standard Time Zone|EST]] (1300 UTC), just before the beginning of the workday in North America. The earliest messages originate from Russia. For a period of a few hours mid-day, the worm's rapid spread slows overall internet performance by approximately ten percent and average [[web page]] load times by approximately fifty percent. Computer security companies report that Mydoom is responsible for approximately one in ten e-mail messages at this time.
:Although Mydoom's Denial of Service (DoS) attack was scheduled to begin on 1 February 2004, [[SCO Group]]'s website goes offline briefly in the hours after the worm is first released. It is unclear whether Mydoom was responsible for this. SCO Group claimed it was the target of several [[distributed denial of service]] attacks in 2003 that were unrelated to computer viruses.
* '''27 January 2004:''' [[SCO Group]] offers a US$250,000 reward for information leading to the arrest of the worm's creator. In the US, the [[Federal Bureau of Investigation|FBI]] and the [[United States Secret Service|Secret Service]] begin investigations into the worm.
* '''28 January 2004:''' A second version of the worm is discovered two days after the initial attack. The first messages sent by Mydoom.B are identified at around 1400 UTC and also appear to originate from Russia. The new version includes the original denial of service attack against SCO Group and an identical attack aimed at Microsoft.com beginning on 3 February 2004; however, both attacks are suspected to be either broken, or non-functional decoy code intended to conceal the [[Backdoor (computing)|backdoor]] function of Mydoom. Mydoom.B also blocks access to the websites of over 60 computer security companies, as well as pop-up advertisements provided by [[DoubleClick]] and other online marketing companies.
:The spread of Mydoom peaks; computer security companies report that Mydoom is responsible for roughly one in five e-mail messages at this time.
* '''29 January 2004:''' The spread of Mydoom begins to decline as bugs in Mydoom.B's code prevent it from spreading as rapidly as first anticipated. Microsoft offers US$250,000 reward for information leading to the arrest of the creator of Mydoom.B.
* '''1 February 2004:''' An estimated one million computers around the world infected with Mydoom begin the virus's massive distributed denial of service attack&mdash;the largest such attack to date. As 1 February arrives in East Asia and Australia, SCO removes www.sco.com from the [[Domain Name System|DNS]] around 1700 [[UTC]] on 31 January. (There is as yet no independent confirmation of www.sco.com in fact suffering the planned DDOS.)
* '''3 February 2004:''' Mydoom.B's distributed denial of service attack on Microsoft begins, for which Microsoft prepares by offering a website which will not be affected by the worm, information.microsoft.com.<ref>{{Cite web|url=http://information.microsoft.com/security/antivirus/mydoom.asp |title=Microsoft Information: MyDoom (Wayback Archive from 4 Feb 2004) |work=microsoft.com |date=2004-02-04 |url-status=unfit |archive-url=https://web.archive.org/web/20040204005953/http://information.microsoft.com/security/antivirus/mydoom.asp |archive-date=February 4, 2004 }}</ref> However, the impact of the attack remains minimal and [http://www.microsoft.com www.microsoft.com] remains functional. This is attributed to the comparatively low distribution of the Mydoom.B variant, the high load tolerance of Microsoft's web servers and precautions taken by the company. Some experts point out that the burden is less than that of Microsoft software updates and other such web-based services.
* '''9 February 2004:''' Doomjuice, a “parasitic” worm, begins spreading. This worm uses the backdoor left by Mydoom to spread. It does not attack non-infected computers. Its payload, akin to one of Mydoom.B's, is a denial-of-service attack against Microsoft.<ref>{{Cite web
|url       = http://www.symantec.com/avcenter/venc/data/w32.hllw.doomjuice.html
|title       = W32.HLLW.Doomjuice
|publisher       = Symantec Corporation
|date       = 2007-02-13
|access-date       = 2004-02-10
|archive-date       = 2004-04-15
|archive-url       = https://web.archive.org/web/20040415023504/http://www.symantec.com/avcenter/venc/data/w32.hllw.doomjuice.html
|url-status       = dead
}}</ref>
* '''12 February 2004:''' Mydoom.A is programmed to stop spreading. However, the backdoor remains open after this date.
* '''1 March 2004:''' Mydoom.B is programmed to stop spreading; as with Mydoom.A, the backdoor remains open.
* '''26 July 2004:''' A variant of Mydoom attacks [[Google]], [[AltaVista]] and [[Lycos]], completely stopping the function of the popular Google search engine for the larger portion of the workday, and creating noticeable slow-downs in the AltaVista and Lycos engines for hours.
* '''23 September 2004:''' Mydoom versions U, V, W and X appear, sparking worries that a new, more powerful Mydoom is being prepared.
* '''18 February 2005:''' Mydoom version AO appears.
* '''July 2009:''' Mydoom resurfaces in the [[July 2009 cyber attacks]] affecting South Korea and the United States.<ref name="Lazy Hacker and Little Worm Set Off Cyberwar Frenzy">{{cite magazine|title=Lazy Hacker and Little Worm Set Off Cyberwar Frenzy|magazine=[[Wired News]]|date=2009-07-08|url=https://www.wired.com/threatlevel/2009/07/mydoom/|access-date=2009-07-09|archive-date=2009-07-10|archive-url=https://web.archive.org/web/20090710221733/http://www.wired.com/threatlevel/2009/07/mydoom/|url-status=live}}</ref>