The only way to stop MyDoom.

Inside the Internet.
July 27 2004 6:28 PM

Fight Virus With Virus

That's the only way to stop MyDoom.

Illustration by Robert Neubecker

On Monday, Web surfers faced the unthinkable: a day without Google. MyDoom.O, the latest version of the fast-spreading worm, used infected PCs to flood Google's servers in what's called a denial-of-service attack. With the MyDoom virus trolling for e-mail addresses so it could send itself to new victims, human users were pushed out of the way for a couple of hours. It only seemed like the world was ending.

The most frustrating thing about MyDoom is that it's not some hyper-evolved beast. The 14 iterations of the virus that have appeared since MyDoom.A emerged in January aren't stronger, faster strains that survived cures for weaker versions. All the anonymous MyDoom authors have done is look at the syntax—or even just the online descriptions—of previous MyDooms, then built new copies that differ by just a few lines of code.


As the Washington Post reported yesterday, protecting yourself is easy: Install some anti-virus software and set it to automatically update itself (the default for most programs). Unfortunately, most people whose computers are infected either don't know they have a problem, or don't bother to deal with it. That's why MyDoom will keep coming back again and again. SCO and Microsoft, both earlier victims of MyDoom denial-of-service attacks, have posted $250,000 bounties, but neither have yielded a suspect nor deterred copycat coders. At the current rate, MyDoom.Z should debut around Christmas, forcing virus trackers to consult Dr. Seuss' On Beyond Zebra! to alphabetize next year's crop.

The only way to stop MyDoom might be to out-hack the hackers. In the past, "white hat" programmers have launched viruses that expose security holes without causing destruction in an attempt to make computer users more security-conscious. Last year, one programmer took the next step. As the Blaster worm circled the globe, the do-gooder released a worm called Nachi that infiltrated the same security hole as Blaster. But Nachi wasn't a Blaster variant, it was a Blaster antidote: It erased copies of Blaster it found on PCs it invaded, then downloaded and installed a Windows update from Microsoft to secure the computer against further Blaster (and Nachi) attacks. Ingenious! There was only one problem: Nachi overloaded networks with traffic, just like Blaster had.

So far, no one's created an effective antidote to MyDoom, which has done far more damage and shows no sign of stopping. While someone tried to repurpose Nachi for the job in February, that's the wrong approach. What we need is a final MyDoom variant—let's call it MyDoom.Omega—that breaches the exact same security holes as versions A through O, yet spreads itself slowly and carefully to prevent traffic jams. It could even launch warnings on the user's screen for a few days ("Hey dummy! Click here to protect yourself!") before going ahead and patching the hole itself.

Maybe a program like MyDoom.Omega doesn't exist yet because the good guys don't have an incentive. Rather than offering them megabucks to squeal on the virus' creator(s), Microsoft, Google, and other MyDoom victims could challenge hackers to think up novel ways to squash the bug. Unleashing a white knight program might not offer the satisfaction of seeing a bad guy led away in flexicuffs, but it would be a lot more effective—and a lot more poetic.

Paul Boutin is a writer living in San Francisco.


Medical Examiner

Here’s Where We Stand With Ebola

Even experienced international disaster responders are shocked at how bad it’s gotten.

It’s Legal for Obama to Bomb Syria Because He Says It Is

Divestment Is Fine but Mostly Symbolic. There’s a Better Way for Universities to Fight Climate Change.

I Stand With Emma Watson on Women’s Rights

Even though I know I’m going to get flak for it.

It Is Very Stupid to Compare Hope Solo to Ray Rice

Building a Better Workplace

In Defense of HR

Startups and small businesses shouldn’t skip over a human resources department.

Why Is This Mother in Prison for Helping Her Daughter Get an Abortion?

How Ted Cruz and Scott Brown Misunderstand What It Means to Be an American Citizen

  News & Politics
Sept. 23 2014 12:43 PM Occupy Wall Street How can Hillary Clinton be both a limousine liberal and a Saul Alinsky radical?
Sept. 23 2014 2:08 PM Home Depot’s Former Head of Security Had a Legacy of Sabotage
Sept. 23 2014 1:57 PM Would A Second Sarkozy Presidency End Marriage Equality in France?
  Double X
The XX Factor
Sept. 23 2014 2:32 PM Politico Asks: Why Is Gabby Giffords So “Ruthless” on Gun Control?
  Slate Plus
Slate Plus
Sept. 22 2014 1:52 PM Tell Us What You Think About Slate Plus Help us improve our new membership program.
Brow Beat
Sept. 23 2014 2:31 PM 3 Simpsons Showrunners Reflect on New Fans and the “Classic Era” Myth
Future Tense
Sept. 23 2014 1:50 PM Oh, the Futility! Frogs Try to Catch Worms Off of an iPhone Video.
  Health & Science
Sept. 23 2014 1:38 PM Why Is Fall Red in America but Yellow in Europe? A possible explanation, 35 million years in the making.
Sports Nut
Sept. 18 2014 11:42 AM Grandmaster Clash One of the most amazing feats in chess history just happened, and no one noticed.