NAME of the BEAST

For one Portland virus hunter, MyDoom meant a frantic week--and a little fame.

By Zach Dundas

By noon last Monday, Craig Schmugar could tell he was in for a hell of a week.

Schmugar works at the Anti-Virus Emergency Response Team's computer lab in Beaverton. This digital Special Forces outfit is a global center for monitoring Internet nastiness. When a virus hits, chances are Schmugar is among the first to see it--and that he's seen its like before.

By late Monday, though--as a rampant virus clogged the Internet's arteries with corrupt email--it was clear that this was a particularly bad mother. "There was a heightened sense of urgency," Schmugar says. "We could tell it was going to be huge."

He and his colleagues dissected the virus, hoping to figure out how digital-security experts could fight it. First, though, they needed to name it. After scanning the crippling code, Schmugar seized on a section reading "MYDOMAI," and coined a moniker soon to be internationally notorious: MyDoom.

"We knew the press would have a lot of interest," Schmugar says. "I figured that having something with the word 'doom' in it would be pretty compelling to the press and public."

"Doom" proved only a slight exaggeration. By the end of the week, the rogue program infected tens of thousands of PCs and bogged down the Internet, wreaking an estimated $38.5 billion in economic damage.

Most dramatically, it caused infected computers to launch a coordinated Super Bowl Sunday attack on the Utah software firm SCO's website. The assault knocked SCO's site offline and forced the company to change its Web address. (Many speculate the attack was provoked by SCO's legal battle to win royalties on the open-source Linux operating system.)

As MyDoom rampaged, Schmugar spent much of the week on the phone with the tech press, along with national and international media ranging from the Chicago Tribune to the Taipei Times.

Schmugar admits that the campaign against MyDoom was dizzying: "Did Monday ever end?" He emphasizes that the virus' full implications probably won't be known until after last week's hype fades.

"Basically, you have a large army of drones at the mercy of an attacker," he says. "If you have the list of IP addresses for all the infected computers, you could do a lot of different things to wreak havoc."

The bounty on MyDoom's creator now stands at $500,000.

WWeek 2015

Willamette Week’s reporting has real-life impact that changes laws, forces action by civic leaders, and drives compromised politicians from public office.

Support WW.

Support