Software // Enterprise Applications
News
2/3/2004
01:43 AM
50%
50%

SCO Moves Web Site To Battle MyDoom; Microsoft Braces For Hit

A MyDoom variant is slated to hit Microsoft's site on Tuesday. SCO moved its site to another URL after being KO'd by a denial-of-service attack.

The SCO Group was forced to move its home page after the MyDoom virus knocked the company's Web site offline under the weight of a powerful distributed denial-of-service attack. The company has established www.thescogroup.com as its temporary home page until the attack subsides.

The MyDoom virus, which has infected hundreds of thousands of systems worldwide, is wired to continue to attack SCO Group through Feb. 12. A second variant, MyDoom.B, is scheduled to launch a similar attack against Microsoft on Tuesday. Both SCO and Microsoft last week offered a $250,000 bounty for information that leads to the arrest and conviction of the author, or authors, of the MyDoom variants.

Internet performance-monitoring company Keynote reported that availability to the primary SCO Web site was sporadic through much of Saturday, as the local time of MyDoom-infected computers from around the world began to switch to Sunday, Feb. 1, the date MyDoom was designed to begin the distributed denial-of-service attack. By 9 p.m. EST Saturday, availability to www.sco.com had dropped to near zero, Keynote reported in a statement. Around 4 a.m., the SCO site was brought back online, but the flow of attack traffic to the site made the home page inaccessible, Keynote said.

"We started seeing increased traffic as we rolled into Saturday and we saw an increased amount of traffic that eventually brought our site down," an SCO spokesman says. "We plan on staying one step ahead of those interested in taking our site offline."

So does Microsoft, though security experts say it may not be hit as hard as SCO.

Microsoft wouldn't go into detail about how it's working to mitigate the potential denial-of-service attack, saying it doesn't want to tip off its strategy to the virus writers and thereby let them develop a new variant that would bypass any steps the software maker takes to sidestep the MyDoom attack.

"We are doing everything we can to ensure that Microsoft properties remain fully available to our customers," the company said in a statement.

MyDoom spreads through peer-to-peer networks and by sending E-mails with random subject headings, such as "Hello." Its E-mail attachments come with several file names, including readme.zip and text.zip. The E-mails generated by MyDoom often have the subject line of "Mail transaction failed. Partial message is available" or "Error." It's only activated when a recipient of an infected E-mail message clicks on the attachment.

The virus then grabs E-mail addressed from infected systems as it scours .wab, .adb, tbb, .dbx, .asp, .php, .sht, and .htm files for E-mail addresses to send itself to.

The variant poised to strike Microsoft hasn't spread as successfully as the first version, says Stephen Trilling, director of research at Symantec. Trilling says the security software vendor has received few reports of MyDoom.B infections from its customers, while reports of the original MyDoom.A peaked at about 150 submissions per hour last week. New infections of MyDoom.A are still considerably high, with 40 to 60 an hour being reported to Symantec.

"MyDoom.B is nowhere near as successful as the first version," Trilling says.

That news may bode well for Microsoft and its customers as system clocks around the world began to reach Feb. 3 on Monday afternoon.

Security firms estimate that MyDoom.A has caused tens of millions of dollars in lost productivity and cleanup costs. Secure E-mail services provider MessageLabs reported Monday that it had intercepted nearly 17 million infected E-mails since early last week when the virus first appeared. The first infection the company stopped originated in the Russian Federation; since then, MessageLabs says, the virus has been intercepted in at least 214 countries.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.