SCO Moves Web Site To Battle MyDoom; Microsoft Braces For Hit - InformationWeek
Software // Enterprise Applications
01:43 AM

SCO Moves Web Site To Battle MyDoom; Microsoft Braces For Hit

A MyDoom variant is slated to hit Microsoft's site on Tuesday. SCO moved its site to another URL after being KO'd by a denial-of-service attack.

The SCO Group was forced to move its home page after the MyDoom virus knocked the company's Web site offline under the weight of a powerful distributed denial-of-service attack. The company has established as its temporary home page until the attack subsides.

The MyDoom virus, which has infected hundreds of thousands of systems worldwide, is wired to continue to attack SCO Group through Feb. 12. A second variant, MyDoom.B, is scheduled to launch a similar attack against Microsoft on Tuesday. Both SCO and Microsoft last week offered a $250,000 bounty for information that leads to the arrest and conviction of the author, or authors, of the MyDoom variants.

Internet performance-monitoring company Keynote reported that availability to the primary SCO Web site was sporadic through much of Saturday, as the local time of MyDoom-infected computers from around the world began to switch to Sunday, Feb. 1, the date MyDoom was designed to begin the distributed denial-of-service attack. By 9 p.m. EST Saturday, availability to had dropped to near zero, Keynote reported in a statement. Around 4 a.m., the SCO site was brought back online, but the flow of attack traffic to the site made the home page inaccessible, Keynote said.

"We started seeing increased traffic as we rolled into Saturday and we saw an increased amount of traffic that eventually brought our site down," an SCO spokesman says. "We plan on staying one step ahead of those interested in taking our site offline."

So does Microsoft, though security experts say it may not be hit as hard as SCO.

Microsoft wouldn't go into detail about how it's working to mitigate the potential denial-of-service attack, saying it doesn't want to tip off its strategy to the virus writers and thereby let them develop a new variant that would bypass any steps the software maker takes to sidestep the MyDoom attack.

"We are doing everything we can to ensure that Microsoft properties remain fully available to our customers," the company said in a statement.

MyDoom spreads through peer-to-peer networks and by sending E-mails with random subject headings, such as "Hello." Its E-mail attachments come with several file names, including and The E-mails generated by MyDoom often have the subject line of "Mail transaction failed. Partial message is available" or "Error." It's only activated when a recipient of an infected E-mail message clicks on the attachment.

The virus then grabs E-mail addressed from infected systems as it scours .wab, .adb, tbb, .dbx, .asp, .php, .sht, and .htm files for E-mail addresses to send itself to.

The variant poised to strike Microsoft hasn't spread as successfully as the first version, says Stephen Trilling, director of research at Symantec. Trilling says the security software vendor has received few reports of MyDoom.B infections from its customers, while reports of the original MyDoom.A peaked at about 150 submissions per hour last week. New infections of MyDoom.A are still considerably high, with 40 to 60 an hour being reported to Symantec.

"MyDoom.B is nowhere near as successful as the first version," Trilling says.

That news may bode well for Microsoft and its customers as system clocks around the world began to reach Feb. 3 on Monday afternoon.

Security firms estimate that MyDoom.A has caused tens of millions of dollars in lost productivity and cleanup costs. Secure E-mail services provider MessageLabs reported Monday that it had intercepted nearly 17 million infected E-mails since early last week when the virus first appeared. The first infection the company stopped originated in the Russian Federation; since then, MessageLabs says, the virus has been intercepted in at least 214 countries.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll