MyDoom Net Worm Scores Hit, Knocks Out SCO Site
Sun February 01, 2004 07:31 AM ET

By Bernhard Warner, European Internet Correspondent

LONDON (Reuters) - The MyDoom Internet worm claimed its first scalp Sunday, paralyzing the Web site of American software firm SCO Group with a massive data blitz.

In a statement issued Sunday morning, the Utah-based company confirmed MyDoom knocked its site, http://www.sco.com, out of commission.

Internet traffic began building momentum Saturday evening and by midnight Eastern Time the SCO Web site was flooded with requests beyond its capacity, the statement read.

While we expect this attack to continue throughout the next few weeks, we have a series of contingency plans to deal with this problem and we will begin communicating those plans on Monday morning, Jeff Carlon, worldwide director of Information Technology infrastructure, The SCO Group, said in the statement.

The speed and severity of the attack surprised security officials. It was spectacularly successful, said Mikko Hypponen, research manager at Finnish anti-virus firm F-Secure.

As intended, Sco.com was the only discernible victim on Sunday. There were no other reports of outages or slowdowns elsewhere online due to the worm.

MyDoom.A, also known as Novarg or Shimgapi, emerged on Monday in the form of a spam e-mail message that contained a well-disguised virus attachment.

It was programmed to take control of unsuspecting computer users' PCs from which it would launch a debilitating denial-of-service attack on SCO Sunday.

SCO has drawn the ire of the so-called open source programming community who object to SCO's claims they have copyright control over key pieces of the Linux operating system.

The MyDoom attack trigger was set for 1609 GMT Sunday. But with so many computer clocks incorrectly set, the infected machines began firing off data requests at SCO.com hours earlier, Hypponen said. It will only get worse for SCO as time goes on, he added.

SCO is not alone. Microsoft Corp has been targeted by a second variant of MyDoom, dubbed MyDoom.B. That attack is timed to kick off Tuesday.

The MyDoom.B variant, which is also programmed to attack SCO, has not spread nearly as rapidly as MyDoom.A. MyDoom.A is believed to have infected hundreds of thousands, and possibly over one million, PCs.

Both Microsoft and SCO have issued $250,000 rewards for tips leading to the arrest and conviction of the author or authors, which some security experts believe can be traced to Russia.

In building an army of zombie PCs over a six-day span, the MyDoom outbreak underscores a new digital security threat for corporations, governments and news operations.

Security officials and law enforcement experts believe such viruses will only become more sophisticated and could be used to silence entities for a commercial or ideological stance.

This is an effective weapon to censor your critics, Hypponen said.

Security officials have warned computer users to delete suspicious e-mail messages that appear to come from Mail Administrator and other official-looking addresses that contains a file attachment.

A free patch capable of wiping the program from an infected machine is available at many anti-virus sites including http://www.sophos.com/virusinfo/articles/maindoom.html and http://www.f-secure.com/v-descs/novarg.shtml.
Source: Reuters