Sunday, June 23, 2024

Bounty Set as MyDoom Builds Zombie Army

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

As the virulent MyDoom worm races across the Internet, building an army of computer zombies

potentially 500,000 strong, The SCO Group, Inc. is setting a $250,000 bounty on the virus

author’s head.

SCO, an embattled player in the Linux market, reported today that it is experiencing a

distributed denial-of-service attack related to the MyDoom worm that first hit the wild on

Monday. The Lindon, Utah-based company is offering the reward for information leading to the

arrest and conviction of the virus author or authors.

”During the past 10 months, SCO has been the target of several DDOS attacks,” reports Darl

McBride, president and CEO of The SCO Group, Inc., in a written statement. ”This one is

different and much more troubling, since it harms not just our company, but also damages the

systems and productivity of a large number of other companies and organizations around the


”The perpetrator of this virus is attacking SCO, but hurting many others at the same

time,” he adds. ”We do not know the origins or reasons for this attack, although we have

our suspicions. This is criminal activity and it must be stopped.”

SCO, which has been embroiled in legal wranglings over Linux and open source issues, also

reports that it is working with the U.S. Secret Service and the FBI to figure out the

identity of the virus writer.

MyDoom, by many accounts, has become the fastest spreading virus ever, even surpassing

Sobig-F, which tore up the Internet late last summer. Mi2g, a security analysis company

based in London, reports that the worm, in just 48 hours, has caused $3 billion in damages

worldwide, and has spread to more than 170 countries.

The mass-mailing worm, also known by some security companies as Novarg, hit the wild on

Monday and has been racing around the globe infecting computers with backdoor trojans and

proxies. And Steve Sundermeier, vice president of products and services at Central Command

Inc., an anti-virus company based in Medina, Ohio., says at its peak yesterday MyDoom

accounted for one in every six emails. Wednesday morning it was down to one in every eight


At its peak, Sobig-F accounted for one in eight emails.

Sundermeier also notes that they’re estimating that the worm has successfully compromised

450,000 to 500,000 computers around the world. All of those machines now could be used to

point a DOS attack against SCO.

”MyDoom looks like it has peaked but we’re still getting pounded with intercepts,” says

Sundermeier. ”It’s still spreading like wildfire. It’s going to be damaging to SCO

potentially, but it also has the ability to drop the proxy server to set up each infected

machine for future trouble and spam.”

SCO could not be reached for comment by deadline.

The Central Command Web site has posted a description for the first MyDoom variant —

MyDoom-B. It notes that as of yet there is no sign of it in the wild.

MyDoom spreads via email and by copying itself to any available shared directories used by

Kazaa. It harvests addresses from infected machines, and generally uses the words ‘test’,

‘hi’ and ‘hello’ in the subject line.

Analysts say MyDoom is spreading so quickly because it is successfully fooling users into

opening firs the email and then the attachment. The email often disguises itself as an email

that the user sent that has bounced back. The user, wanting to know why the email failed,

opens it up and then sees a text file icon, instead of the icon for an executable.

MyDoom also sets up a backdoor trojan in infected computers, allowing the virus writer or

anyone else capable of sending commands to an infected machine to upload code or send spam.

The worm has a kill date of Feb. 12. That is leading some analysts to suspect that variants

are being prepared to follow on the heels of the first one.

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Similar articles

Get the Free Newsletter!

Subscribe to Data Insider for top news, trends & analysis

Latest Articles