officials launched a last-minute reminder to
Windows users Monday afternoon to prevent the spread of the MyDoom.B virus
that’s targeting its home page.
MyDoom.B is a variant of the W32.Novarg.A@mm (MyDoom.A) e-mail virus —
which targeted the SCO Group
Sunday — that sends
Microsoft Outlook and Outlook Express users an official-looking email with a
zip file attached. Once opened, the virus grabs the email addresses found
in the program and forwards itself, while putting code in the user’s system
to enable a distributed denial of service attack
pre-determined time (found in the malicious code), the zombied
The attacks have already begun, according to network traffic monitoring site
NetCraft, which shows Microsoft home page request spikes since roughly noon
Monday. According to SCO officials and security experts, many
MyDoom.A-infected computers with improperly-set times on their computers
launched the DDoS attack early. The same appears to be happening to
Microsoft officials are quiet on the specific steps they are taking to
combat the virus. A spokesperson told internetnews.com users with
infected machines should visit Microsoft’s MyDoom virus page for details on removing the code if they don’t
have anti-virus software to do it for them.
“We are doing everything we can to ensure that Microsoft properties remain
fully available to our customers,” the spokesperson said. “Microsoft is
aggressively working with our virus information alliance partners to help
protect customers from this outbreak.”
Microsoft officials are hoping to avoid what happened to the SCO Group,
which was forced to move its home page to a different URL today after the
MyDoom.A virus knocked out its home page, www.sco.com on Sunday. The home page can now be found
The latest move comes less than a week after The SCO Group and Microsoft each offered
$250,000 for information leading to the arrest and conviction of the
virus author or authors.
While SCO officials were quick to blame Linux enthusiasts when the virus’
intent was first discovered, experts now think the virus originated from
spamming outfits out of Russia, according to a report at Linuxworld.com.
The Lindon, Utah, company has been the subject of several Web site failures
last year, which officials claim were instigated by members of the Linux
community in protest to the company’s lawsuit
for copyright infringement.
The MyDoom.A virus was set to launch the DDoS attack against SCO on Feb. 1
and has a trigger date to stop spreading on Feb. 12. The SCO Group claims
that the virus has caused $1 billion in lost productivity and damage to
businesses worldwide. A variant of the MyDoom virus was also expected to hit
Microsoft’s Web site on Tuesday, Feb. 3rd.
According to a Weblog of security outfit F-Secure, the MyDoom.A virus is
the “biggest single DDoS attack ever,” affecting more than one million
computers worldwide. They don’t expect MyDoom.B, targeting Microsoft, to be
nearly as widespread as the A version.
Blake Stowell, a SCO spokesperson, told internetnews.com the move to a
different site is only temporary and that the company plans to move its home
page back sometime after Feb. 12, the end-date of the virus.
“Certainly, between now and (Feb.) 12th we plan to continue testing to see
if our original company Web site is able to go back up again and if it is,
we’ll certainly have it up and running,” he said.
The home page moves puts SCO’s home page dangerously “close” to a hostile
anti-SCO Web site, www.thescogroup.net, so officials are
likely going switch back to their original site as soon as possible.
Despite SCO Group’s move to another site, Stowell said he doesn’t expect the
move to significantly damage its online operations. The original Web site
crashed over the weekend, he said, at a slow time for conducting business.
“The company does 80 percent of its commerce on the Web, however that
commerce is not done at the www.sco.com Web site,” he said. “With (the site)
down, we’re still able to conduct the business online that we need to.”
Various group had asked the company to remove the DNS
hosting the www.sco.com site, as the DDoS attacks were creating Internet
traffic bottlenecks around the world. According to officials at NetCraft, an
Internet monitoring site, SCO “may also have been the subject of pressure
According to AlertSite, a Web site monitoring company, SCO’s site was
available sporadically until about 1:00 am on Sunday, Feb. 1, at which point
it crashed. In addition, the group reported that the Microsoft.com Web site
“experienced some fairly significant performance degradation” on Sunday as
well, when the company’s home page was about 24 percent less responsive
compared to the prior two Sundays.