MyDoom Net Worm Scores Hit

[Malicious Intent]

MyDoom Net Worm Scores Hit, Knocks Out SCO Site
Sun February 1, 2004 07:28 AM ET
By Bernhard Warner, European Internet Correspondent

LONDON (Reuters) - The MyDoom Internet worm claimed its first scalp Sunday, paralyzing the Web site of American software firm SCO Group with a massive data blitz.

In a statement issued Sunday morning, the Utah-based company confirmed MyDoom knocked its site, http://www.sco.com, out of commission.

"Internet traffic began building momentum Saturday evening and by midnight Eastern Time the SCO Web site was flooded with requests beyond its capacity," the statement read.

"While we expect this attack to continue throughout the next few weeks, we have a series of contingency plans to deal with this problem and we will begin communicating those plans on Monday morning," Jeff Carlon, worldwide director of Information Technology infrastructure, The SCO Group, said in the statement.

The speed and severity of the attack surprised security officials. "It was spectacularly successful," said Mikko Hypponen, research manager at Finnish anti-virus firm F-Secure.

As intended, Sco.com was the only discernible victim on Sunday. There were no other reports of outages or slowdowns elsewhere online due to the worm.

MyDoom.A, also known as Novarg or Shimgapi, emerged on Monday in the form of a spam e-mail message that contained a well-disguised virus attachment.

It was programmed to take control of unsuspecting computer users' PCs from which it would launch a debilitating denial-of-service attack on SCO Sunday.

SCO has drawn the ire of the so-called "open source" programming community who object to SCO's claims they have copyright control over key pieces of the Linux operating system.

The MyDoom attack trigger was set for 1609 GMT Sunday. But with so many computer clocks incorrectly set, the infected machines began firing off data requests at SCO.com hours earlier, Hypponen said. "It will only get worse for SCO as time goes on," he added.

SCO is not alone. Microsoft Corp has been targeted by a second variant of MyDoom, dubbed MyDoom.B. That attack is timed to kick off Tuesday.

The MyDoom.B variant, which is also programmed to attack SCO, has not spread nearly as rapidly as MyDoom.A. MyDoom.A is believed to have infected hundreds of thousands, and possibly over one million, PCs.
Both Microsoft and SCO have issued $250,000 rewards for tips leading to the arrest and conviction of the author or authors, which some security experts believe can be traced to Russia.

In building an army of zombie PCs over a six-day span, the MyDoom outbreak underscores a new digital security threat for corporations, governments and news operations.

Security officials and law enforcement experts believe such viruses will only become more sophisticated and could be used to silence entities for a commercial or ideological stance.

"This is an effective weapon to censor your critics," Hypponen said.

Security officials have warned computer users to delete suspicious e-mail messages that appear to come from "Mail Administrator" and other official-looking addresses that contains a file attachment.

A free patch capable of wiping the program from an infected machine is available at many anti-virus sites including http://www.sophos.com/virusinfo/articles/maindoom.html and http://www.f-secure.com/v-descs/novarg.shtml.

[YWD67]

Hope this one makes the penalty for this kind of crap a little more tuffer then 1 or 2 yrs in the can. Start addding on financial loss to their fines and I think you might see a little less bull like this.

[que-em]

Send me the virus so i can be part of the attack on Sco too. HAAA!!

[phalkon30]

http://news.softpedia.com/news/2/200...ary/6919.shtml

and

http://news.softpedia.com/news/2/200...ary/6918.shtml

Both have more info on the virus, I just haven't had time to post the info...might as well do it here.

[shawners]

This is why everyone in the world should put MICROSOFT.com email address in the address folder.. SO It all gets back to microsoft so they know how much they suck in making secure software. Possibly even shutting them down for a while.

[MoonMan]

http://www.sco.com/

Not sure if that is the actual site, but it is Feb 1 and the site is down for the count.

[method]

This has just reminded me.. I'm away for a week and I usually get about 50-60 of those damn emails a day!!

and shawners... good idea.. why stop at ms though.. riaa.com, baytsp.com.. all the a$$holes!! :)

While I do get annoyed by the spam caused, I'm not an imbecile so it never fools me... and although there's a little inconvenience from all the damn emails.. I'm GLAD someone is taking a strike at MS and SCO!!!

I guess I disagree with YWD67... but that's just 'coz I feel that whoever smacks the bitch that stopped linux from being free deserves a medal! ;)

[RJ5500]

lol.

I'm glad SCO is being brought down. They have the nerve to sue IBM over linux for about 249 lines of code (out of millions) that they "claim" are copyrighted to them

Truth be told, these lines of code have been for general public use for years and SCO's case doesn't hold any water.

Microsoft seems to always be a popular target for attack.

[method]

Well.. that's what gets me about SCO.. it's like the altnet patent bullshit.

corporate greed gone just a little too far. and by that... i mean too far to the point it's almost sickening. Any idea that anybody else could come up with gets blocked by means of a patent or overzealous copyright and the people who benefit are usually those who already have more money than they deserve!!