By Jeff Pelline, 2 February 2004 08:15
NEWS The MyDoom computer virus knocked out SCO Group's website on Sunday, and the company expects the massive denial-of-service attack to continue until 12 February.
SCO said an onslaught of data had made its website "completely unavailable". The attack began Saturday night and by Sunday morning the software firm's site was completely flooded with requests, Utah-based SCO said.
"This large scale attack, caused by the MyDoom computer virus that is estimated to have infected hundreds of thousands of computers around the world, is now overwhelming the Internet to requests www.sco.com," Jeff Carlon, SCO's director of information technology, said in a statement.
SCO had posted the statement on its website. But at 7:00 AM. PST the site could not be accessed. SCO spokesman Blake Stowell read the firm's statement from his home in Utah.
While infected PCs were supposed to start inundating the main SCO website with data starting at 4:09 PM GMT (8:09 am PST), the site had been nearly inaccessible for a 16-hour period prior to the scheduled start of the attack, according to internet performance measurement firm Netcraft. The outage could have been due to a large number of infected computers having their clocks set to the wrong time.
SCO confirmed that the site had been deluged with data hours earlier than the official start of the attack. "Internet traffic began building momentum on Saturday evening and by midnight eastern time the SCO website was flooded with requests beyond its capacity," the company said in its statement.
The speed and severity of the attack surprised security officials. "This is the biggest single [denial of service] attack ever," Mikko Hypponen, director of anti-virus research at F-Secure, wrote in an update on the security company's website. "We estimate the total amount of infected computers to be over one million. Of those, only the computers that have been rebooted [or infected] today are actually attacking."
SCO had been targeted for the denial-of-service attack last week. At the time, SCO had said it hoped to keep its website running and had contingency plans in place.
In its statement on Sunday, SCO it still "had a series of contingency plans to deal with this problem", but would wait until Monday - at about 5:00 AM. PST - to communicate them.
"We didn't expect a lot of business on Super Bowl Sunday," Stowell said, explaining the reason to hold off on the contingency plans. The site attracts an estimated hundreds of thousands of users each week, he said. The site is used to communicate information about SCO as well as provide software updates and patches.
SCO has incurred the wrath of the Linux community for its claims that important pieces of the open source OS are covered by SCO's Unix copyrights. IBM, Novell and other Linux backers strongly dispute the claims.
SCO has offered a $250,000 bounty for information leading to the arrest and conviction those who are responsible for the virus.
MyDoom is one of the fastest-growing worms ever. The bug raced onto the internet last Monday, quickly clogging email servers. Some analysts speculate the worm is of Russian origin.
A variant of MyDoom is expected to attack Microsoft's main website on Tuesday. Microsoft also has offered a $250,000 bounty to catch the worm's perpetrator.
The attack aimed at Microsoft by computers infected with the B variant of MyDoom is not expected to have as much effect because that version hasn't spread as widely, said Vincent Weafer, a senior director at computer-security company Symantec.
"Really, we are seeing very little of the B variant," he said.
The original virus, which only attacks the SCO site, is continuing its attempts at spreading, he added. During the height of the epidemic, the company received about 150 submissions of the virus every hour from companies and home users. Now, Symantec is seeing about half that rate of submissions, mainly from home users.
"The virus is not dropping off as fast as we had expected," he said.
Jeff Pelline writes for CNET News.com. Robert Lemos contributed to this report.
Comments
There are 5 comments. Join the discussion
1. Knut Boehnert
Can't help to giggle reading this. Yes, it's illegal to throw a spanner into someone else's machinery. It is morally wrong to stop someone else's work ability.
But still I can't help to giggle. Because what else is SCO doing to the Linux world, to the job security of Linux professionals, to companies worldwide for using so far legal software?
Maybe it's good to get a dose of your own misbehavings dealt to you from time to time. Never fails to wake me up and realise I'm wrong.
2. Stanislav Dmitriev
To my opinion the responsibility for widespreading of computer viruses is entirely on the US Congress and Microsoft. The first is responsible for the foolish legislation; allowing Bill Gates (and the like) to issue a dangerous PRODUCTS that are not considered such by legislation and thus loading a burden on fighting with viruses on the end user and not on the company that produces these dangerous products. The gilt of the second is quite obvious - their Windows systems are going to market in the raw form - to add some more billions to Mr. Gates fortune. And they are virus vulnerable by definition.
I think there are two parallel ways to minimize (and, possibly - stop) spreading of viruses and (to some extent) spam.
The first is purely legislative - to demand that software vendor producing operational systems should pay for development and support of global antiviral network and that the Internet providers should control OUTGOING mail for viruses (and spam).
There is also a need to forbid Microsoft (at least) any advertising (or anti-advertising) as they are now the facto global OS monopoly and use their current possibilities to throttle any possible competitor in the childhood.
The second - (unless such a legislation passed) - to convince antiviral and antispam software vendors to create the versions of their software for control of outgoing post (for viruses and spam - with the exception that viruses might by sent to listed anti-viral labs post boxes) and convince the providers to install such systems.
The check of incoming mail, currently used by many providers is a good option, but if someone got the virus from another source, it is of no use. And though anti-spam check of incoming post helps a bit, it still leaves the entrance door wide open.
3. anonymous
Rather than offering 250K to catch a theif. When will OS providers build in free anti-virus software. Or are they worried about law suites from Symantec & other anti-virus subscription based service providers
4. jason
I am a developer on IBM platforms including as/400 and Websphere. As well as .Net for some projects.
I think the linux community is a bunch of retards. Things like this make me realize that.
What a bunch of morons.
5. fnord
What exactly is your point jason? So far you've only dazzled us with your obvious wit and intellect...