• silicon.com
• Technology
• Security

By Robert Lemos, 4 February 2004 09:40

NEWS The start of a data flood by PCs infected with the MyDoom.B virus had little impact on Microsoft's main website on Tuesday, according to internet watchers.

The virus, which has spread less widely than the original MyDoom program, tries to connect to the Microsoft home page 10 times every three seconds. Those additional requests resulted in a drop in performance of maybe 10 per cent to 20 per cent, compared with previous Tuesdays, said Ken Godskind, vice president of marketing at web hosting and monitoring company AlertSite.

"If I had to hazard a guess, I would say that Microsoft was well prepared for this event, because they have had no availability issues," Godskind said.

Moreover, the web site was easier to connect to on Tuesday than on the previous day, when Microsoft released a security update for the enormous installed base of Windows users. That suggests that the effect of the denial-of-service attack on the company's network was less than that seen in its normal run of business.

"It makes sense," Godskind said. "When Microsoft has an update, how many million people come and have to update their browsers?"

Microsoft wouldn't comment on the issue, except to say that its administrators have worked hard the past two days to prepare for the MyDoom attack.

The first version of MyDoom spread through email a week ago, infecting a new computer every time an unwary user opened the attached filed that contained the program. As many as two million PCs may have been infected, according to some estimates. The original virus was programmed to attack the SCO Group's website last Sunday, while the variant MyDoom.B was scheduled to target Microsoft on Tuesday and to keep up the attack until 1 March.

On Saturday, SCO started coming under attack by PCs infected with the original version of the MyDoom virus. The attack, scheduled to start Sunday at 8:09 US west coast time, may have been kicked off early by numerous PCs, whose clocks had been set to the wrong time. By early Sunday, SCO had removed its website from the domain name system, the internet version of the Yellow Pages, so that the attacking computers could no longer find the numerical address of its server.

Microsoft appears to have suffered less from its MyDoom strike. However, the second virus hasn't spread as far as the original program, and a bug in the code apparently means that only seven per cent of all infected computers will attack at the same time.

Netcraft, which monitors internet performance, has noted a few failures to connect to Microsoft's main site but said that otherwise, "it's been pretty much business as usual for the website to date, with most response times little different from any other day."

Microsoft has created an alternate website for people whose PCs are infected with MyDoom.B and who want to get security information but cannot contact the main site because of a mechanism in the virus that blocks some 65 websites, including Microsoft's home page. The alternate site, which starts with "information" rather than "www," lets people see the regular home page content.

Microsoft and SCO have each offered a reward of $250,000 for locating the creators of the MyDoom and MyDoom.B viruses.

Robert Lemos writes for CNET News.com