- The Washington Times - Sunday, February 1, 2004

A fast-spreading computer worm triggered an attack on the Web site of a prominent business software maker yesterday, flooding the company’s Web site with data and knocking it offline.

Computer security analysts said the MyDoom worm, which first appeared Jan. 26 and spread through e-mail to computers all over the world, caused thousands of infected machines to try to log onto the Web site of SCO Inc., a Linden, Utah, company that owns the UNIX operating system.

Internet traffic began directing itself to the site late Saturday evening, and by midnight it was unavailable. SCO voluntarily took its servers offline after the attack, and expects its Web site to be under assault until Feb. 12, when the worm expires. But the company said it is working on a plan to have the company’s site back online today.

“We plan to be up and running full speed ahead first thing [Monday] morning,” said SCO spokesman Blake Stowell.

The attack on the SCO Web site was not programmed to begin until about 11 a.m. EST yesterday, but some infected computers began targeting the site sooner because their internal clocks were set incorrectly, analysts say.

MyDoom, also known as W32Novarg.A, first created problems last week when it caused infected computers to send out unwanted e-mail messages to everyone listed in their e-mail address books. The messages featured subject lines like “Hi,” “test” or “Mail transaction failed,” and contained attachments that infected the computers when opened. At the worm’s peak, large companies were receiving more than 100,000 unwanted e-mails per hour, and some were forced to shut down e-mail systems.

But security specialists said yesterday the worm was slowing down. The attack on SCO’s Web site had little noticeable impact on the speed of the Internet as a whole. Large businesses, in particular, were successful in cleaning infected systems and preventing their computers from being used as part of the attack on SCO, security companies said.

“We can definitely say that corporate networks weren’t really affected by this,” said Vincent Weafer, a senior director with Symantec Security Response in San Mateo, Calif. “They were able to work around it.”

In addition to spreading mass amounts of unwanted e-mail, MyDoom enters computers and leaves behind a program that allows someone to control that computer remotely. Infected computers then could be used by spammers to send out mass amounts of e-mail advertisements anonymously.

Security analysts believe that whoever wrote the MyDoom worm is working in tandem with spammers, because the worm began its spread after being sent in spamlike fashion to millions of e-mail addresses.

A variant of MyDoom, known as MyDoom.b, also appeared last week, threatening to trigger an attack on Microsoft’s Web site. But security analysts said the variant was not fast-spreading, and that an attack was unlikely.

British Internet security firm Mi2g estimated that MyDoom is the most costly worm ever, causing at least $38.5 billion in economic damage, including loss of business and productivity, overtime payments for workers and the cost of recovery.

Mr. Stowell said the economic damage to SCO would be minimal because little of the company’s business is done through its Web site. But he said the company is taking the attack seriously, because it is the fourth of its kind in the past 10 months.

Both SCO and Microsoft have offered $250,000 rewards for anyone providing information that leads to the prosecution of MyDoom’s creator.

The FBI’s Cyber Crimes Division began an investigation and is looking into whether devotees of the Linux operating system are responsible. SCO recently sued IBM for copyright infringement, claiming the company took SCO’s Unix technology and built it into Linux.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide