News

Mydoom software worm knocks out SCO website

February 2, 2004 /

MATR Sponsor (view all)


PFL Tech Inc. is a marketing technology company that provides sales enablement and marketing automation solutions, as well asprinting, mailing, and fulfillment services. They also provide some great Montana Jobs.

, 2/2/2004

Computer users and security experts had nearly a week’s warning to prepare for the impact of the Mydoom software worm. It wasn’t enough.

The worm, which swept across the Internet last week, delivered its payoff yesterday. Infected machines launched an attack that shut down the website of SCO Group Inc., a Utah software company that has drawn the ire of Linux advocates for its dispute with IBM Corp. over the free operating system.

By Hiawatha Bray, Globe Staff

http://www.boston.com/business/articles/2004/02/02/mydoom_software_worm_knocks_out_sco_website/

An official of US-CERT, the federal Computer Emergency Readiness Team, said the Mydoom attack was little more than a minor nuisance for the Internet as a whole, and a SCO spokesman said it would have little effect on the company’s ability to do business.

But the incident nonetheless demonstrated that the world’s top Internet security experts still don’t know how to prevent such attacks.

"In future designs of the network, we need to take account of these kinds of attacks and put things in place to help deal with the effects," said US-CERT analyst Richard Pethia.

The Mydoom worm, which is deployed by infected files attached to e-mail messages, made its Internet debut last week and has become one of the fastest-spreading worms of all time. Many corporate e-mail systems were bogged down by the huge numbers of messages pumped out by infected machines.

Antivirus experts discovered that the worm was programmed to attack the SCO website from Feb. 1 through Feb. 12. Each infected machine sends a stream of data requests to the website. If enough computers do it at the same time, the SCO site is overwhelmed by the traffic.

That’s what began happening Saturday night, as infected machines in Asia began the attack, along with other computers with incorrectly set internal clocks. By midnight Boston time, the torrent of incoming packets was too much, and SCO shut down its Web server computer.

"It’s as bad as we thought it would be, that’s for sure," said SCO spokesman Blake Stowell. And it won’t get any better for nearly two weeks, unless people with Mydoom-infected computers clean them up. Stowell said SCO isn’t counting on that.

"We have some contingency plans in place," he said, which could restore the website by this morning, perhaps by moving it to a different address that the Mydoom worm won’t attack. In any case, Stowell said that his company does little revenue-generating business on its website, so losing it won’t cause much harm to ongoing operations.

SCO attracted the wrath of many software designers when it sued IBM Corp. for allegedly stealing SCO’s intellectual property and incorporating it in the free Linux operating system. SCO, which sells the Unix operating system, claims that IBM’s activities are undercutting the value of its Unix code. IBM denies any wrongdoing.

Many security experts believe the Mydoom worm was created by Linux supporters as a form of protest against SCO’s actions. But one prominent Linux advocate, programmer Bruce Perens, last week suggested that SCO itself might have created the worm in hopes that it would be blamed on disgruntled Linux supporters. SCO’s Stowell rejected this charge.

US-CERT analyst Pethia said that the Mydoom worm attack was receiving undue media attention, because it was having hardly any effect on the overall functioning of the Internet.

"This one’s not that bad," he said.

But other security experts said the incident shows the perils posed by millions of home computers that aren’t properly secured. Craig Schmugar, virus research manager for Network Associates Inc. in Santa Clara, Calif., said the infected computers are "probably more home users than corporate."

For one thing, he said, millions of corporate machines are shut down over the weekend. Besides, corporate managers can easily configure their networks to prevent any infected machines from attacking the SCO website.

However, millions of home computers with broadband Internet connections don’t have firewalls or antivirus software, leaving them unprotected against Mydoom and other worms.

"I’m hoping to see shifts in the thinking of the home broadband providers," said Lloyd Taylor, vice president of technology and operations at Keynote Systems Inc., a network research company in San Mateo, Calif.

For example, companies that provide DSL and cable modem service to home users might begin including antivirus and firewall protection as part of the service.

Even so, this will be of little benefit to SCO Group as it fends off the Mydoom worm. And the worm possibly could gain a much larger victim: A variant of the worm, called Mydoom B, is programmed to attack the website of Microsoft Corp. beginning tomorrow.

However, a number of security experts said that they’d seen few machines infected by Mydoom B, so this worm’s attack will probably be far less effective.

Hiawatha Bray can be reached at [email protected].
© Copyright 2004 Globe Newspaper Company.

MATR Supporters (view all)


For over 25 years, Zoot Enterprises has been a global provider of advanced origination, acquisition, and decision management solutions.

Big Sky EDA- Building Businesses and Creating Jobs in the Greater Billings, Montana area

Montana Technology Innovation Partnership (MTIP)- Promoting Technology Commercialization in the State of Montana.
Posted in:

Sorry, we couldn't find any posts. Please try a different search.

Leave a Comment

You must be logged in to post a comment.