SCO shaken by 'biggest ever' DOS attack
Published: 02 Feb 2004 08:15 GMT
The MyDoom computer virus knocked out SCO Group's Web site on Sunday, and the company expects the massive denial-of-service attack to continue until 12 February.
SCO said an onslaught of data had made its Web site "completely unavailable." The attack began on Saturday night, and by Sunday morning, the software firm's site was completely flooded with requests, SCO said.
"This large scale attack, caused by the MyDoom computer virus that is estimated to have infected hundreds of thousands of computers around the world, is now overwhelming the Internet," Jeff Carlon, SCO's director of Information Technology, said in a statement.
SCO had posted the statement on its Web site. But at 7 a.m. (PST) the site could not be accessed. SCO spokesman Blake Stowell read the firm's statement from his home in Utah.
While infected PCs were supposed to start inundating the main SCO Web site with data starting at 4:09 p.m. (GMT), the site had been nearly inaccessible for a 16-hour period prior to the scheduled start of the attack, according to Internet performance measurement firm Netcraft. The outage could have been due to a large number of infected computers having their clocks set to the wrong time.
SCO confirmed that the site had been deluged with data hours earlier than the official start of the attack. "Internet traffic began building momentum on Saturday evening and by midnight eastern time, the SCO Web site was flooded with requests beyond its capacity," the company said in its statement.
The speed and severity of the attack surprised security officials. "This is the biggest single [denial of service] attack ever," Mikko Hypponen, director of antivirus research at F-Secure, wrote in an update on the security company's Web site. "We estimate the total amount of infected computers to be over one million. Of those, only the computers that have been rebooted today are actually attacking."
SCO had been targeted for the denial-of-service attack last week. At the time, SCO had said it hoped to keep its Web site running and had contingency plans in place.
In its statement on Sunday, SCO it still "had a series of contingency plans to deal with this problem," but would wait until Monday -- at about 5 a.m. (PST) -- to communicate them.
"We didn't expect a lot of business on Super Bowl Sunday," Stowell said, explaining the reason to hold off on the contingency plans. The site attracts an estimated hundreds of thousands of users each week, he said. The site is used to communicate information about SCO as well as provide software updates and patches.
SCO has incurred the wrath of the Linux community for its claims that important pieces of the open-source OS are covered by SCO's Unix copyrights. IBM, Novell and other Linux backers strongly dispute the claims.
SCO has offered a $250,000 (£137,343) bounty for information leading to the arrest and conviction those who are responsible for the virus.
MyDoom is one of the fastest-growing worms ever. The bug raced onto the Internet on Monday, quickly clogging email servers. Some analysts speculate the worm is of Russian origin.
A variant of MyDoom is expected to attack Microsoft's main Web site on Tuesday. Microsoft also has offered a $250,000 bounty to catch the worm's perpetrator.
The attack aimed at Microsoft by computers infected with the B variant of MyDoom is not expected to have as much effect because that version hasn't spread as widely, said Vincent Weafer, a senior director at computer-security company Symantec.
"Really, we are seeing very little of the B variant," he said.
The original virus, which only attacks the SCO site, is continuing its attempts at spreading, he added. During the height of the epidemic, the company received about 150 submissions of the virus every hour from companies and home users. Now, Symantec is seeing about half that rate of submissions, mainly from home users.
"The virus is not dropping off as fast as we had expected," he said.
CNET News.com's Robert Lemos contributed to this report.
Did you find this article useful? Full Talkback thread 3 comments
92 out of 184 people found this useful
