Advertisement
Promo

Security threats Toolkit

SCO shaken by 'biggest ever' DOS attack

Jeff Pelline CNET News

Published: 02 Feb 2004 08:15 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

The MyDoom computer virus knocked out SCO Group's Web site on Sunday, and the company expects the massive denial-of-service attack to continue until 12 February.

SCO said an onslaught of data had made its Web site "completely unavailable." The attack began on Saturday night, and by Sunday morning, the software firm's site was completely flooded with requests, SCO said.

"This large scale attack, caused by the MyDoom computer virus that is estimated to have infected hundreds of thousands of computers around the world, is now overwhelming the Internet," Jeff Carlon, SCO's director of Information Technology, said in a statement.

SCO had posted the statement on its Web site. But at 7 a.m. (PST) the site could not be accessed. SCO spokesman Blake Stowell read the firm's statement from his home in Utah.

While infected PCs were supposed to start inundating the main SCO Web site with data starting at 4:09 p.m. (GMT), the site had been nearly inaccessible for a 16-hour period prior to the scheduled start of the attack, according to Internet performance measurement firm Netcraft. The outage could have been due to a large number of infected computers having their clocks set to the wrong time.

SCO confirmed that the site had been deluged with data hours earlier than the official start of the attack. "Internet traffic began building momentum on Saturday evening and by midnight eastern time, the SCO Web site was flooded with requests beyond its capacity," the company said in its statement.

The speed and severity of the attack surprised security officials. "This is the biggest single [denial of service] attack ever," Mikko Hypponen, director of antivirus research at F-Secure, wrote in an update on the security company's Web site. "We estimate the total amount of infected computers to be over one million. Of those, only the computers that have been rebooted today are actually attacking."

SCO had been targeted for the denial-of-service attack last week. At the time, SCO had said it hoped to keep its Web site running and had contingency plans in place.

In its statement on Sunday, SCO it still "had a series of contingency plans to deal with this problem," but would wait until Monday -- at about 5 a.m. (PST) -- to communicate them.

"We didn't expect a lot of business on Super Bowl Sunday," Stowell said, explaining the reason to hold off on the contingency plans. The site attracts an estimated hundreds of thousands of users each week, he said. The site is used to communicate information about SCO as well as provide software updates and patches.

SCO has incurred the wrath of the Linux community for its claims that important pieces of the open-source OS are covered by SCO's Unix copyrights. IBM, Novell and other Linux backers strongly dispute the claims.

SCO has offered a $250,000 (£137,343) bounty for information leading to the arrest and conviction those who are responsible for the virus.

MyDoom is one of the fastest-growing worms ever. The bug raced onto the Internet on Monday, quickly clogging email servers. Some analysts speculate the worm is of Russian origin.

A variant of MyDoom is expected to attack Microsoft's main Web site on Tuesday. Microsoft also has offered a $250,000 bounty to catch the worm's perpetrator.

The attack aimed at Microsoft by computers infected with the B variant of MyDoom is not expected to have as much effect because that version hasn't spread as widely, said Vincent Weafer, a senior director at computer-security company Symantec.

"Really, we are seeing very little of the B variant," he said.

The original virus, which only attacks the SCO site, is continuing its attempts at spreading, he added. During the height of the epidemic, the company received about 150 submissions of the virus every hour from companies and home users. Now, Symantec is seeing about half that rate of submissions, mainly from home users.

"The virus is not dropping off as fast as we had expected," he said.

CNET News.com's Robert Lemos contributed to this report.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
92 out of 188 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

3 comments

  1. i recive email whit virus 2-3 letter per-day,whit... basher13
  2. Personally if the MyDoom virus only attakcs SCO co... Richard Green
  3. This not about the community Unix/Linux but this a... basher13

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:




Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

McKinnon lawyers seek judicial review

Lawyers seeking a judicial review for Nasa hacker Gary McKinnon lodged fresh evidence of his psychiatric state at the High Court on Thursday. Karen Todner, McKinnon's solicitor,... More

1 comment

Beware of keeping your head in the clo...

Information security professionals can look forward to a deepening appreciation for their skills as security continues to be recognised as an essential element for doing business in... More

1 comment

Civil liberties groups attack file-sha...

Civil liberties and digital rights organisations have strongly criticised Lord Mandelson's Digital Economy Bill. Liberty said in a position paper on Tuesday that the bill, part of... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters