Monday, February 2, 2004

Mydoom brings down SCO's Web site

By Mark Thiessen
The Associated Press

SALT LAKE CITY - A computer virus that targeted a small Utah software company performed as its perpetrators promised on Sunday, bringing down The SCO Group's Web site two days before a similar virus was programmed to attack Microsoft Corp.

The "Mydoom" or "Novarg" virus launched the attack early Sunday with hundreds of thousands of requests, which crippled the site, SCO spokesman Blake Stowell said.

The virus was spread last week by e-mail and caused infected computers to launch the electronic attack against SCO, which has been targeted at least twice this year with such attacks because of its threats to sue users of the Linux operating system in an intellectual property dispute.

On Tuesday, Lindon, Utah-based SCO announced a $250,000 reward for information leading to the arrest and conviction of Mydoom's creator. Stowell said the company believes someone within the Linux community is behind the worm.

Sunday's attack had a higher profile because the well-publicized Mydoom virus was involved, but that doesn't make the assault unique, a computer expert said.

"To SCO, it means quite a bit," said Marty Lindner, an analyst at US-CERT, a public-private partnership focused on Internet security. "But in the big scheme of things, this happens all the time."

Internet traffic to SCO's Web site began building late Saturday night, and overwhelmed it just after 12 a.m. EST.

"It's on the scale of hundreds of thousands of computers, all trying to access all at the same time, several times a minute," Stowell said. "Our capacity to be able to handle that amount of bandwidth, or the number of requests coming in, was completely saturated."

The attack is programmed to continue on SCO's Web site until Feb. 12, according to messages left inside the virus' code.

But Stowell said the company would announce a contingency plan Monday for customers to access the site. He declined to discuss those plans, citing hackers.

It will likely involve slightly altering the wording of SCO's Web address, said David Perry, a spokesman for antivirus firm Trend Micro.

SCO does not expect the Web site interruption to affect its business.

"The way we really look at this, people don't come to our Web site to conduct commerce," Stowell said. "They come to obtain information and maybe receive a product update or software patch."

The strain that shut down SCO's Web site was the Mydoom.A virus. Another strain, called Mydoom.B, is set to launch an attack Tuesday on Microsoft.

The companies have been sharing information about the virus and how each is addressing it. Microsoft also has offered a $250,000 reward to help catch those behind the virus.

Lindner said it's difficult to predict the same type of shutdown for Microsoft.

"Depending on the number of machines launching the attack, the outcomes could be the same or completely different," he said. "There are too many unknowns."


On the Net

SCO Group:

Microsoft Corp.:

Challenges don't slow Work Resource Center
Report shows labor market unbalanced
Super Bowl ads below belt
Eckberg: 'Early Riser' shift next trend?
Business People
Ford president predicts record sales
Oldsmobile dealers ready to bury oldest brand
Mydoom brings down SCO's Web site