CSN & LNX FLASH: Huge MyDoom Zombie Army Wipes Out SCO

[Dave Farber <dave () farber net>]

Delivered-To: dfarber+ () ux13 sp cs cmu edu
Date: Sun, 01 Feb 2004 13:33:31 -0500
From: paperboy () g2news com
Subject: CSN & LNX FLASH: Huge MyDoom Zombie Army Wipes Out SCO
To: dave () farber net

    Client Server NEWS & LinuxGram 533.1 NewsFlash
Competitive Intelligence about Servers, Storage & Related Phenomena

Huge MyDoom Zombie Army Wipes Out SCO

Sunday, February 1, 2004 - The first of the hundreds of thousands of
MyDoom-infected PCs worldwide started bombarding the SCO Group's web
site www.sco.com on what was still Saturday in the US as Australia,
New Zealand, Japan, China, Singapore and other Asian countries moved
into Sunday February 1, when MyDoom had scheduled the attack on SCO
to start. Machines set to the wrong time were also recruited.

At 4 am Sunday morning New York time a besieged SCO sent out a
message saying that a large-scale Denial of Service attack had
overwhelmed its site. Independent experts such as UK-based mi2g
confirmed that SCO was paralyzed.

According to mi2g,"All legitimate requests to download pages from
several cities across the globe were completely timing out as of
20:00 hours GMT" Saturday and "since then there has been no sign of
capability to serve web pages or entertain http requests by
www.sco.com including all of Sunday."

Based on what is known about the virus, SCO said it expected the
attacks to continue through February 12. A separate, ostensibly
smaller MyDoom.b wave is expected to hit SCO on Tuesday when the
virus is also supposed to launch an attack against Microsoft.

Jeff Carlon, SCO's unenviable worldwide director of IT
infrastructure, promised "a series of contingency plans" that will
undoubtedly involve moving the site around to other URLs.

In a prepared statement, Carlon said to stand by for SCO to take
action on Monday. On Sunday, mi2g was wondering why SCO's senior
management had yet to take www.sco.com out of the Domain name server
(DNS) system or redirect the http requests elsewhere.

Virus experts at the Kaspersky Laboratory in Moscow say the virus
started in Russia, according to the Itar-Tass news service. Western
experts seem to agree.

At a news conference on Friday, Kaspersky said MyDoom's perpetrator
or perpetrators appear to retrieve secret information from infected
computers that they can sell, Tass said. They can also profit from
circulating spam using the address books culled from the infected
computers.

Mi2g figures MyDoom is now the most destructive virus ever, beating
the record set by SoBig. The British virus watcher calculates that
MyDoom has done $38.5 billion worth of damage so far in terms of
overtime payments, contingency outsourcing, loss of business,
bandwidth clogging, productivity erosion, management time
reallocation, cost of recovery and software upgrades

The only good news mi2g has to report is that the number of new
MyDoom infections worldwide had slowed down somewhat on Sunday. It
said, "Only about 10 of the top 50 web hosts and ISPs in the world
are showing any signs of abnormal delay on their networks or
periodic failed requests made to their web site at this stage.

More alarming, however, is mi2g's conclusion that the perpetrator of
MyDoom is a "clever strategist combined with being a sophisticated
programmer."



Client Server NEWS 2000 is published weekly by G2 Computer
Intelligence Inc. http://www.g2news.com  323 Glen Cove Ave.; Sea
Cliff, NY 11579, USA;
Tel.:516 759-7025 Fax: 516 759-7028.
Send press releases to news () g2news com

Subscription price per year: $595/£395 individual reader. Corporate
Subscription available at quantity discounts.  paperboy () g2news com

(c) Copyright 2004: While we are flattered that some of our readers
may want to pass along copies of our stories to customers, clients,
associates, friends, family and co-workers, please know that this
practice is illegal, violates our intellectual property rights and
undermines our efforts to bring you the kind of reporting you've
come to expect.

And, so the legalese:
It is illegal to reproduce, copy, photocopy, forward, e-mail,
publish, broadcast, post on an Internet/Intranet site, rewrite,
store in a retrieval system or otherwise distribute this publication
or any portion of this publication or any article in whole or in
part by any means, mechanical, photocopying, recording or otherwise
without the prior written permission of G2 Computer Intelligence.

Comments? Subscription? Permission to post to a web site? Reprint
info?: e-mail: paperboy () g2news com
--------------------




             - - - - - - - - - - - -

Catch up on all the e-commerce news:  www.onlinereporter.com
Linux business news is at www.linuxgram.com

Client Server News, The Online Reporter and LinuxGram are
published weekly by G2 Computer Intelligence Inc.
http://www.g2news.com ; 323 Glen Cove Avenue; Sea Cliff, NY 11579
USA;
Tel.:516 759-7025 Fax: 516 759-7028.
Send press releases to news () g2news com
Available at quantity discount to associations, groups, departments
and companies. paperboy () g2news com

Europe:  Simon Thompson  simon () g2news com
Tel: +44 (0)1280 820560; Fax: +44 (0)1280 820554

(c) Copyright 2004, G2 Computer Intelligence, Inc.

Comments? Subscription, permission to post to a web site or reprint
info?: e-mail: paperboy () g2news com



-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/