pl.net closof 3-2-2004

Posted on 3-2-2004

Worm Closes US Software Website

by Tania Branigan, February 2, 2004, The Guardian

MyDoom, one of the fastest-spreading internet worms ever produced, hit its

target yesterday and shut down the American software company SCO's website

by flooding it with millions of requests.

Security experts believe a row about software ownership may be behind the

attack on the SCO Group, which was unable to defend its website despite

knowing the attack was on its way.

SCO has made itself unpopular by claiming that its intellectual property

had been illegally included in Linux, an open source operating system,

which means that its source code is freely available to everyone. Many

programmers hate the idea of people trying to own it.

MyDoom generates as many as one in nine of all the messages being sent

globally. It may have affected more than a million PCs. It first appeared

on Monday and in most cases seems to a message delivery failure notice.

The worm is activated when the user opens an attached file. It forwards

itself not only to all the addresses in the email system but to any

address it finds on the computer's hard drive, such as those on websites

which have been cached. It also "spoofs" email addresses - pretending to

come from a different user - so that recipients cannot tell who is

infected. It then causes the infected computer to launch a "denial of

service" attack on SCO's website by requesting it every 50 milliseconds.

SCO admitted yesterday that its servers had been unable to cope. "The

companies which are usually attacked are either anti-virus, anti-spam or

Microsoft," said Graham Cluley, senior technology consultant at the

software security firm Sophos. "You have to ask why SCO have been targeted

and there's been controversy around them ... because of the debate about

who owns Linux. It's made a lot of people very angry."

Most writers on open source discussion sites condemned the virus writer

yesterday, and Bruce Perens, a leading open-source programmer, issued a

statement suggesting that spammers had launched the virus to smear the

open source community, which has created anti-spam technology. He pointed

out that spammers often used denial of service attacks to shut down

opponents' websites.

Microsoft is the target of a variant, MyDoom.B, which will begin denial of

service attacks tomorrow, but is unlikely to be as badly affected as SCO.