Computers infected with the Mydoom worm launched a massive attack against the Web site of Unix software maker The SCO Group,
Inc. Sunday, cutting off access to the company's Web site.
The so-called "distributed denial-of-service" (or DDoS) attack began early Sunday as Mydoom-infected computers worldwide followed
instructions to send messages to www.sco.com, overloading the company's Web servers. It is one of the largest DDoS attacks
on record, antivirus experts said.
In a statement, SCO confirmed the attack, saying that requests sent to www.sco.com from Mydoom-infected computers were responsible
for making its Web site "completely unavailable" Sunday. The company is working on "contingency plans" to deal with the DDoS
problem, but would not have more information before Monday morning, SCO said.
SCO's Web site was already slowed last week by traffic from Mydoom machines with incorrect clocks. However, the site became
totally unreachable shortly after 5:00 PM Pacific Time Saturday, when infected machines in Asia began registering the new
day, said Craig Schmugar, antivirus researcher at Network Associates Inc.'s (NAI) McAfee antivirus division.
The attack is caused by thousands of infected machines sending "get" requests to SCO's Web servers simultaneously. That is
akin to what happens when individual users point their Web browser to www.sco.com. The large numbers of machines requesting
the site simultaneously produces the attack, overwhelming SCO's Web infrastructure, Schmugar said.
The attack is one of the largest DDoS attacks linked to a virus infection, but is not effecting traffic on the rest of the
Internet, he said.
Estimates of the number of machines infected by Mydoom vary widely. F-Secure Corp. of Helsinki said that as many as one million
machines may have the virus. NAI puts the number at around 500,000 systems.
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
