[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Tuesday, 3 February, 2004, 15:15 GMT
Microsoft dodges Mydoom onslaught
Grab of Microsoft homepage, Microsoft
Microsoft's website is a Mydoom target
Microsoft has escaped unscathed from an attack by a variant of the Mydoom virus that struck today.

The software giant's technical resources, bugs in Mydoom.B and the limited spread of the virus all helped to cut damage to a minimum.

The response times of the Microsoft website targeted in the attack have remained largely unchanged.

By contrast SCO's website has been unreachable for days thanks to the data barrage launched by the virus.

Attack plan

The attack on www.microsoft.com started at 13:09 GMT on 3 February and involved all those machines infected by the B variant of the Mydoom virus.

From: random e-mail address
To: address of the recipient
Subject: random words
Message body: several different mail error messages, such as: Mail transaction failed. Partial message is available
Attachment (with a textfile icon): random name ending with ZIP, BAT, CMD, EXE, PIF or SCR extension
When a user clicks on the attachment, the worm will start Notepad, filled with random characters

Although Mydoom.A has infected hundreds of thousands of PCs, Mydoom.B has not spread anywhere near as widely.

As a result Microsoft had to weather an attack carried out by a fraction of the number of machines that helped bombard the SCO website with data.

In addition, analysis of the code inside Mydoom.B revealed that only a fraction of these compromised machines will bombard microsoft.com with data at any one time.

The Microsoft website is visited by millions of people everyday which makes it much more likely to cope with a sudden surge in traffic.

As a result when 13:09 GMT ticked round the Microsoft website did not even wobble.

Net monitoring firm Netcraft has been keeping an eye on response times of the websites under attack by Mydoom and it recorded a tiny shift that would go un-noticed by most people visiting the Microsoft site.

"The very small number of reports of Mydoom.B suggests that the attack on Microsoft will fail," said Graham Cluley, technology consultant at anti-virus firm Sophos.

"You are more likely to have seen the worm in newspaper headlines than in your e-mail inbox."

Despite the predictions that the attack would fail Microsoft took some steps just in case the virus proved more successful than people expected.

Waning threat

The webmasters behind microsoft.com changed a key parameter of the site to help them if they suddenly have to move it to a new net location.

Install an anti-virus program.
Keep it up to date
Get the latest patches and updates for your operating system
Never automatically open e-mail attachments
Download or purchase software from trusted, reputable sources
Make backups of important files
By contrast the sco.com website, which was the main target of Mydoom.A, has been offline ever since the attack began.

SCO has been involved in a legal row with the open-source community, after claiming versions of the Linux operating system used code it said it owned.

The US firm has set up a temporary website at www.thescogroup.com until the digital barrage on http://www.sco.com ends. The attack is due to finish on 12 February.

At its peak Mydoom.A was thought to have infected more than a million machines.

However this number is now thought to have shrunk to about 500,000 as businesses and home users infected by the virus clean up their machines.

The Mydoom virus gets its name from a spelling mistake in the code inside the virus. Instead of writing "my domain" the creator wrote "my doomain".

Since it first appeared on 26 January Mydoom has become the fastest spreading virus in net history. At its peak one in 12 of all e-mail messages were infected with it.

The virus is thought to have spread so widely because some of the subject lines it uses make it appear to be a technical message purportedly containing an undeliverable e-mail message.

Many people opened the message to find out which of their messages had not got through.

No end in sight to Mydoom virus
02 Feb 04  |  Technology
Mydoom cripples US firm's website
01 Feb 04  |  Technology
Q&A: The Mydoom virus
29 Jan 04  |  Technology
Mydoom creator hunt intensifies
30 Jan 04  |  Technology
E-mail virus takes on new guise
30 Jan 04  |  Technology
Bounty on creators of e-mail worm
28 Jan 04  |  Technology
Mydoom virus 'biggest in months'
27 Jan 04  |  Technology

The BBC is not responsible for the content of external internet sites


News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific