BBC NEWS | Technology | Mydoom cripples US firm's website

BBC NEWS / TECHNOLOGY
Graphics Version BBC Sport Home

Sunday, 1 February, 2004, 19:06 GMT

Mydoom cripples US firm's website

The Mydoom e-mail worm has paralysed the website of US software firm SCO, in a massive denial of service attack.

The company - which owns the source code of the Unix operating system - said the virus was "overwhelming the internet with requests to www.sco.com".

Both SCO and Microsoft have offered $250,000 rewards each for help to catch the author of the worm - the fastest-spreading virus known so far.

A variant of the virus is expected to attack Microsoft's site from Tuesday.

The first version of the virus, Mydoom.A - also known as Novarg or Shimgapi - emerged last Monday in the form of a spam e-mail message that contained a well-disguised virus attachment.

MYDOOM DETAILS

From: random e-mail address

To: address of the recipient

Subject: random words

Message body: several different mail error messages, such as: Mail transaction failed. Partial message is available

Attachment (with a textfile icon): random name ending with ZIP, BAT, CMD, EXE, PIF or SCR extension

When a user clicks on the attachment, the worm will start Notepad, filled with random characters

Utah-based SCO said that by 0500 GMT on Sunday its website was flooded with requests beyond its capacity.

SCO has been involved in a legal row with the open-source community, after claiming versions of the Linux operating system used code it said it owned.

Mydoom.A is set to become ineffective on 12 February.

Experts say Mydoom.A and its successor, Mydoom.B, accounted for 30% of all e-mail traffic at their peak, beating all previous records for virus infections.

The worm - which opens up security holes - has left hundreds of thousands of computers vulnerable to hackers and spammers and the economic cost has been estimated at $26.1bn so far.

The BBC's Kevin Anderson in Washington reports that infections were still doubling daily over the weekend.

"While we expect this attack to continue throughout the next few weeks, we have a series of contingency plans to deal with this problem and we will begin communicating those plans on Monday morning," said Jeff Carlon, worldwide director of Information Technology infrastructure at SCO Group.

Backdoor access

The Mydoom e-mail attachment sends itself out to other addresses if opened, and may allow unauthorised access to computers.

PROTECT YOURSELF FROM VIRUSES

Install an anti-virus program.

Keep it up to date

Get the latest patches and updates for your operating system

Never automatically open e-mail attachments

Download or purchase software from trusted, reputable sources

Make backups of important files

It only affects computers using Microsoft Windows and also spreads through file-sharing networks, like Kazaa, installing a "backdoor" onto machines if launched.

An infected computer could allow attackers to get unauthorised access to a user's machine and use it to bring down websites, according to security experts.

It does not take advantage of any flaws in Windows software. Instead, many of the e-mails appear to have been sent from organisations like charities or educational institutions, to fool recipients into opening it.

E-mail this to a friend

Related to this story:
Q&A: The Mydoom virus (29 Jan 04 | Technology )
Mydoom creator hunt intensifies (30 Jan 04 | Technology )
E-mail virus takes on new guise (30 Jan 04 | Technology )
Bounty on creators of e-mail worm (28 Jan 04 | Technology )
Mydoom virus 'biggest in months' (27 Jan 04 | Technology )
Linux users face licence cash call (16 Jan 04 | Technology )
Fighting viruses on the frontline (22 Aug 03 | Technology )

RELATED INTERNET LINKS:
Symantec
Sophos
Network Associates
MessageLabs
SCO
Symantec virus removal tools
F-Secure
Microsoft
The BBC is not responsible for the content of external internet sites