WASHINGTON (AFP) – The Internet’s most voracious
worm ever appeared to wane after bringing down a website operated by US software
maker SCO Group and forcing the company to set up a new domain name.
Analysts said the worm had infected over one million computers worldwide and
highlighted the vulnerability of the Internet to infections that allow affected
Ãƒâ€šÃ‚Â computers to be controlled for hacker attacks.
“The question that must be asked at this stage is how easy would it be for a
potential extremist to hold our computer dependent society to ransom using
MyDoom type sophisticated threats,” the Internet security firm mi2g said in a
“The more we study MyDoom the more clear it becomes that the perpetrator is a
clever strategist combined with being a sophisticated programmer,” said DK
Matai, executive chairman of mi2g.
“Especially because SCO had five days advance notice to prepare.”
SCO, the US-based software firm that owns the Unix operating system for large server computers, was shut down Sunday
though a so-called denial-of-service attack, with infected computers bombarding
its www.sco.com site with information requests over 60 times a minute.
SCO said Monday it was setting up a new domain www.thescogroup.com as the
company’s website through February 12.
“The company is putting this alternative Web address in place because the
recently announced Mydoom or Novarg virus creates an attack that is designed to
prevent access to www.sco.com,” it said in a statement.
“Increased traffic has already begun hitting www.sco.com
‘http://www.sco.com/’ in the last couple of days,” said Jeff Carlon, director of
SCO’s worldwide IT infrastructure.
“We expect hundreds of thousands of attacks on www.sco.com
‘http://www.sco.com/’ because of these viruses … SCO has developed layers of
F-Secure Corporation in Finland estimated at least one million computers had
been infected by Mydoom and thus programmed to participate.
“As the attack started by Mydoom is a simple overload-the-website attack, it
should have very little effects to the rest of the Net,” F-Secure said.
“This simply is an extreme case of “slashdotting”, where a site gets suddenly
its traffic increased massively, overloading the server. And it will continue
until 12th of February, as the worm has been programmed to stop its operations
A variant of the bug dubbed mydoom.b was set to launch a similar attack on
Microsoft’s main website, but experts said this bug may not be as rampant and
that Microsoft may be prepared to deal with the incident.
But Steve Trebbe at F-Secure said another potential problem is that the bugs
open up computers to hacker control for other purposes by installing a so-called
“backdoor Trojan” program.
“We’re more concerned about the potential backdoor and we think this
(denial-of-service effort) is just a ruse for the true intent of the virus,” he
“Our speculation is that it’s possibly spammers,” who would bombard the Web
with e-mail ads in the hopes of generating money.
The “Mydoom” e-mail worm, considered by Internet security experts to be the
“fastest spreading e-mail worm in history.”
Experts fear the super bug could receive a boost Monday morning as thousands
of computer users, particularly in the United States, switch on their office
computers following the weekend break.
The Mydoom worm has left hundreds of thousands of computers vulnerable to
hackers, spammers and other cyberspace outlaws and its economic fallout has been
estimated at 38.5 billion dollars so far, according to mi2g.
The hunt for the creators of the virus has so far proved fruitless although
suspicion is centering on Russia, where Mydoom first appeared.
Microsoft and SCO have offered a 500,000-dollar reward for information
leading to the arrest and prosecution of Mydoom’s authors.