|
The MyDoom computer virus knocked out SCO Group's
Web site on Sunday, and the company expects the massive
denial-of-service attack to continue until 12 February.
SCO said an onslaught of data had made its Web
site "completely unavailable." The attack began on Saturday night, and
by Sunday morning, the software firm's site was completely flooded with
requests, SCO said.
"This large scale attack, caused by the MyDoom computer virus that is
estimated to have infected hundreds of thousands of computers around
the world, is now overwhelming the Internet," Jeff Carlon, SCO's
director of Information Technology, said in a statement.
SCO had posted the statement on its Web site. But at 7 a.m. (PST) the
site could not be accessed. SCO spokesman Blake Stowell read the firm's
statement from his home in Utah.
While infected PCs were supposed to start inundating the main SCO Web
site with data starting at 4:09 p.m. (GMT), the site had been nearly
inaccessible for a 16-hour period prior to the scheduled start of the
attack, according to Internet performance measurement firm Netcraft.
The outage could have been due to a large number of infected computers
having their clocks set to the wrong time.
SCO confirmed that the site had been deluged with data hours earlier
than the official start of the attack. "Internet traffic began building
momentum on Saturday evening and by midnight eastern time, the SCO Web
site was flooded with requests beyond its capacity," the company said
in its statement.
The speed and severity of the attack surprised security officials.
"This is the biggest single [denial of service] attack ever," Mikko
Hypponen, director of antivirus research at F-Secure, wrote in an
update on the security company's Web site. "We estimate the total
amount of infected computers to be over one million. Of those, only the
computers that have been rebooted today are actually attacking."
SCO had been targeted for the denial-of-service attack last week. At
the time, SCO had said it hoped to keep its Web site running and had
contingency plans in place.
In its statement on Sunday, SCO it still "had a series of contingency
plans to deal with this problem," but would wait until Monday -- at
about 5 a.m. (PST) -- to communicate them.
"We didn't expect a lot of business on Super Bowl Sunday," Stowell
said, explaining the reason to hold off on the contingency plans. The
site attracts an estimated hundreds of thousands of users each week, he
said. The site is used to communicate information about SCO as well as
provide software updates and patches.
SCO has incurred the wrath of the Linux community for its claims that
important pieces of the open-source OS are covered by SCO's Unix
copyrights. IBM, Novell and other Linux backers strongly dispute the
claims.
SCO has offered a $250,000 (£137,343) bounty for information leading to
the arrest and conviction those who are responsible for the virus.
MyDoom is one of the fastest-growing worms ever. The bug raced onto the
Internet on Monday, quickly clogging email servers. Some analysts
speculate the worm is of Russian origin.
A variant of MyDoom is expected to attack Microsoft's main Web site on
Tuesday. Microsoft also has offered a $250,000 bounty to catch the
worm's perpetrator.
The attack aimed at Microsoft by computers infected with the B variant
of MyDoom is not expected to have as much effect because that version
hasn't spread as widely, said Vincent Weafer, a senior director at
computer-security company Symantec.
"Really, we are seeing very little of the B variant," he said.
The original virus, which only attacks the SCO site, is continuing its
attempts at spreading, he added. During the height of the epidemic, the
company received about 150 submissions of the virus every hour from
companies and home users. Now, Symantec is seeing about half that rate
of submissions, mainly from home users.
"The virus is not dropping off as fast as we had expected," he said.
CNET News.com's Robert Lemos contributed to this report.
|
