After spreading worldwide from PC to PC last week, the threatening MyDoom email virus launched a massive Denial of Service (DoS) attack against SCO Group's UNIX servers as expected, knocking out the company's Web site. That attack will last until February 12, according to security experts, who describe it as the most devastating DoS attack to date. The attack has forced SCO to manually advise customers to access the company's Web site at a new URL during the attack. Unknown attackers likely launched MyDoom as retaliation against SCO's widely staged legal battle with Linux backers such as IBM and Novell. But SCO isn't the only company facing potential problems from MyDoom: A new variant of the virus, MyDoom.B, will launch a similar DoS attack on Microsoft's Web site starting tomorrow.
However, Microsoft will benefit from the timing of the second attack. The speed with which the original MyDoom virus spread surprised security experts, and the virus was able to infect more than 1 million PCs. But the MyDoom.B variant, which started spreading last week, has infected far fewer PCs than the original has, mostly because so many people are now aware of the problem. "We're definitely doing everything we can to make sure that our customers who need to get to our site are able to do so," a Microsoft representative said Friday, without actually explaining what the company can do to prevent a DoS attack, which indirectly attacks a target by flooding the Internet's DNS servers with requests. Microsoft has offered a $250,000 bounty for information leading to the capture, arrest, and conviction of the individual or individuals who launched the MyDoom attacks.
Users should still be concerned about this family of viruses. As security experts note, MyDoom and its variants are still spreading, and users need to take steps to protect and inoculate their systems. The MyDoom viruses spread through email attachments, and because the virus can silently send copies of itself to everyone on a user's Contacts list, those attachments often appear to come from trusted sources, breaking down the basic blocking system most email users now employ. More sophisticated email applications can block email by attachment type, but the .zip file format that this virus typically uses isn't always on block lists. So the only way to prevent this virus from spreading is to stop opening attachments altogether or employ a frequently updated third-party virus scanner than includes email-scanning capabilities. Most popular antivirus packages are up to this task and have been updated to handle the MyDoom virus.
