February 2, 2004 5:23 AM PST
MyDoom downs SCO site
- Related Stories
-
MyDoom virus spells double trouble
February 3, 2004 -
New virus infects PCs, whacks SCO
January 26, 2004
On Monday, SCO began directing customers, developers and others to a new Web site,
SCO said an onslaught of data had made its usual Web site,
"This large-scale attack, caused by the MyDoom computer virus that is estimated to have infected hundreds of thousands of computers around the world, is now overwhelming the Internet to requests www.sco.com," Jeff Carlon, SCO's director of information technology, said in a statement Sunday.
Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.
SCO had posted the statement on its Web site. But at 7 a.m. PST Sunday, the site could not be accessed. SCO spokesman Blake Stowell read the company's statement from his home in Utah.
"We expect hundreds of thousands of attacks on www.sco.com because of these viruses," Carlon said in a statement Monday. "Starting on Feb. 1 and running through Feb. 12, SCO has developed layers of contingency plans to communicate with our valued customers, resellers, developers, partners and shareholders."
While infected PCs were supposed to start inundating the main SCO Web site with data starting at 4:09 p.m. GMT (8:09 a.m. PST), the site had been nearly inaccessible for a 16-hour period prior to the scheduled start of the attack, according toSCO confirmed that the site had been deluged with data hours earlier than the official start of the attack. "Internet traffic began building momentum on Saturday evening and by midnight eastern time the SCO Web site was flooded with requests beyond its capacity," the company said in its statement.
The speed and severity of the attack surprised security officials. "This is the biggest single (denial of service) attack ever," Mikko Hypponen, director of antivirus research at F-Secure, wrote in an update on the security company's Web site. "We estimate the total amount of infected computers to be over one million. Of those, only the computers that have been rebooted (or infected) today are actually attacking."
SCO had been
"We didn't expect a lot of business on Super Bowl Sunday," Stowell said, explaining the reason to hold off on the contingency plans. The site attracts an estimated hundreds of thousands of users each week, he said. The site is used to communicate information about SCO as well as provide software updates and patches.
SCO has incurred the wrath of the Linux community for its claims that important pieces of the open-source OS are covered by SCO's Unix copyrights. IBM, Novell and other Linux backers strongly dispute the claims.
SCO has
MyDoom is one of the
A variant of MyDoom is expected to
The attack aimed at Microsoft by computers infected with the B variant of MyDoom is not expected to have as much effect because that version hasn't spread as widely, said Vincent Weafer, a senior director at computer-security company Symantec.
"Really, we are seeing very little of the B variant," he said.
The original virus, which only attacks the SCO site, is continuing its attempts at spreading, he added. During the height of the epidemic, the company received about 150 submissions of the virus every hour from companies and home users. Now, Symantec is seeing about half that rate of submissions, mainly from home users.
"The virus is not dropping off as fast as we had expected," he said.
CNET News.com's Robert Lemos and Jon Skillings contributed to this report.
See more CNET content tagged:
SCO Group Inc.,
MyDoom virus,
computer virus,
denial of service,
Utah
