Advertisment

‘MyDoom’ targets SCO website

author-image
CIOL Bureau
Updated On
New Update

Reed Stevenson



SEATTLE: MyDoom, the latest worm to infect computers over the Internet, has become the fastest-spreading attack since last summer's twin attacks by the Blaster worm and SoBig virus, computer security experts said.

Since appearing late Monday afternoon, the worm, also known as Novarg or Shimgapi, has spread rapidly, mostly in North America, accounting for one in nine messages globally, experts said. The volume of messages clogged networks and appeared to be concentrated in corporate environments, experts said.



Anti-virus experts said the worm was designed to attack the Web site of the SCO Group Inc., the small software maker suing IBM over the use of code for the Linux operating system, experts said.



In response, SCO, which has drawn the ire of many Linux advocates for its claims that Linux software includes copyrighted code from the Unix operating system, offered a $250,000 reward for "information leading to the arrest and conviction of those responsible for this crime."



The new worm is activated when unsuspecting recipients of an e-mail message open a file attachment that releases a virus.



An infected personal computer could then allow attackers to gain unauthorized access and use the computer to aid in an Internet attack to bring down SCO's Web site, said Oliver Friedrichs, senior manager at security company Symantec Corp.



"Certainly there's code in here to launch a denial-of-service attack against SCO on Feb. 1," Friedrichs told reporters on a conference call.



BOUNTY OFFERED



SCO, based in Lindon, Utah, has already been targeted repeatedly with numerous denial-of-service attacks, which are used to flood a Web site with requests for information so that it overloads and shuts down.



"This one (MyDoom) is different and much more troubling, since it harms not just our company, but also damages the systems and productivity of a large number of other companies and organizations around the world," Darl McBride, SCO's chief executive, said in a statement. "We do not know the origins or reasons for this attack, although we have our suspicions. This is criminal activity and it must be stopped."



SCO claimed in lawsuit filed last March that International Business Machines Corp.'s customers and others are illegally using a version of the Linux operating system, a free operating system that software developers can modify.



The attacks from infected computers are scheduled to begin on Feb. 1 and continue to Feb. 12, Symantec said.



At risk are computers running the latest versions of Microsoft Corp.'s Windows programs and any e-mail program.



The worm doesn't exploit any flaws in Windows, but rather is designed to entice the recipient of an e-mail to open an attached file and run programs contained in the attachment.



The mass-mailing worm that arrives as an attachment with an .exe, .scr, .zip or .pif extension and can have a subject line of "test" or "status."



Users who receive the worm and simply ignore or delete it will be able to avoid any damage.



MyDoom also mails itself out to addresses in the victim's computer and is clogging mail servers and degrading network performance at companies, experts said.



The worm appears to have a random sender's address and subject line and sometimes contains an error message such as "The message cannot be represented in 7-bit ASCII and has been sent as a binary attachment."



Microsoft also offered two $250,000 bounties last November for information leading to the capture of those responsible for the Blaster worm and SoBig virus.



© Reuters

tech-news