MyDoom assault forces SCO off the net

Swamp Thing

SCO has pulled the plug on its main Web site in response to a huge DDoS initiated from PCs infected with the MyDoom worm last weekend.

In a statement, SCO said that its site was "flooded with requests beyond its capacity".

"This large scale attack, caused by the MyDoom computer virus that is estimated to have infected hundreds of thousands of computers around the world, is now overwhelming the Internet with requests to www.sco.com," said Jeff Carlon, worldwide director of Information Technology infrastructure, The SCO Group.

Rather than saying the attack was "overwhelming the Internet" it would be more accurate to say that the assault was swamping SCO's main site. The Internet, as a whole, is behaving normally.

www.sco.com has been taken out of DNS records - effectively removing it from the Internet - in response to the DDoS attack. Netcraft reports that SCO may have taken this action under pressure from ISPs to put a stop to the http traffic been generated from infected machines.

SCO said it expects the attacks on its Web site to continue until February 12, when MyDoom-A is programmed to stop spreading or attacking the SCO site. The company said it would outline contingency plans it intends to take to defend against the MyDoom attack later today.

SCO has put up a $250,000 bounty for information leading to the arrest and conviction of the author of MyDoom-A. Since the appearance of MyDoom-A a less prolific variant, MyDoom-B, has been unleashed onto the Net.

MyDoom-B is programmed to launch DDoS attacks on both www.sco.com (not sco.com as previously reported) and www.microsoft.com.

Both MyDoom-A and MyDoom-B infect only Windows machines. ®

Related Stories

Latest Email worm has SCO-facing payload
SCO posts $250,000 worm bounty

Sponsored: Driving business with continuous operational intelligence