News

MyDoom.B Causes Microsoft Problems

Although Microsoft enjoyed early success in fending off the distributed denial of service attack programmed into the fast-spreading MyDoom.B, the mass-mailing worm is inflicting an increasing amount of damage against the software giant's servers.

MyDoom.B was programmed to begin attacking Microsoft.com on Feb. 3. The original version infected computers then targeted the SCO Group with a DDoS that was almost immediately successful in taking out SCO's main sites, which remain down.

With a number of countermeasures, Microsoft was able to keep its sites performing at near normal levels through most of last week. But MyDoom.B, which "upgrades" computers infected with MyDoom.A and presses them into its attack against Microsoft, gained ground over the weekend.

"MyDoom is still out there and spreading. It has picked up momentum in the last 48 hours once again. This is a dangerous global epidemic. There are over a million computers still infected that have their backdoors open and they are being upgraded to MyDoom.B which targets Microsoft," DK Matai, executive chairman of the U.K.-based security firm mi2g, said in a statement on Monday.

Researchers at Netcraft recorded a five-hour outage of Microsoft's site on Sunday afternoon and are continuing to record spotty performance at the site. The attacks are scheduled to last until March 1. Users who urgently need information from Microsoft's site and are having problems can access a backup site Microsoft created at https://information.microsoft.com. Microsoft, like SCO, has offered a $250,000 reward for information leading to the arrest and conviction of the MyDoom authors.

In a move that both helps customers and potentially reduces the attack surface from which the MyDoom DDoS can target Microsoft, the company on Thursday posted a MyDoom removal tool.

The 109 KB tool checks for MyDoom.A and MyDoom.B infections and removes the worms if they're present. It also provides users infected with MyDoom.B with a new "hosts" file and sets the "read-only" attribute for that file. The worm variant blocks users from accessing Microsoft and anti-virus sites in an effort to keep users from downloading fixes.

As it comes from Microsoft, the tool naturally requires the user to accept an end user license agreement before running. The removal tool only works on Windows XP and Windows 2000. It is available at http://support.microsoft.com/?kbid=836528. Removal tools have been available from several anti-virus vendors since early in the outbreak. Unlike Microsoft's tool, some of those check for common worms and trojans other than MyDoom.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.