MyDoom Targets Microsoft, Breaks Records, SCO Fires Back
- By Scott Bekker
- January 28, 2004
In its third day of activity, the MyDoom mass-mailing virus spread chaos like ripples in a pond.
Virus researchers at BitDefender on Wednesday detected a new strain of the MyDoom or Novarg virus that targeted Microsoft in its denial-of-service attack. The new strain, which BitDefender calls Novarg.B, also is scheduled to hit the SCO Group, the original target of a DoS attack scheduled for Feb. 1-12 in the first version of MyDoom.
Novarg.B contained only a few technical variations from the original. "Still, we can expect a new wave of infections, as the author already has a base-target," BitDefender virus researcher Mihai Neagu said in a statement.
Original target SCO, meanwhile, not being one to shy away from taking a technology problem to the courts whenever possible, offered a $250,000 reward for information leading to the arrest and conviction of the virus writers.
"During the past ten months SCO has been the target of several DDOS attacks," Darl McBride, SCO president and CEO, said in a statement. SCO has been challenged to keep its Web site running since filing legal actions claiming that large portions of Linux code are SCO's intellectual property.
"This one is different and much more troubling, since it harms not just our company, but also damages the systems and productivity of a large number of other companies and organizations around the world. The perpetrator of this virus is attacking SCO, but hurting many others at the same time. We do not know the origins or reasons for this attack, although we have our suspicions," McBride said.
Researchers at MessageLabs, a security company that offers an anti-virus service for 8,000 business customers worldwide, had stopped 3 million copies of the virus by mid-Wednesday. In the first 24 hours, MessageLabs stopped 1.2 million copies of the virus, which first appeared Jan. 26 in the Russian Federation. By comparison, MessageLabs stopped only 1 million copies of the extremely prolific SoBig.F in that worm's first 24 hours.
According to MessageLabs, the peak infection rate for MyDoom is 1 in 12. The peak infection rate for Sobig.F was 1 in 17.
The digital risk assessment firm mi2g estimates the economic damage worldwide for MyDoom in its first 48 hours at $3 billion in terms of "loss of business, bandwidth clogging, productivity erosion, management time reallocation and cost of recovery."
That damage estimate puts MyDoom at ninth on the firm's ranking of the Top 10 worst malware to date. Sobig, at $37 billion, ranks first, but mi2g says MyDoom's fast start is unlikely to translate into a bigger damage total than Sobig amassed. "Large corporations, organizations and government departments are better prepared now than in August last year," the firm said in a statement.
Scott Bekker is editor in chief of Redmond Channel Partner magazine.