News

MyDoom.B Causes Microsoft Problems

Although Microsoft enjoyed early success in fending off the distributed denial of service attack programmed into the fast-spreading MyDoom.B, the mass-mailing worm is inflicting an increasing amount of damage against the software giant's servers.

MyDoom.B was programmed to begin attacking Microsoft.com on Feb. 3. The original version infected computers then targeted the SCO Group with a DDoS that was almost immediately successful in taking out SCO's main sites, which remain down.

With a number of countermeasures, Microsoft was able to keep its sites performing at near normal levels through most of last week. But MyDoom.B, which "upgrades" computers infected with MyDoom.A and presses them into its attack against Microsoft, gained ground over the weekend.

"MyDoom is still out there and spreading. It has picked up momentum in the last 48 hours once again. This is a dangerous global epidemic. There are over a million computers still infected that have their backdoors open and they are being upgraded to MyDoom.B which targets Microsoft," DK Matai, executive chairman of the U.K.-based security firm mi2g, said in a statement on Monday.

Researchers at Netcraft recorded a five-hour outage of Microsoft's site on Sunday afternoon and are continuing to record spotty performance at the site. The attacks are scheduled to last until March 1. Users who urgently need information from Microsoft's site and are having problems can access a backup site Microsoft created at https://information.microsoft.com. Microsoft, like SCO, has offered a $250,000 reward for information leading to the arrest and conviction of the MyDoom authors.

In a move that both helps customers and potentially reduces the attack surface from which the MyDoom DDoS can target Microsoft, the company on Thursday posted a MyDoom removal tool.

The 109 KB tool checks for MyDoom.A and MyDoom.B infections and removes the worms if they're present. It also provides users infected with MyDoom.B with a new "hosts" file and sets the "read-only" attribute for that file. The worm variant blocks users from accessing Microsoft and anti-virus sites in an effort to keep users from downloading fixes.

As it comes from Microsoft, the tool naturally requires the user to accept an end user license agreement before running. The removal tool only works on Windows XP and Windows 2000. It is available at http://support.microsoft.com/?kbid=836528. Removal tools have been available from several anti-virus vendors since early in the outbreak. Unlike Microsoft's tool, some of those check for common worms and trojans other than MyDoom.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Offers Support Extensions for Exchange 2016 and 2019

    Microsoft has introduced a paid Extended Security Update (ESU) program for on-premises Exchange Server 2016 and 2019, offering a crucial safety cushion as both versions near their Oct. 14, 2025 end-of-support date.

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Notebook

    Microsoft Centers AI, Security and Partner Dogfooding at MCAPS

    Microsoft's second annual MCAPS for Partners event took place Tuesday, delivering a volley of updates and directives for its partners for fiscal 2026.

  • Microsoft Layoffs: AI Is the Obvious Elephant in the Room

    As Microsoft doubles down on an $80 billion bet on AI this fiscal year, its workforce reductions are drawing scrutiny over whether AI's ascent is quietly reshaping its human capital strategy, even as official messaging avoids drawing a direct line.