Add as a preferred source on Google


News

MyDoom.B Causes Microsoft Problems

Although Microsoft enjoyed early success in fending off the distributed denial of service attack programmed into the fast-spreading MyDoom.B, the mass-mailing worm is inflicting an increasing amount of damage against the software giant's servers.

MyDoom.B was programmed to begin attacking Microsoft.com on Feb. 3. The original version infected computers then targeted the SCO Group with a DDoS that was almost immediately successful in taking out SCO's main sites, which remain down.

With a number of countermeasures, Microsoft was able to keep its sites performing at near normal levels through most of last week. But MyDoom.B, which "upgrades" computers infected with MyDoom.A and presses them into its attack against Microsoft, gained ground over the weekend.

"MyDoom is still out there and spreading. It has picked up momentum in the last 48 hours once again. This is a dangerous global epidemic. There are over a million computers still infected that have their backdoors open and they are being upgraded to MyDoom.B which targets Microsoft," DK Matai, executive chairman of the U.K.-based security firm mi2g, said in a statement on Monday.

Researchers at Netcraft recorded a five-hour outage of Microsoft's site on Sunday afternoon and are continuing to record spotty performance at the site. The attacks are scheduled to last until March 1. Users who urgently need information from Microsoft's site and are having problems can access a backup site Microsoft created at https://information.microsoft.com. Microsoft, like SCO, has offered a $250,000 reward for information leading to the arrest and conviction of the MyDoom authors.

In a move that both helps customers and potentially reduces the attack surface from which the MyDoom DDoS can target Microsoft, the company on Thursday posted a MyDoom removal tool.

The 109 KB tool checks for MyDoom.A and MyDoom.B infections and removes the worms if they're present. It also provides users infected with MyDoom.B with a new "hosts" file and sets the "read-only" attribute for that file. The worm variant blocks users from accessing Microsoft and anti-virus sites in an effort to keep users from downloading fixes.

As it comes from Microsoft, the tool naturally requires the user to accept an end user license agreement before running. The removal tool only works on Windows XP and Windows 2000. It is available at http://support.microsoft.com/?kbid=836528. Removal tools have been available from several anti-virus vendors since early in the outbreak. Unlike Microsoft's tool, some of those check for common worms and trojans other than MyDoom.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Dismantles RedVDS Cybercrime Marketplace Linked to $40M in Phishing Fraud

    In a coordinated action spanning the United States and the United Kingdom, Microsoft’s Digital Crimes Unit (DCU) and international law enforcement collaborators have taken down RedVDS, a subscription based cybercrime platform tied to an estimated $40 million in fraud losses in the U.S. since March 2025.

  • Sound Wave Illustration

    CrowdStrike's Acquisition of SGNL Aims to Strengthen Identity Security

    CrowdStrike signs definitive agreement to purchase SGNL, an identity security specialist, in a deal valued at about $740 million.

  • Microsoft Acquires Osmos, Automating Data Engineering inside Fabric

    In a strategic move to reduce time-consuming manual data preparation, Microsoft has acquired Seattle-based startup Osmos, specializing in agentic AI for data engineering.

  • Linux Foundation Unites Major Tech Firms to Launch Agentic AI Foundation

    The Linux Foundation today announced the creation of a new collaborative initiative — the Agentic AI Foundation (AAIF) — bringing together major AI and cloud players such as Microsoft, OpenAI, Anthropic and other major tech companies.

Most   Popular