Waiting For MyDooms Sunday Punch

By Larry Seltzer  |  Posted 2004-01-30 Print this article Print

A series of MyDoom-inspired denial-of-service attacks will commence this Sunday. Here's the latest analysis of the scope of the problem, how the attacks will proceed and what individuals and businesses can expect during the event.

This Sunday, as American football fans await the Super Bowl broadcast, a slow-motion, digital wave will be building on the Internet, a result of the recent MyDoom worm attack. Following the worms dissection by security analysts, the world knows a distributed denial-of-service attack is coming, but theres little that can be done to stop it. Heres how Sundays distributed denial-of-service attack will proceed: At midnight of the international date line the Windows computers infected by the MyDoom.A and MyDoom.B worms will begin to send large numbers of Web requests to the Web site of The SCO Group, the Lindon, Utah-based Unix vendor; the wave will begin in the far east and move westward around the world. Such a large quantity of requests will overwhelm SCOs Web server, making the site unavailable. From the data gathered by security researchers, the scope of the attack is in question. Individual MyDoom.A victims may or may not be part of this attack.
According to Symantecs research, only 25 percent of infected systems may participate in the attack. And since there appear to be very few MyDoom.B infections remaining in the wild, the number of systems performing the attack looks to be many fewer than had been feared.
Still, at the height of the MyDoom.A infection early in the week, some 1 in every 12 messages were infected, according to New York e-mail security company MessageLabs Inc. The company said that its filters had stopped more than 8 million copies of the worm by Friday. To find out how to remove the MyDoom worm, click here. So if only 25 percent of infected computers launch the expected DDoS attack, that will still be a very large number of machines. Thus its unlikely that SCOs Web site will stay up and running. The attack is scheduled to continue until February 12. On February 3, a similar attack will form against Microsoft from computers infected with MyDoom.B. However, major antivirus vendors reported that the infection rate for MyDoom.B was much less than the earlier worm, which it is believed infected hundreds of thousands of systems. Security researchers believe that East-West cultural differences surrounding e-mail may have helped some Asian-based companies dodge MyDoom infections. Click here to read more on the subject. Trend Micro Inc. of Tokyo, a leading enterprise antivirus company, reported seeing exactly one MyDoom.B-infected system in the wild as of Friday afternoon. While it would appear at this point that MyDoom.B is a bust, Ken Dunham, director of malicious code at security intelligence firm iDefense Inc. of Reston Va., pointed out that MyDoom has a variety of means to update itself, so its possible that there are more MyDoom.B infections out in the public than can be verified at present.

Next Page: What Can Individuals and Companies Do?

Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel