Machines infected by the less-common of the two MyDoom viruses are programmed to begin flooding Microsofts site with HTTP GET requests today, and to continue doing so through March 1. However, according to an analysis of the virus by Network Associates Inc.s McAfee Security unit, the virus contains a flaw in its code which prevents the attack from beginning 93 percent of the time.
MyDoom.B, like its older sibling, the far more widespread MyDoom.A, launches attacks the site of Unix vendor The SCO Group. MyDoom.A began its attack on SCOs site on Sunday, completely crippling the site. In response, the company has moved its Web presence to another URL until the attack subsides.
Microsoft, based in Redmond, Wash., used a similar tactic once before when its Windows Update site was the target of a DDoS attack by PCs infected by the Blaster worm last summer. In the case of MyDoom.B, the company isnt disclosing its efforts, but the site has been available all day. Microsoft said it had set up a new site that isnt blocked by the virus and contains information on combating MyDoom.
In addition, MyDoom.B has the capability to block access to a long list of Web sites, including those of most of the major antivirus vendors.
"While we are unable to discuss the specific remedies we took to prevent the DDoS attack, we did make it a priority to ensure that Microsoft websites , such as Windows Update, remained fully available to our customers," the Microsoft said in a statement.
"Additionally, we aggressively worked with our Virus Information Alliance partners to help protect customers from this outbreak. We continue to be focused on ensuring that our websites are available to customers and provide them with critical resources, including the latest security information," the statement said.
Meanwhile, Microsoft has offered a $250,000 reward for information leading to the prosecution of whoever wrote and released MyDoom.B.