Waiting For MyDooms Sunday Punch

A series of MyDoom-inspired denial-of-service attacks will commence this Sunday. Here's the latest analysis of the scope of the problem, how the attacks will proceed and what individuals and businesses can expect during the event.

This Sunday, as American football fans await the Super Bowl broadcast, a slow-motion, digital wave will be building on the Internet, a result of the recent MyDoom worm attack. Following the worms dissection by security analysts, the world knows a distributed denial-of-service attack is coming, but theres little that can be done to stop it.

Heres how Sundays distributed denial-of-service attack will proceed: At midnight of the international date line the Windows computers infected by the MyDoom.A and MyDoom.B worms will begin to send large numbers of Web requests to the Web site of The SCO Group, the Lindon, Utah-based Unix vendor; the wave will begin in the far east and move westward around the world. Such a large quantity of requests will overwhelm SCOs Web server, making the site unavailable.

From the data gathered by security researchers, the scope of the attack is in question. Individual MyDoom.A victims may or may not be part of this attack.

According to Symantecs research, only 25 percent of infected systems may participate in the attack. And since there appear to be very few MyDoom.B infections remaining in the wild, the number of systems performing the attack looks to be many fewer than had been feared.

Still, at the height of the MyDoom.A infection early in the week, some 1 in every 12 messages were infected, according to New York e-mail security company MessageLabs Inc. The company said that its filters had stopped more than 8 million copies of the worm by Friday.

/zimages/1/28571.gifTo find out how to remove the MyDoom worm, click here.

So if only 25 percent of infected computers launch the expected DDoS attack, that will still be a very large number of machines. Thus its unlikely that SCOs Web site will stay up and running. The attack is scheduled to continue until February 12.

On February 3, a similar attack will form against Microsoft from computers infected with MyDoom.B. However, major antivirus vendors reported that the infection rate for MyDoom.B was much less than the earlier worm, which it is believed infected hundreds of thousands of systems.

/zimages/1/28571.gifSecurity researchers believe that East-West cultural differences surrounding e-mail may have helped some Asian-based companies dodge MyDoom infections. Click here to read more on the subject.

Trend Micro Inc. of Tokyo, a leading enterprise antivirus company, reported seeing exactly one MyDoom.B-infected system in the wild as of Friday afternoon.

While it would appear at this point that MyDoom.B is a bust, Ken Dunham, director of malicious code at security intelligence firm iDefense Inc. of Reston Va., pointed out that MyDoom has a variety of means to update itself, so its possible that there are more MyDoom.B infections out in the public than can be verified at present.

Next Page: What Can Individuals and Companies Do?

Further reading