Days away from facing the potential of separate distributed denial of service attacks, The SCO Group Inc. and Microsoft Corp. on Friday were providing few new public details on how they plans to stop the variants of the MyDoom e-mail worm from hitting their Web sites.
Both are targets of DDoS attacks that security experts say are set to launch on Sunday. The initial MyDoom worm, which began making the rounds of e-mail inboxes on Monday, included a delayed DDoS attack aimed at SCO. Then on Tuesday, a variant identified as MyDoom.B included in its payload a planned DDoS attack on Microsofts sites.
SCO spokesman Blake Stowell said that the company is taking the DDoS threat seriously and has been developing technical contingency plans to keep its Web site running on Sunday and if an attack persists. He declined to provide details about those plans.
“Every security expert talking about this and the ones we are talking to say this is really real and needs to be taken seriously,” Stowell said. “This will probably be the biggest test our company has seen from the Web-site standpoint ever.”
The Lindon, Utah, company earlier in the week said it already had faced sporadic DDoS attacks against its Web site, though Stowell said the site has been largely available the past two days. It also announced a reward of as much as $250,000 for information leading to the arrest those responsible for creating MyDoom.
Microsoft joined the hunt for MyDooms perpetrators on Thursday with its own $250,000 bounty and on Friday officials said the Redmond, Wash., software maker is aware of the DDoS attack plans and is working to thwart them.
“While Microsoft is unable to discuss the specific remedies it is taking to prevent the reported DDoS attack, we are doing everything we can to ensure that Microsoft properties remain fully available to our customers,” a Microsoft spokesperson said.