Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Waiting For MyDooms Sunday Punch

    By
    Larry Seltzer
    -
    January 30, 2004
    Share
    Facebook
    Twitter
    Linkedin

      This Sunday, as American football fans await the Super Bowl broadcast, a slow-motion, digital wave will be building on the Internet, a result of the recent MyDoom worm attack. Following the worms dissection by security analysts, the world knows a distributed denial-of-service attack is coming, but theres little that can be done to stop it.

      Heres how Sundays distributed denial-of-service attack will proceed: At midnight of the international date line the Windows computers infected by the MyDoom.A and MyDoom.B worms will begin to send large numbers of Web requests to the Web site of The SCO Group, the Lindon, Utah-based Unix vendor; the wave will begin in the far east and move westward around the world. Such a large quantity of requests will overwhelm SCOs Web server, making the site unavailable.

      From the data gathered by security researchers, the scope of the attack is in question. Individual MyDoom.A victims may or may not be part of this attack.

      According to Symantecs research, only 25 percent of infected systems may participate in the attack. And since there appear to be very few MyDoom.B infections remaining in the wild, the number of systems performing the attack looks to be many fewer than had been feared.

      Still, at the height of the MyDoom.A infection early in the week, some 1 in every 12 messages were infected, according to New York e-mail security company MessageLabs Inc. The company said that its filters had stopped more than 8 million copies of the worm by Friday.

      /zimages/1/28571.gifTo find out how to remove the MyDoom worm, click here.

      So if only 25 percent of infected computers launch the expected DDoS attack, that will still be a very large number of machines. Thus its unlikely that SCOs Web site will stay up and running. The attack is scheduled to continue until February 12.

      On February 3, a similar attack will form against Microsoft from computers infected with MyDoom.B. However, major antivirus vendors reported that the infection rate for MyDoom.B was much less than the earlier worm, which it is believed infected hundreds of thousands of systems.

      /zimages/1/28571.gifSecurity researchers believe that East-West cultural differences surrounding e-mail may have helped some Asian-based companies dodge MyDoom infections. Click here to read more on the subject.

      Trend Micro Inc. of Tokyo, a leading enterprise antivirus company, reported seeing exactly one MyDoom.B-infected system in the wild as of Friday afternoon.

      While it would appear at this point that MyDoom.B is a bust, Ken Dunham, director of malicious code at security intelligence firm iDefense Inc. of Reston Va., pointed out that MyDoom has a variety of means to update itself, so its possible that there are more MyDoom.B infections out in the public than can be verified at present.

      Next Page: What Can Individuals and Companies Do?

      What Can Individuals and

      Companies Do?”>

      Strictly speaking, the attack will actually begin, if it hasnt already, some time before February 1, since many computers have misconfigured or erroneous system clocks. For the same reason, some computers may never finish their attacks. But the vast bulk of the attack will happen on schedule.

      As the Bath, England-based security analysis and consulting firm Netcraft Ltd. pointed out, Microsoft has had some success in the past deflecting such DDoS attacks, such as the Blaster worm last August.

      In that case, part of Microsofts strategy was to shift the front-end handling of requests to their Web sites onto Akamai Technologies Inc., a Cambridge, Mass. content-distribution network (CDN) that runs its services on Linux. Microsoft was pragmatic enough to accept the minor embarrassment of having the companys servers appear to be running on Linux. The message boards at Netcrafts Web site pointed out that such a recourse would be a bitter pill indeed for SCO to swallow, given its legal campaign against Linux and open-source software products.

      So what will individual Internet users see on Sunday? It will depend on their location and if their computers are infected with MyDoom.A.

      If a computer is infected, theres a good chance that its performance will seem sluggish and the Internet connection congested, depending on the speed of the computer and its configuration. If a particular system is uninfected, its still possible that other infected machines on the local network could use enough bandwidth to slow the networks Internet connection.

      If a serious attack occurs Tuesday against Microsofts Web site, more people could be affected because Microsofts site is commonly used by its customers for information and software downloads.

      Analysts said that infected systems remaining in corporate installations will betray themselves quickly on Sunday, and IT administrators should be able to locate them easily by tracing back the requests to www.sco.com in their log files.

      A wave of these requests will also occur on Monday morning when computer users return to work and turn on their systems.

      Avatar
      Larry Seltzer
      Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×