Bounty Set as MyDoom Builds Zombie Army
As the virulent MyDoom worm races across the Internet, building an army of computer zombies potentially 500,000 strong, The SCO Group is setting a $250,000 bounty on the virus author's head.
SCO, an embattled player in the Linux market, reported today that it is experiencing a distributed denial-of-service attack related to the MyDoom worm that first hit the wild on Monday. The Lindon, Utah-based company is offering the reward for information leading to the arrest and conviction of the virus author or authors.
''During the past 10 months, SCO has been the target of several DDOS attacks,'' reports Darl McBride, president and CEO of The SCO Group, Inc., in a written statement. ''This one is different and much more troubling, since it harms not just our company, but also damages the systems and productivity of a large number of other companies and organizations around the world.
''The perpetrator of this virus is attacking SCO, but hurting many others at the same time,'' he adds. ''We do not know the origins or reasons for this attack, although we have our suspicions. This is criminal activity and it must be stopped.''
MyDoom, by many accounts, has become the fastest spreading virus ever, even surpassing Sobig-F, which tore up the Internet late last summer. Mi2g, a security analysis company based in London, reports that the worm, in just 48 hours, has caused $3 billion in damages worldwide, and has spread to more than 170 countries.
The mass-mailing worm, also known by some security companies as Novarg, hit the wild on Monday and has been racing around the globe infecting computers with backdoor trojans and proxies. And Steve Sundermeier, vice president of products and services at Central Command Inc., an anti-virus company based in Medina, Ohio., says at its peak yesterday MyDoom accounted for one in every six emails. Wednesday morning it was down to one in every eight emails.
At its peak, Sobig-F accounted for one in eight emails.
Sundermeier also notes that they're estimating that the worm has successfully compromised 450,000 to 500,000 computers around the world. All of those machines now could be used to point a DOS attack against SCO.
''MyDoom looks like it has peaked but we're still getting pounded with intercepts,'' says Sundermeier. ''It's still spreading like wildfire. It's going to be damaging to SCO potentially, but it also has the ability to drop the proxy server to set up each infected machine for future trouble and spam.''
SCO could not be reached for comment by deadline.
The Central Command Web site has posted a description for the first MyDoom variant -- MyDoom-B. It notes that as of yet there is no sign of it in the wild.
MyDoom spreads via email and by copying itself to any available shared directories used by Kazaa. It harvests addresses from infected machines, and generally uses the words 'test', 'hi' and 'hello' in the subject line.
Analysts say MyDoom is spreading so quickly because it is successfully fooling users into opening firs the email and then the attachment. The email often disguises itself as an email that the user sent that has bounced back. The user, wanting to know why the email failed, opens it up and then sees a text file icon, instead of the icon for an executable.
MyDoom also sets up a backdoor trojan in infected computers, allowing the virus writer or anyone else capable of sending commands to an infected machine to upload code or send spam.
The worm has a kill date of Feb. 12. That is leading some analysts to suspect that variants are being prepared to follow on the heels of the first one.
January 23, 2004
The use of ethical hackers to test for security vulnerabilities is as old as the IT hills. But, unless there are clear goals outlining why and to what extent your organization is engaging them, the outcome could be useless information -- or worse.