Bounty Set as MyDoom Builds Zombie Army

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
As the virulent MyDoom worm races across the Internet, building an army of computer zombiespotentially 500,000 strong, The SCO Group, Inc. is setting a $250,000 bounty on the virusauthor's head.

SCO, an embattled player in the Linux market, reported today that it is experiencing adistributed denial-of-service attack related to the MyDoom worm that first hit the wild onMonday. The Lindon, Utah-based company is offering the reward for information leading to thearrest and conviction of the virus author or authors.

''During the past 10 months, SCO has been the target of several DDOS attacks,'' reports DarlMcBride, president and CEO of The SCO Group, Inc., in a written statement. ''This one isdifferent and much more troubling, since it harms not just our company, but also damages thesystems and productivity of a large number of other companies and organizations around theworld.

''The perpetrator of this virus is attacking SCO, but hurting many others at the sametime,'' he adds. ''We do not know the origins or reasons for this attack, although we haveour suspicions. This is criminal activity and it must be stopped.''

SCO, which has been embroiled in legal wranglings over Linux and open source issues, alsoreports that it is working with the U.S. Secret Service and the FBI to figure out theidentity of the virus writer.

MyDoom, by many accounts, has become the fastest spreading virus ever, even surpassingSobig-F, which tore up the Internet late last summer. Mi2g, a security analysis companybased in London, reports that the worm, in just 48 hours, has caused $3 billion in damagesworldwide, and has spread to more than 170 countries.

The mass-mailing worm, also known by some security companies as Novarg, hit the wild onMonday and has been racing around the globe infecting computers with backdoor trojans andproxies. And Steve Sundermeier, vice president of products and services at Central CommandInc., an anti-virus company based in Medina, Ohio., says at its peak yesterday MyDoomaccounted for one in every six emails. Wednesday morning it was down to one in every eightemails.

At its peak, Sobig-F accounted for one in eight emails.

Sundermeier also notes that they're estimating that the worm has successfully compromised450,000 to 500,000 computers around the world. All of those machines now could be used topoint a DOS attack against SCO.

''MyDoom looks like it has peaked but we're still getting pounded with intercepts,'' saysSundermeier. ''It's still spreading like wildfire. It's going to be damaging to SCOpotentially, but it also has the ability to drop the proxy server to set up each infectedmachine for future trouble and spam.''

SCO could not be reached for comment by deadline.

The Central Command Web site has posted a description for the first MyDoom variant --MyDoom-B. It notes that as of yet there is no sign of it in the wild.

MyDoom spreads via email and by copying itself to any available shared directories used byKazaa. It harvests addresses from infected machines, and generally uses the words 'test','hi' and 'hello' in the subject line.

Analysts say MyDoom is spreading so quickly because it is successfully fooling users intoopening firs the email and then the attachment. The email often disguises itself as an emailthat the user sent that has bounced back. The user, wanting to know why the email failed,opens it up and then sees a text file icon, instead of the icon for an executable.

MyDoom also sets up a backdoor trojan in infected computers, allowing the virus writer oranyone else capable of sending commands to an infected machine to upload code or send spam.

The worm has a kill date of Feb. 12. That is leading some analysts to suspect that variantsare being prepared to follow on the heels of the first one.

Submit a Comment

Loading Comments...