Microsoft shrugs off MyDoom attack

The start of a data flood by PCs infected with the MyDoom.B virus has had little impact on the software giant's Web site, Internet watchers say.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
3 min read
The start of a data flood by PCs infected with the MyDoom.B virus had little impact on Microsoft's main Web site on Tuesday, according to Internet watchers.

The virus, which has spread less widely than the original MyDoom program, tries to connect to the Microsoft home page 10 times every three seconds. Those additional requests resulted in a drop in performance of maybe 10 percent to 20 percent, compared with previous Tuesdays, said Ken Godskind, vice president of marketing at Web hosting and monitoring company AlertSite.

Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.

"If I had to hazard a guess, I would say that Microsoft was well prepared for this event, because they have had no availability issues," Godskind said.

Moreover, the Web site was easier to connect to on Tuesday than on the previous day, when Microsoft released a security update for the enormous installed base of Windows users. That suggests that the effect of the denial-of-service attack on the company's network was less than that seen in its normal run of business.

"It makes sense," Godskind said. "When Microsoft has an update, how many million people come and have to update their browsers?"

Microsoft wouldn't comment on the issue, except to say that its administrators have worked hard the past two days to prepare for the MyDoom attack.

The first version of MyDoom spread through e-mail a week ago, infecting a new computer every time an unwary user opened the attached filed that contained the program. As many as 2 million PCs may have been infected, according to some estimates. The original virus was programmed to attack the SCO Group's Web site last Sunday, while the variant MyDoom.B was scheduled to target Microsoft on Tuesday and to keep up the attack until March 1.

On Saturday, SCO started coming under attack by PCs infected with the original version of the MyDoom virus. The attack, scheduled to start Sunday at 8:09 a.m. PST, may have been kicked off early by numerous PCs, whose clocks had been set to the wrong time. By early Sunday, SCO had removed its Web site from the domain name system, the Internet version of the Yellow Pages, so that the attacking computers could no longer find the numerical address of its server.

Microsoft appears to have suffered less from its MyDoom strike. However, the second virus hasn't spread as far as the original program, and a bug in the code apparently means that only 7 percent of all infected computers will attack at the same time.

Netcraft, which monitors Internet performance, has noted a few failures to connect to Microsoft's main site but said that otherwise, "it's been pretty much business as usual for the Web site to date, with most response times little different from any other day."

Microsoft has created an alternate Web site for people whose PCs are infected with MyDoom.B and who want to get security information but cannot contact the main site because of a mechanism in the virus that blocks some 65 Web sites, including Microsoft's home page. The alternate site, which starts with "information" rather than "www," lets people see the regular home page content.

Microsoft and SCO have each offered a reward of $250,000 for locating the creators of the MyDoom and MyDoom.B viruses.