Security

SCO braces for MyDoom onslaught

Faced with a massive denial-of-service attack timed to go off this weekend, the controversial claimant to Linux code is preparing its defenses.

The SCO Group is readying itself for a massive attack that is expected to begin hitting its Web site this weekend, courtesy of the fast-spreading MyDoom virus.

The company was reluctant to discuss specific details of its plans, but spokesman Blake Stowell said on Friday that it is preparing for the onslaught of traffic that the virus is projected to generate. The company hopes to keep its regular Web site running but has contingency plans in place, he said.

"I think people will see some creative thinking on our part, on how we address this," Stowell said. The company has already offered a $250,000 bounty for information leading to the arrest and conviction of those responsible for unleashing the virus.

MyDoom is designed to force infected PCs to send data to the SCO Group's Web server between Feb. 1 and Feb. 12. SCO has drawn the wrath of the Linux community over claims that key pieces of the open-source operating system are covered by SCO's Unix copyrights. IBM, Novell and other Linux backers strongly dispute the claims.

Microsoft was able to thwart an attack on its Windows Update site last August by eliminating the specific Web address the MSBlast worm targeted. The software maker killed off the site's previous address, http://www.windowsupdate.com.

Similarly, the White House stymied a denial-of-service attack aimed at its Web site by diverting a deluge of data, sent by systems infected with the Code Red worm, to a different address.

MyDoom is one of the fastest-spreading worms in memory. The bug, which is also known as Novarg and as a variant of the Mimail virus, started worming its way around the Internet on Monday.

A variant of the MyDoom worm is also programmed to attack Microsoft's main Web site. In a statement, the Redmond, Wash., software company said it is aware that its sites are targets of a denial-of-service attack from a variant of the virus, MyDoom.B.

"While Microsoft is unable to discuss the specific remedies it is taking to prevent the reported (denial-of-service) attack, we are doing everything we can to ensure that Microsoft properties remain fully available to our customers," the company said in a statement Friday. "Microsoft is aggressively working with our Virus Information Alliance partners to help protect customers from this outbreak."

E-mail screening company MessageLabs said on Friday that while MyDoom wasn't spreading as fast as it had been midweek, it is still setting records. The company has intercepted nearly 9 million messages infected with the virus since Monday, and the infection rate has averaged about one in every 15 messages. That is below MyDoom's peak rate of one in 12 and in line with the previous record holder, the Sobig virus.

"Let there be no doubt that the Trojan component of MyDoom.A is creating an entirely new network of compromised machines that hackers, and likely spammers, will be able to remotely control," Mark Sunner, chief technology officer of MessageLabs, said in a statement.

Antivirus firm Kaspersky Labs said there is an 80 percent chance that MyDoom is of Russian origin, according to an AFP report.

CNET News.com's David Becker contributed to this report.