On Monday, January 26, 2004 a new and very aggressive email worm began infecting thousands of machines, attacking home users and corporate users alike. MyDoom arrived as an email attachment from a randomized sender with various subject titles, and quickly spread across the Internet. By Tuesday morning it was estimated that one out of every 12 emails contained the virus.
The worm had a real target in mind: www.sco.com. It was engineered to launch a denial-of-service (DOS) attack against SCO starting on February 1. The attack began early Sunday morning as infected computers sent messages to SCO’s website completely overloading its web servers. Fortunately, due to an error in coding, only about one in four infected machines engaged in the DOS attack against SCO.
However, it was enough. In a prepared statement, SCO confirmed the attack stating that requests sent to www.sco.com from MyDoom-infected computers were responsible for making its website “completely unavailable” on Sunday, February 1. Facing continual attacks for at least until February 12, SCO moved its website. Over $250,000 in bounties were posted by SCO and Microsoft for information leading to the identification of the virus’ author.
The virus now has the distinction of being the fastest spreading attack on record, edging out SoBig.F which hit the Internet with a vengeance in August of 2003. Estimates on the number of machines infected vary, but it is anticipated the number will be well over one million on the final tally. At its peak on Thursday, January 29, the number of systems being infected reached 12,000 per hour.
Because the code is designed to stop its DOS attack against SCO on Feb 12, many individuals (and companies) are under the impression that the virus will pose no further threat at that point. Security experts warn that this is not the case. The virus will still be resident until cleansed and will continue to monitor activity on the infected machine. Additionally infected machines can serve as a “zombie army” that could allow hackers to execute additional DOS attacks and cause other serious problems in the future.
Damage and total cost estimates from MyDoom are still in progress, but Computer Economics now estimates the total may exceed $4 billion, making it one of the costliest cyber attacks on record. Additionally, 2004 is threatening to be one of the worst years ever in terms of virus damages and costs. The fact that SoBig.F and MyDoom were launched only months apart and are now ranked as the two fastest spreading viruses of all time, illustrates that the risk remains extremely high that a “super” attack is a real possibility–one that could have consequences far in excess of any seen to date.
February 2004