On Monday, January 26, 2004 a new and very aggressive email worm began infecting thousands of machines, attacking home users and corporate users alike. MyDoom arrived as an email attachment from a randomized sender with various subject titles, and quickly spread across the Internet. By Tuesday morning it was estimated that one out of every 12 emails contained the virus.
The worm had a real target in mind: www.sco.com. It was engineered to launch a denial-of-service (DOS) attack against SCO starting on February 1. The attack began early Sunday morning as infected computers sent messages to SCOâs website completely overloading its web servers. Fortunately, due to an error in coding, only about one in four infected machines engaged in the DOS attack against SCO.
However, it was enough. In a prepared statement, SCO confirmed the attack stating that requests sent to www.sco.com from MyDoom-infected computers were responsible for making its website “completely unavailable” on Sunday, February 1. Facing continual attacks for at least until February 12, SCO moved its website. Over $250,000 in bounties were posted by SCO and Microsoft for information leading to the identification of the virus’ author.
The virus now has the distinction of being the fastest spreading attack on record, edging out SoBig.F which hit the Internet with a vengeance in August of 2003. Estimates on the number of machines infected vary, but it is anticipated the number will be well over one million on the final tally. At its peak on Thursday, January 29, the number of systems being infected reached 12,000 per hour.
Because the code is designed to stop its DOS attack against SCO on Feb 12, many individuals (and companies) are under the impression that the virus will pose no further threat at that point. Security experts warn that this is not the case. The virus will still be resident until cleansed and will continue to monitor activity on the infected machine. Additionally infected machines can serve as a “zombie army” that could allow hackers to execute additional DOS attacks and cause other serious problems in the future.
Damage and total cost estimates from MyDoom are still in progress, but Computer Economics now estimates the total may exceed $4 billion, making it one of the costliest cyber attacks on record. Additionally, 2004 is threatening to be one of the worst years ever in terms of virus damages and costs. The fact that SoBig.F and MyDoom were launched only months apart and are now ranked as the two fastest spreading viruses of all time, illustrates that the risk remains extremely high that a “super” attack is a real possibility–one that could have consequences far in excess of any seen to date.
February 2004
Avasant’s research and other publications are based on information from the best available sources and Avasant’s independent assessment and analysis at the time of publication. Avasant takes no responsibility and assumes no liability for any error/omission or the accuracy of information contained in its research publications. Avasant does not endorse any provider, product or service described in its RadarView™ publications or any other research publications that it makes available to its users, and does not advise users to select only those providers recognized in these publications. Avasant disclaims all warranties, expressed or implied, including any warranties of merchantability or fitness for a particular purpose. None of the graphics, descriptions, research, excerpts, samples or any other content provided in the report(s) or any of its research publications may be reprinted, reproduced, redistributed or used for any external commercial purpose without prior permission from Avasant, LLC. All rights are reserved by Avasant, LLC.
Login to get free content each month and build your personal library at Avasant.com
