|Your account||Today's news index||Weather||Traffic||Movies||Restaurants||Today's events|
Tuesday, February 03, 2004 - Page updated at 10:17 A.M.
MyDoom worm not strong enough to slam Microsoft, virus experts say
By Kim Peterson
A variant of the MyDoom worm is programmed to attack Microsoft's main Web site today, but anti-virus experts say the new version is badly written and has not circulated enough to cause much damage.
The variant, called MyDoom.B, is expected to attack Microsoft.com today by directing infected computers to flood the site with traffic.
A small software company in Lindon, Utah, is still reeling from a similar attack, called a denial-of-service attack, that was created by an earlier-generation worm known as MyDoom.A. That worm infected hundreds of thousands of machines last week, and had computers repeatedly visiting the Web site of The SCO Group on Sunday.
SCO was unprepared for the severity of the attack and had to shut down its Web site, at www.sco.com, in response. The company created a new Web site, at www.thescogroup.com.
Microsoft likely won't have that problem. Jimmy Kuo, a researcher with the anti-virus team at McAfee Security, based in Santa Clara, Calif., said MyDoom.B has its own flaw a bug within a bug, so to speak that will make the attack ineffective. About 93 percent of computers that try to attack Microsoft's site will fail, he said.
And MyDoom.B isn't really circulating on the Internet, he said. By yesterday morning, he said, McAfee had collected a sample count of millions of MyDoom.A instances, but the MyDoom.B count was in the teens.
MyDoom.B has another twist: It is programmed to block a computer's access to some 65 Web sites, including many of the top anti-virus vendors. Some of the 65 belong to Microsoft, such as its site for developers and the Windows Update site the company uses to provide security information to customers.
Microsoft has responded by creating another Web site, at https://information.microsoft.com, that isn't on the worm's hit list. Customers can go there to learn how to get rid of the worm and visit some of the company's blocked sites, said Stephen Toulouse, a security program manager at Microsoft.
This tactic of blocking access to anti-virus sites has been used before in worms, said Stephen Sundermeier, a vice president at Central Command, an anti-virus company in Medina, Ohio.
Microsoft is not saying how it plans to handle the denial-of-
"We got lucky on that one," Sundermeier said. But he suspects there could be a MyDoom.C in the future, written by someone who learned from the mistakes of MyDoom.B. That worm could attack Microsoft's site again.
"You can probably be sure that Microsoft.com will be the target for the next one," he said.
Kim Peterson: 206-464-2360 or firstname.lastname@example.org
Copyright © 2004 The Seattle Times Company
Home delivery | Contact us | Search archive | Site map | Low-graphic
NWclassifieds | NWsource | Advertising info | The Seattle Times Company
Back to top