SCO moves to temporary Web site as Mydoom attack continues

Computerworld - The SCO Group Inc. is fighting back against the writers of the Mydoom.A worm that caused havoc on the company's Web site this weekend by switching the company's site domain address temporarily to outsmart the attackers.
The Lindon, Utah-based Unix vendor today announced that it had moved its Web site to www.thescogroup.com instead of its normal address of www.sco.com to avoid the worm-induced distributed denial-of-service (DDoS) attack that has been pummeling the original site since early yesterday (see story).
The attack is scheduled to continue through Feb. 12, according to the code in the worm, so the company will continue to use the alternate Web site for the duration.
The Mydoom.A Internet worm, which began its spread last week (see story), was programmed by virus writers to attack the SCO Web site, and a variant of the worm called Mydoom.B targets the Web site of Microsoft Corp.
SCO spokesman Blake Stowell said last night that the original SCO Web site had been bombarded by incoming site requests as a result of the worm and was knocked off-line from midnight to 8 a.m. EDT yesterday. At noon EDT yesterday, the company decided to temporarily remove the www.sco.com address from the domain name servers that direct traffic to the site to halt the attacks.
Charles Kolodgy, a security analyst at market research company IDC in Framingham, Mass., said the temporary domain address change will work because it will allow customers to access SCO's site while its normal address is under attack. It will, however, be inconvenient for anyone who hasn't heard about the temporary site relocation, he said.
SCO is responding appropriately to the problem, Kolodgy said. "Everyone who has it [the old SCO Web site] bookmarked will have to try to find them. That was kind of one way to get rid of a denial-of-service [attack], by getting rid of the Web site" it's using, he said.
Darl McBride, president and CEO of SCO, said in a statement that the attack won't stop customers from accessing information from his company.
"Security experts are calling Mydoom the largest virus attack ever to hit the Internet, costing businesses and computer users around the world in excess of $1 billion in lost productivity and damage," McBride said. "Because one of its purposes is to interrupt access to the www.sco.com Web site, we are taking steps to help our important stakeholders continue to access the information, data and support that they need from this new ... Web site."
In addition to the usual SCO links and information, the temporary site also includes links for security vendors, including Network Associates Inc. and Symantec Corp., where users can get the latest information on how to download software updates and protect their PCs against the Mydoom virus.
SCO believes the latest DDoS attack and several that preceded it are the work of open-source advocates who have been critical of the $3 billion legal fight against IBM and Linux that SCO launched last March. SCO sued IBM alleging that the company illegally donated some of SCO's System V Unix code to the Linux open-source project.
Last week, SCO posted a $250,000 reward for information leading to the capture of the person or people responsible for the Mydoom worm (see story). Two days later, Microsoft announced its own $250,000 bounty (see story).
"We believe that Microsoft's $250,000 reward, in addition to the $250,000 reward offered by SCO, will significantly assist the FBI in obtaining serious leads that may help catch the perpetrators of this virus," McBride said.
A free patch capable of wiping the program from an infected machine is available at many antivirus sites, including www.sophos.com/virusinfo/articles/maindoom.html of Sophos PLC and www.f-secure.com/v-descs/novarg.shtml of F-Secure Corp.

Read more about spam, malware and vulnerabilities in Computerworld's Spam, Malware and Vulnerabilities Knowledge Center.