E-bug attacks SCO
Mydoom, a new e-virus which spreads through email and the Kazaa p2p network, is programmed to start Distributed Denial-of-Service attacks on SCO through its web site at www.sco.com on February 1.
SCO is bent on suing IBM, among many others, for alleged copyright violations and its action has left the UnitedLinux consortium “all but dead,” says a cilicon.com report here.
Now, it would appear, Linux supporters are exacting revenge via Mydoom, also known as Shimgapi, Novarg and W32/Mydoom.A@mm
When executed, the worm opens up Windows’ Notepad with garbage data in it. Buried in emails with a random name endings and with ZIP, BAT, CMD, EXE, PIF or SCR extensions, it uses variable subjects, bodies and attachment names, says Finland’s F-Secure here.
F-Secure has upgraded the threat to Level 1 “because of increased infection reports around the world”.
Although Mydoom’s main raison d’etre is to to attack and overload SCO, it also opens up a backdoor to infected computers by planting a new SHIMGAPI.DLL file to system32 directory and launching it as a child process of EXPLORER.EXE.
Although Mydoom is programmed to stop spreading on February 12th, its backdoor function will continue to work.
SCO has already suffered at least two other DOS attacks, says eWeek here.
“Some Linux advocates suggested that the first attack could have been faked by SCO in an attempt to blacken the open-source community’s reputation because of the company’s current dispute with IBM and other Linux companies and users over code it said is covered by its copyrights,” it says. “Later, though, CAIDA showed proof that the SCO Web and FTP sites had indeed undergone a DDoS attack.”
