The SCO Group is fighting back against the writers of the Mydoom.A worm that caused havoc on the company's Web site this weekend by switching the company's site domain address temporarily to outsmart the attackers.
The Unix vendor today announced that it had moved its Web site to www.thescogroup.com instead of its normal address of www.sco.com to avoid the worm-induced distributed denial-of-service (DDoS) attack that has been pummeling the original site.
The attack is scheduled to continue through Feb. 12, according to the code in the worm, so the company will continue to use the alternate Web site for the duration.
The Mydoom.A Internet worm, which began its spread last week, was programmed by virus writers to attack the SCO Web site, while a second variant of the worm called Mydoom.B is targeted at the Web site of Microsoft.
SCO spokesman Blake Stowell said last night that the original SCO Web site had been bombarded by incoming site requests due to the worm and was knocked off-line. The company decided to temporarily remove the www.sco.com address from the domain name servers that direct traffic to the site to halt the attacks.
Charles Kolodgy, a security analyst at market research company IDC, said the temporary domain address change will work because it will allow customers to access SCO's site while its normal address is under attack. It will, however, be inconvenient for anyone who hasn't heard about the temporary site relocation, he said.
SCO is responding appropriately to the problem, Kolodgy said. "Everyone who has it [the old SCO Web site] bookmarked will have to try to find them. That was kind of one way to get rid of a denial-of-service (attack), by getting rid of the Web site" it's using, he said.
Darl McBride, president and CEO of SCO, said in a statement that the attack won't stop customers from accessing information from his company.
"Security experts are calling Mydoom the largest virus attack ever to hit the Internet, costing businesses and computer users around the world in excess of US$1 billion in lost productivity and damage," McBride said. "Because one of its purposes is to interrupt access to the www.sco.com Web site, we are taking steps to help our important stakeholders continue to access the information, data and support that they need from this new ... Web site."
In addition to the usual SCO links and information, the temporary site also includes links for security vendors, including Network Associates and Symantec, where users can get the latest information on how to download software updates and protect their PCs against the Mydoom virus.
SCO believes the latest DDoS attack and several that preceded it are the work of open-source advocates who have been critical of the $3 billion legal fight against IBM and Linux that SCO launched last March. SCO sued IBM alleging that the company illegally donated some of SCO's System V Unix code to the Linux open-source project.
Last week, SCO posted a $250,000 reward for information leading to the capture of the person or people responsible for the Mydoom worm. Two days later, Microsoft announced its own $250,000 bounty.
"We believe that Microsoft's $250,000 reward, in addition to the $250,000 reward offered by SCO, will significantly assist the FBI in obtaining serious leads that may help catch the perpetrators of this virus," McBride said.
A free patch capable of wiping the program from an infected machine is available at many antivirus sites, including www.sophos.com/virusinfo/articles/maindoom.html of Sophos and www.f-secure.com/v-descs/novarg.shtml of F-Secure.