Mydoom virus is a particularly lethal worm

By the time this column is published, the Mydoom virus will likely have gone down in technology annals as the most prolific and far-reaching cyber attack in history.

As of last Tuesday, anti-virus vendors were suggesting that 8 percent of all e-mail traffic, roughly one out of 12 e-mails, had been infected with Mydoom. By Thursday, some industry experts were placing the number as high as a 26 percent infection rate, with no apparent abatement in sight.

As many "Utah Tech Watch" readers will already know, the perpetrator behind this particular "worm" virus did two interesting things.

One, the virus message is designed to entice users to open a compressed ZIP file, something I've not seen before.

Two, in addition to taking over infected computers' e-mail address books and spamming itself out to kingdom come, the virus is also designed to launch what appears at first glance to be a distributed denial-of-service (DDOS) attack against The SCO Group (Nasdaq: SCOX) Web site starting Feb. 1.

(By way of disclosure, Politis Communications, a public/investor relations and marketing agency I own, provided consulting and PR services to SCO/Caldera between August 2002 and December 2002.)

I say 'at first glance' because as of late Thursday night when this column was written, the latest analysis by multiple independent sources and news reports suggest that the DDOS attack is not a true DDOS attack but actually what might be called a head fake.

In fact, the virus-infected computers were scheduled to wake up on Feb. 1 and attempt to connect to the SCO Web site at www.sco.com. It is not apparent, however, that the infected computers would continue to bombard the SCO URL with repeated attempts to connect such as a "true" DDOS attack might.

The newest speculation about the real purpose behind this virus is to allow those with nefarious motives to take over a raft of unprotected personal computers for future use as spamming engines or to steal data directly off the PCs, such as sensitive credit card data.

By the time the virus' efforts are spent on Feb. 12, it's expected that more than 1 million PCs will have been infected by Mydoom.

And that's including the new variant of the virus called Mydoom.b. This one is designed to launch a similar attack against the Microsoft (Nasdaq: MSFT) Web site as well as against SCO.