new anti-sco worm. really.

[dep]

http://news.com.com/2100-7349_3-5147605.html?tag=nefd_lede

A mass-mailing virus that quickly spread around the Internet on Monday 
is compromising computers so they attack the SCO Group's Web server 
with a flood of data, according to antivirus companies.

The virus--known as MyDoom, Novarg and as a variant of the Mimail virus 
by different antivirus companies--arrives in an in-box with one of 
several different random subject lines such as "Mail Delivery System," 
"Test" or "Mail Transaction Failed." The body of the e-mail contains an 
executable file and a statement such as: "The message contains Unicode 
characters and has been sent as a binary attachment."

"It's huge," said Vincent Gullotto, a vice president in security 
software maker Network Associates' antivirus emergency response team. 
["Oh, wait -- that's a different spam email." (I made the part in 
brackets up.)] "We have it as a high-risk outbreak."

In one hour, Network Associates itself received 19,500 e-mails bearing 
the virus from 3,400 unique Internet addresses, Gullotto said. One 
large telecommunications company has already shut down its e-mail 
gateway to stop the virus.

Once the virus infects a PC, it installs a program that allows the 
computer to be controlled remotely. The PC then starts sending data to 
the SCO Group's Web server, a Symantec spokesman said.

The SCO Group has incurred the wrath of the Linux community for its 
claims that important pieces of the open-source operating system are 
covered by SCO's Unix copyrights. IBM, Novell and other Linux backers 
strongly dispute the claims. 

SCO technicians couldn't immediately confirm that a denial-of- service 
attack had begun. By 4 p.m. PST, the company's Web site was slow to 
load, a SCO spokesperson acknowledged, but the site was still 
accessible from the World Wide Web. 

SCO's Web site was taken offline by such denial-of-service attacks a 
handful of times in the last year. In the past, the company has blamed 
Linux sympathizers for at least one of the attacks. 

Antivirus companies were scrambling on Monday afternoon to learn more 
about the virus, which started spreading about noon PST.

"A lot of the information is encrypted, so we have to decrypt it," said 
Sharon Ruckman, a senior director in antivirus software maker 
Symantec's security response center. Symantec has had about 40 reports 
of the virus in the first hour, a high rate of submission, Ruckman 
said.

Security companies are still analyzing the virus. Variations in the body 
text include: "The message cannot be represented in 7-bit ASCII 
encoding and has been sent as a binary attachment."

Early data indicated an epidemic several times the size of the Sobig.F 
virus, which caused widespread infections last summer, said Scott 
Petry, a vice president of engineering at e-mail service provider 
Postini.

"At its current run rate, we will trap almost 8 million in a day," Petry 
said. The company quarantined only 1,400 copies of Sobig.F in its first 
day and 3.5 million copies of the virus during that epidemic's peak 
24-hour period.

Mail systems that remove executable files from e-mails can stop the 
program from spreading.
-- 
dep

It's remarkable how quickly a problem goes away once the people with
a vested interest in there being a problem go away. -- Mark Steyn