MyDoom.B Causes Microsoft Problems

Although Microsoft enjoyed early success in fending off the distributed denial of service attack programmed into the fast-spreading MyDoom.B, the mass-mailing worm is inflicting an increasing amount of damage against the software giant's servers.

MyDoom.B was programmed to begin attacking on Feb. 3. The original version infected computers then targeted the SCO Group with a DDoS that was almost immediately successful in taking out SCO's main sites, which remain down.

With a number of countermeasures, Microsoft was able to keep its sites performing at near normal levels through most of last week. But MyDoom.B, which "upgrades" computers infected with MyDoom.A and presses them into its attack against Microsoft, gained ground over the weekend.

"MyDoom is still out there and spreading. It has picked up momentum in the last 48 hours once again. This is a dangerous global epidemic. There are over a million computers still infected that have their backdoors open and they are being upgraded to MyDoom.B which targets Microsoft," DK Matai, executive chairman of the U.K.-based security firm mi2g, said in a statement on Monday.

Researchers at Netcraft recorded a five-hour outage of Microsoft's site on Sunday afternoon and are continuing to record spotty performance at the site. The attacks are scheduled to last until March 1. Users who urgently need information from Microsoft's site and are having problems can access a backup site Microsoft created at Microsoft, like SCO, has offered a $250,000 reward for information leading to the arrest and conviction of the MyDoom authors.

In a move that both helps customers and potentially reduces the attack surface from which the MyDoom DDoS can target Microsoft, the company on Thursday posted a MyDoom removal tool.

The 109 KB tool checks for MyDoom.A and MyDoom.B infections and removes the worms if they're present. It also provides users infected with MyDoom.B with a new "hosts" file and sets the "read-only" attribute for that file. The worm variant blocks users from accessing Microsoft and anti-virus sites in an effort to keep users from downloading fixes.

As it comes from Microsoft, the tool naturally requires the user to accept an end user license agreement before running. The removal tool only works on Windows XP and Windows 2000. It is available at Removal tools have been available from several anti-virus vendors since early in the outbreak. Unlike Microsoft's tool, some of those check for common worms and trojans other than MyDoom.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Microsoft Endpoint Manager Improvements Highlighted at Ignite

    Improvements in the Microsoft Endpoint Manager (MEM) management solution were part of Tuesday's Microsoft Ignite online event.

  • Green City Illustration

    Microsoft Ignite 2020 Reaction, Part 1: A New Normal for Tech Conferences

    Something about Satya Nadella's opening keynote makes Brien wonder if Microsoft thinks we'd all be better off doing everything -- including conferences like Ignite -- remotely, even after the pandemic is over.

  • Microsoft Ignite: Azure Advances Across Five Frontiers

    To kick off the Microsoft Ignite virtual conference, CEO Satya Nadella made a bold claim about the public cloud with the second-largest market share behind Amazon.

  • Microsoft Buying Games Maker ZeniMax Media for $7.5 Billion

    Microsoft is buying ZeniMax Media, parent company of Bethesda Softworks and other game-maker affiliates, for $7.5 billion in cash.

comments powered by Disqus