In response to what is being called the fastest-spreading computer virus of all time, SCO Group — targeted by the MyDoom worm’s estimated 3 million infected machines in a planned denial-of-service (DoS) attack scheduled for February 1st — is offering a US$250,000 reward for information leading to the arrest and conviction of the worm’s creators.
Calling the MyDoom outbreak more troubling than previous assaults against his company’s Web site, SCO president and CEO Darl McBride pointed out that the worm is affecting a wide range of companies and computer users. SCO’s site reportedly has undergone several DoS attacks since the company began its campaign to stake its rights to certain elements of the Linux operating system, which SCO alleges improperly borrowed from its own Unix source code.
“We do not know the origins or reasons for this attack, although we have our suspicions,” McBride said in a statement. “This is criminal activity and it must be stopped. To this end, SCO is offering a total of $250,000 reward for information leading to the arrest and conviction of those responsible for this crime.”
SCO is not the first company to put a bounty on virus writers’ heads. Microsoft announced a similar reward for the apprehension of those who create and distribute malicious code last November. However, virus fighters tend to view such rewards more as company statements and doubt their effectiveness as weapons in the war against malware.
Statement or Stance
“I don’t think it’s bad, but I think it’s aimed at industry favor as opposed to a real security stance,” MessageLabs CTO Mark Sunner told TechNewsWorld. “Obviously, SCO is being singled out and they feel they need to make a bit of a stance, but I think it’s more sabre rattling. I don’t think it will really unearth anything.”
Nevertheless, SCO spokesperson Blake Stowell told TechNewsWorld that the company views the MyDoom worm as a more significant issue than past DoS attacks on its site — and is therefore offering the reward in addition to working with law enforcement.
“It is more serious because it uses a virus to target our Web site versus just a hacker compromising some servers and compromising SCO’s site,” Stowell said. “It’s a more serious matter not just for SCO, but for others online and potentially millions of computers downloading this virus and doing damage to machines in addition to attacking the SCO site.”
While SCO has worked with law enforcement on the previous attacks, Stowell said the company’s work with law enforcement on MyDoom marks a new level of significance, as the worm might go down as the biggest outbreak in history.
MyDoom Breaks Records
MessageLabs’ Sunner, who reported MyDoom had infected an estimated 3 million machines with a presence in one out of every 12 e-mails worldwide at its peak, told TechNewsWorld that the worm has not slowed down yet.
Sunner said the previous fastest spreader, the SoBig worm, reached a peak infection ratio of one in every 17 e-mails. While he said MyDoom is spreading at a rapid and prolific rate, he also said the worm might not be as problematic as SoBig because it is not generating the amount of alerts that SoBig did and therefore is not clogging e-mail servers as badly.
Sunner credited two factors for MyDoom’s success: timing and the use of a file-compression technique that allowed it to slip through traditional antivirus measures. The worm also employs an effective social-engineering trick that has duped thousands of users.
“This one is more cunning because it basically operates under the guise of a technical error,” he said, referring to MyDoom’s strategy to get users to launch the executable unwittingly.
Law Enforcement Involvement
While previous reported attacks on SCO’s site have been viewed by opponents of the company’s Linux licensing campaign as a publicity play, Stowell told TechNewsWorld that the involvement of law enforcement indicates how real the attacks have been.
“If anyone suggests that, it’s simply crazy,” Stowell said. “You don’t make something like this up inside a company and invite the FBI to investigate. That’s ludicrous.”
Referring to the ineffectiveness of recent laws and harsh penalties for illegal spamming, Sunner said the worm writer bounties are also unlikely to result in the apprehension of the malicious code authors.
“It’s more making a statement rather than anything that will actually yield a result,” he said.