[Dshield] MyDoom-A/B

John Sage jsage at finchhaven.com
Mon Feb 2 01:11:59 GMT 2004


On Sun, Feb 01, 2004 at 09:34:19AM -0500, Johannes B. Ullrich wrote:
> From: "Johannes B. Ullrich" <jullrich at sans.org>
> To: list at dshield.org
> Date: Sun, 01 Feb 2004 09:34:19 -0500
> Subject: [Dshield] MyDoom-A/B
> Well, mydoom a & b are now in full swing dDOS'ing sco.com and
> microsoft.com respectively.
> At this point, it looks like 'www.sco.com' is down, but Microsoft.com
> doesn't show an impact so far.
> At least Rogers appears to have changed the sco.com DNS record to
> I haven't heard reports from other ISPs, but if you could
> check please and let me know if your ISP is using this to reduce the
> damage on its own infrastructure.

Before a lot of people start buying into SCO's FUD that they've "been
knocked off the Internet" check out Netcraft's latest "Performance"


Posted by mhp at 09:27 PM UTC on Feb 1, 2004 in Performance:

"Further corroboration of the generally good connectivity across the
Internet can be seen by viewing www2.sco.com. which is on the same
Class C that www.sco.com occupied until earlier this
evening. http://www2.sco.com/ loads very quickly to the eye, and the
traceroute seems very good considering the circumstances.

"A graph of performance of www2.sco.com has just started
appearing. while a comparative table of performance of some of the
sites connected with the MyDoom virus is also available. Each is
updated every fifteen minutes.

"Note that sco.com and caldera.com, which both shared the same ip
address as www.sco.com are still down, possibly because of stale DNS
caching, or perhaps simply because the machine that ran those sites
has been shut down.

% host sco.com
sco.com has address
%host www.caldera.com
www.caldera.com has address

"The most recent Web Server Survey found some 58 hostnames running web
sites that resolved to this ip address, and one would presume that SCO
is unconcerned about their availability, since it would have been
possible to give www.sco.com its own ip address in the prelude to the

Why would SCO be "unconcerned about their availability"?

Microsoft seems to have been able to cope with this sort of thing
in the past, and presumably will again, very shortly.

Why is SCO so eager to be "downed"?

Having www.sco.com down wouldn't feed into their PR campaign against
Linux, would it?

- John
"Mad cow? You'd be mad too, if someone was trying to eat you."

More information about the list mailing list