Virus researchers at Sophos are suggesting that the W32/MyDoom-A worm,
currently spreading widely across the internet, may have been
deliberately constructed as a weapon in the current round of "Linux
wars". The worm launches a distributed denial of service attack
against the website of SCO, who have recently courted controversy
in the Linux community. Such an attack could potentially knock
SCO's website off the internet.
In May 2003 US-based SCO claimed that versions of the Linux open
source operating system use code owned by SCO. It has begun
offering Linux users a licence to protect them against possible
legal action. Leading Linux developers such as Linus Torvalds, the
inventor of Linux, have denied that Linux source code contains any
SCO intellectual property. SCO has also launched legal actions
against IBM, Red Hat, and Novell.
"Conflicts between SCO and the open source community have been
escalating for some months and it seems the MyDoom worm, which
attacks the SCO website, may have been deliberately constructed and
unleashed by its author as part of this ongoing wrangle," said Sean
Richmond, Sophos's Technical Support Manager for Australia and New
Zealand.
Once the MyDoom worm has infected a PC it attempts to spread via
mass-emailing and includes a backdoor that turns the computer into
a "zombie" which can unwittingly launch the attack against SCO's
website between 1 and 12 February.
Sophos offers the following advice:
- Don't act on web links or attachments sent to you in
emails.
- Block all Windows programs (EXE, DLL, SCR, BAT, PIF, CMD, etc.)
files at your email gateway if you can. Because of the associated
risks, there is almost no business case for distributing programs
by email.
- Filter outbound email with a product such as Sophos PureMessage
or Sophos MailMonitor before it leaves your network. This is good
"internet citizenship", because it limits the collateral damage you
can do to the internet even if you become infected.
- Update your anti-virus software regularly and frequently so you
can identify the latest threats accurately. Using a product (such
as Sophos Enterprise Manager)
which can automate updates takes the stress and uncertainty out of
the process.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.