The SCO Group Web site was the main target of the MyDoom worm, which is a variant of the Mimail virus and was first discovered towards the end of January. The worm installed a back-door program that allowed infected PCs to be controlled remotely. The worm was designed to launch an attack on SCO's Web servers between Feb. 1 and Feb. 12. However, because of incorrectly set PC clocks, the attack continued until the end of last week.
SCO has roused the ire of many in the software community because of a series of lawsuits related to its Unix intellectual property, and for attempts to force companies using Linux to pay license fees to SCO.
The sheer ferocity of the attack caught SCO and security analysts by surprise and SCO's initial confidence in surviving the attack quickly diminished. Within hours, the SCO site was completely inaccessible, forcing the company to launch an alternative site to maintain its Web presence.
According to Finnish security company F-Secure, SCO attempted to revive the site on Feb. 27 at 6:15 a.m. (GMT), but had to take it down again after 30 minutes.
Web site monitoring company Netcraft claims SCO.com was returned to the Internet on Friday evening and over the weekend--it did experience two short breaks in service, but apart from that it has been performing well.
A spokesman at antivirus company BitDefender told ZDNet UK that although SCO's site was back, it could easily be sent down by another MyDoom-type worm: "Yes, at this moment, there is no attack on the SCO Web site anymore. To restart the attack it is simple: another version of the virus... It's just that," he said.
With virus authors apparently conducting a war of words through their worms' source code, F-Secure said a new attack would not be surprising: "As the new versions emerge--three or even four in a day--[a new attack] wouldn't be so difficult," he said.
