Mydoom tops the charts

As SCO Group takes down its website and Microsoft battens down the hatches, security experts have labelled Mydoom one of the fastest-spreading internet worms ever produced.

In less than a week after its initial discovery, Mydoom also known as Novarg or Shimgapi, was now close to becoming the most damaging malware of all time, rivalling the notoriety SoBig achieved over a few months in late 2003, according to a report from the mi2g Intelligence Unit.

“At present rates, MyDoom is the fastest spreading malware of all time and research shows that it took less than three minutes to spread into most time zones across the globe. With the recent hike in infections, Mydoom has become comparable in destruction to Sobig -- the worst malware of all time, which caused US$37 billion of economic damage worldwide primarily in late 2003,” said mi2g, which estimated Mydoom had caused US$35.2 billion of economic damage worldwide.

The worm was programmed to take control of unsuspecting computer users' PCs from which it launched a denial-of-service attack on SCO on Sunday. Seemingly in response to this attack, the SCO Group took down its website, www.sco.com, out of the domain name system (DNS) in order to keep the denial of service traffic off the net, according to UK-based internet analysis firm Netcraft.

In its monthly chart of top 10 rampant viruses, anti-virus vendor Sophos said Mydoom had stormed to number one in less than a week. Mydoom, and number two virus Bagle, accounted for more than 40 percent of reports to Sophos during January.

Despite the seriousness of the threat, Paul Ducklin, head of technology, Asia Pacific at Sophos in Sydney, warned Mydoom was “the most-hyped virus in history”.

“We are already seeing statements that MyDoom has caused US$38 billion in damage, which somehow seems to beggar belief," said Ducklin. "I think we should be much more concerned about the damage and distress caused by storms in Queensland over the past few days than by Mydoom, which is, after all, pretty easy to prevent and -- thanks to free downloads from most anti-virus companies -- easy to remove from your computer."

Bruce Pyke, customer operations director at local internet service provider Pacific Internet said Mydoom was “the largest virus we've ever seen”. Pyke estimated that 25 percent of email traffic was virus affected since Mydoom emerged.

“The second largest virus we've seen was Swen which, at its strongest, was producing less than half the volume Mydoom is currently producing,” he said.

Pacific Internet claimed to have blocked quarter of a million versions of the Mydoom virus.

“Normally we block 300 to 500 of viruses a day but just for the Mydoom virus yesterday, we blocked 70,000, on Wednesday we blocked 80,000 and on Tuesday we blocked 60,000.”

Pyke said Pacific's network performance was not affected. Pacific also offers its customers free spam and virus protection.

Meanwhile software giant Microsoft was reportedly preparing for a similar, planned attack by a variant of the Mydoom worm this week.

SCO and Microsoft had each offered a bounty of US$250,000 for information leading to the capture of the author of the malicious program.

SCO Group and Microsoft were unavailable for comment at time of print. Microsoft's website, www.microsoft.com, was reportedly performing normally, according to Netcraft's message board.

With its recent legal actions, SCO had drawn the ire of the open source community, who objected publicly to the company's claim that it had copyright control over key pieces of the Linux operating system.