The main Recording Industry Association of America web site www.riaa.com has experienced intermittent outages since the spread of the MyDoom.F virus, which programs computers to launch a distributed denial of service (DDoS) attack on the site.
Antivirus vendor Trend Micro says it has detected more than 23,000 machines infected with MyDoom.F, a sizeable number but far less than its predecessor, MyDoom.A, which launched a DDoS that kept www.sco.com site offline for the first half of February.
The www.sco.com hostname remains out of the DNS, three days after the denial of service attack connected to the MyDoom virus was scheduled to finish. Computers infected by MyDoom, which at one point estimated to be more than 400,000, were programmed to launch a DDoS on SCO's main web site Feb. 1 and end the attack Feb. 12, this past Thursday.
However, SCO have not yet put ww.sco.com back into the DNS, perhaps indicating that varients of the virus may be continuing the attack, or perhaps simply that they perceive that the cost/benefit of the site has become unfavourable.
% host www.sco.com Host www.sco.com not found: 3(NXDOMAIN)
SCO took www.sco.com out of the DNS shortly after the attack began Feb. 1, and began using www.thescogroup.com as an alternate site. That URL has also experienced performance problems at first, but has been available in recent days.
A dynamically updating table of the sites affected by the MyDoom DDoS is available here.
A new version of the DoomJuice worm seeks to launch a more effective denial of service attack on Microsoft's web site tomorrow, according to F-Secure.
The new worm, DoomJuice.B, sets random HTTP headers to make it more difficult to filter the attack traffic, seeking to work around a defensive measure used by Microsoft earlier this week, when www.microsoft.com dropped requests without User-Agent headers to differentiate between Web browsers and the DDoS attack agents. The DoomJuice.B DDoS also initiates twice as many requests as its predecessor, launching 32-192 parallel threads instead of the 16-96 of DoomJuice.A.(more...)
Microsoft's main web site at www.microsoft.com experienced performance problems this morning, probably due to a DDoS attack launched by a new version of the MyDoom virus.
This morning at around 9am GMT response times to www.microsoft.com surged, and for a time the site failed to respond. Subsequently, the www.microsoft.com began dropping requests without User-Agent headers, apparently to differentiate between traffic from Web browsers and the DDoS attack agents. Our monitoring requests, which do not normally set a User-Agent, were also dropped. These were changed to supply a user-agent header on requests to www.microsoft.com around 2pm GMT and have since seen mixed results, with relatively normal results from London, but some extended and erratic response times from Atlanta, New York and Texas.
General internet connectivity has not been noticeably impaired with 41 of 52 leading hosting company sites experiencing no failed requests in the last 24 hours.
Ranking by Failed Requests and Connection time,
January 1st - 31st 2004
This is the second month running that INetU's site has had no failed requests at all, and it has now been in the top three for the last four months. As neither INetU or Secure Dog had any failed requests, INetU is ranked above Secure Dog because the average connection time from our performance measurment points to the INetU site was faster.
Third was www.pair.com, a consistently reliable site which was placed fourth for H2 2003. All of the top three sites run on BSD operating systems.
Two European hosting company sites made it in to the top 10. Cable & Wireless and Energis, respectively the second and third largest telcos' in the UK were fifth and tenth. Energis is Netcraft's own connectivity provider, but has no special advantage as none of the measurement points are on the Energis network.(more...)