Microsoft has alternative site available, just in case

Microsoft has made an alternative web site available at in case people experience difficulty accessing

Although our measurement points have seen some requests to fail today - to put this in context,, the top ranked hosting company site hasn't had a request fail in over two months - it's been pretty much business as usual for the web site to date, with most response times little different from any other day.

Windows computers infected with MyDoom.B are programmed to begin attacking today at 13:09:18 (UTC) and continue through March 1st.

Performance data for the sites involved in the MyDoom DDoS is available here.

New SCO site experiences outages and slow response times

Overnight, response times on have become erratic, and the site has suffered over an hour of outages. Performance data for the sites involved in the MyDoom DDos is available here.

Additionally, has been taken out of the DNS.

% host
Host not found: 3(NXDOMAIN)

Microsoft Issues Critical Update On URL Spoofing

Microsoft has issued a promised patch for Internet Explorer that addresses a URL spoofing flaw, as well as a critical security hole that could allow crackers to gain control of Internet-connected computers through Javascript links in web pages.

The latest IE update disallows the use of the "@" character in URLs, addressing a snafu which has helped phishing scammers to disguise the Internet address of a fake Web site. Once the update is installed, including the @ symbol in urls will return an "invalid syntax error" message. Internet scammers have been using @ signs in urls to trick bank customers into revealing their account details.

The latest patch also fixes a cross-domain scripting vulnerability in Internet Explorer, through which a remote attacker could bypass security measures that limit the commands that Web-based code can execute on a user machine. The flaw enables a link containing Javascript code to run commands in the Local Machine Zone with user privileges.

Netcraft has developed a service to help banks and other financial organizations identify sites which may be trying to construct frauds, identity theft and phishing attacks by pretending to be the bank, or are implying that the site has a relationship with the bank when in fact there is none.

Microsoft shorten TTL in anticipation of MyDoom.B payload

In anticipation of the MyDoom.B payload striking tomorrow, Microsoft have shortened the TTL [time to live] on the DNS entry to five minutes. Yesterday the TTL was set to just under an hour.

Essentially, Microsoft is accepting the significantly higher load on its name servers [outsourced to Akamai] as the premium of an insurance policy in the event that it wants to move very quickly.

In this regard Microsoft is being very circumspect towards the potential payload of MyDoom B virus, which anti-virus companies have tended to belittle. Of course, this may simply reflect the fact that Microsoft is directly at risk from the payload, while the anti-virus companies are merely informed bystanders, rather than Microsoft's view of the likely traffic levels being significantly different to the anti-virus companies' expectations.

Our expectation is that Microsoft will defend the payload from its own network, at least initially. If Microsoft does decide to deploy Akamai's http caching, this should not necessarily be read as an admission that its in-house infrastructure could not cope; it is more likely to be motivated by a public spirited desire to keep the traffic off the Internet's main arteries by absorbing the payload as close to the sources of the attacks as possible.

Continue reading

SCO to use new domain for the duration of MyDoom DDoS

The SCO Group, Inc. will use as an alternate web site while remains under a denial of service attack from machines infected with the My Doom worm, the company said this morning. The URL is expected to serve as an interm site for SCO through Feb. 12, when the DDoS is expected to conclude. "SCO has developed layers of contingency plans to communicate with our valued customers, resellers, developers, partners and shareholders," asid Jeff Carlon, the company's director of worldwide IT infrastructure, who called the new domain "the first step" in its planning. actually resolves to the same ip address as

% host has address
% host has address

Performance data on is available now. enjoys good response times

Further corroboration of the generally good connectivity across the Internet can be seen by viewing which is on the same Class C that occupied until earlier this evening. loads very quickly to the eye, and the traceroute seems very good considering the circumstances.

A graph of performance of has just started appearing. while a comparative table of performance of some of the sites connected with the MyDoom virus is also available. Each is updated every fifteen minutes.

Note that and, which both shared the same ip address as are still down, possibly because of stale DNS caching, or perhaps simply because the machine that ran those sites has been shut down.

% host has address
%host has address

The most recent Web Server Survey found some 58 hostnames running web sites that resolved to this ip address, and one would presume that SCO is unconcerned about their availability, since it would have been possible to give its own ip address in the prelude to the DDoS.

Continue reading