Microsoft has made an alternative web site available at https://information.microsoft.com
in case people experience difficulty accessing www.microsoft.com.
Although our measurement points have seen some requests to www.microsoft.com fail today - to put this in context, www.inetu.net, the top ranked hosting company site hasn't had a request fail in over two months - it's been pretty much business as usual for the web site to date, with most response times little different from any other day.
Windows computers infected with MyDoom.B are programmed to begin attacking www.microsoft.com today at 13:09:18 (UTC) and continue through March 1st.
Performance data for the sites involved in the MyDoom DDoS is available here.
Overnight, response times on www.thescogroup.com have become erratic, and the site has suffered over an hour of outages
Performance data for the sites involved in the MyDoom DDos is available here
Additionally, www2.sco.com has been taken out of the DNS.
% host www2.sco.com
Host www2.sco.com not found: 3(NXDOMAIN)
has issued a promised patch for Internet Explorer that addresses a URL spoofing flaw
The latest IE update disallows the use of the "@" character in URLs, addressing a snafu which has helped phishing scammers to disguise the Internet address of a fake Web site. Once the update is installed, including the @ symbol in urls will return an "invalid syntax error" message. Internet scammers have been using @ signs in urls to trick bank customers into revealing their account details.
Netcraft has developed a service to help banks and other financial organizations identify sites which may be trying to construct frauds, identity theft and phishing attacks by pretending to be the bank, or are implying that the site has a relationship with the bank when in fact there is none.
In anticipation of the MyDoom.B payload striking www.microsoft.com tomorrow, Microsoft have shortened the TTL [time to live] on the www.microsoft.com DNS entry to five minutes. Yesterday the TTL was set to just under an hour.
Essentially, Microsoft is accepting the significantly higher load on its name servers [outsourced to Akamai] as the premium of an insurance policy in the event that it wants to move www.microsoft.com very quickly.
In this regard Microsoft is being very circumspect towards the potential payload of MyDoom B virus, which anti-virus companies have tended to belittle. Of course, this may simply reflect the fact that Microsoft is directly at risk from the payload, while the anti-virus companies are merely informed bystanders, rather than Microsoft's view of the likely traffic levels being significantly different to the anti-virus companies' expectations.
Our expectation is that Microsoft will defend the payload from its own network, at least initially. If Microsoft does decide to deploy Akamai's http caching, this should not necessarily be read as an admission that its in-house infrastructure could not cope; it is more likely to be motivated by a public spirited desire to keep the traffic off the Internet's main arteries by absorbing the payload as close to the sources of the attacks as possible.
The SCO Group, Inc. will use www.thescogroup.com
as an alternate web site while www.sco.com remains under a denial of service attack from machines infected with the My Doom worm, the company said this morning. The URL is expected to serve as an interm site for SCO through Feb. 12, when the DDoS is expected to conclude. "SCO has developed layers of contingency plans to communicate with our valued customers, resellers, developers, partners and shareholders," asid Jeff Carlon, the company's director of worldwide IT infrastructure, who called the new domain "the first step" in its planning.
sco.com actually resolves to the same ip address as www.thescogroup.com.
% host sco.com
sco.com has address 18.104.22.168
% host www.thescogroup.com
www.thescogroup.com has address 22.214.171.124
Performance data on www.thescogroup.com is available now.
Further corroboration of the generally good connectivity across the Internet can be seen by viewing www2.sco.com. which is on the same Class C that www.sco.com occupied until earlier this evening.
loads very quickly to the eye, and the traceroute seems very good considering the circumstances.
A graph of performance of www2.sco.com has just started appearing. while a comparative table of performance of some of the sites connected with the MyDoom virus is also available. Each is updated every fifteen minutes.
Note that sco.com and caldera.com, which both shared the same ip address as www.sco.com are still down, possibly because of stale DNS caching, or perhaps simply because the machine that ran those sites has been shut down.
% host sco.com
sco.com has address 126.96.36.199
www.caldera.com has address 188.8.131.52
The most recent Web Server Survey found some 58 hostnames running web sites that resolved to this ip address, and one would presume that SCO is unconcerned about their availability, since it would have been possible to give www.sco.com its own ip address in the prelude to the DDoS.