RIAA Site Still Battling MyDoom.F

On the 17th of each month, computers still infected with MyDoom.F launch a distributed denial of service (DDoS) attack on the web sites of Microsoft and the Recording Industry Association of America (RIAA). While the well-defended Microsoft site has suffered nary a blip from MyDoom.F, the RIAA site was offline from March 17-24 and again last month.

The RIAA site began experiencing performance problems again this morning, although it seems to be faring somewhat better than on previous MyDoom.F trigger dates. The site index is using a text-only redirection page at www.riaa.com in an attempt to reduce the load on its server.

RIAA Web Site Availability

A dynamically updating graph of the sites targeted for DDoS by various MyDoom variants is available here.

The RIAA site has a history of outages related to DDoS attacks (including extended downtime in July 2002 and January 2003) and has frequently been defaced.

Nonetheless, the ongoing traffic from MyDoom.F demonstrates that many computer owners continue to leave compromised machines unsecured and online. In theory, it should be somewhat easier for users to notice the activity of MyDoom.F, which deletes Microsoft Word and Excel documents. Yet it appears that many MyDoom.F victims soldier on, leaving the malware to continue its monthly DDoS activity.