28 January 2004 SCO Group has offered a $250,000 bounty for information leading to the conviction of the author of the MyDoom worm.
Nicknamed ‘SCObig’, the worm is programmed to launch a denial of service (DoS) attack on SCO’s web site on 1 February. The news drew a robust response from SCO CEO Darl McBride.
“[MyDoom] harms not just our company but also damages the systems and productivity of a large number of other companies and organisations around the world,” said McBride. “We do not know the origins or reasons for the attack, although we have our suspicions. This is a criminal activity and must be stopped.”
SCO claims ownership of the Unix intellectual property and has launched a series of legal offensives against IBM, Novell and users of Linux claiming that code within it either breaches Unix licences or has been copied from its own Unix operating systems.
McBride has even claimed that open source software is unconstitutional and a threat to US national security. As a result, the company has been vociferously attacked by open source software developers and users. Its web site has also been hit by a number of DoS attacks.
MyDoom is sent as an binary attachment, often arriving in a compressed file format in a bid to evade anti-virus software. Even though it is an executable file, it is represented by a text icon, which leads many to believe it is harmless. The body of the email varies.
Once activated, the worm installs a Trojan horse application, enabling the attackers to gain unauthorised access to the user’s machine. It also searches through the user’s email and sends out copies of itself to all their contacts.
Like most viruses and worms, MyDoom solely targets computers running Microsoft Windows. It is most active in the US, Australia, Canada and the UK, but has been sighted in 168 countries worldwide and accounts for about one in nine emails sent globally. “[It is] the fastest spreading mass-mailer ever,” said David Banes, a technical director at email scanning services supplier MessageLabs.
The worm is only activated if the attachment is opened.