In this section

• Home
• Press office
• News archive
• Articles
• 2004
• 01

• Journalists' guide
• News archive

Talk to our experts

• Press contacts

Resources

• Sophos Podcasts
• SophosLabs blog
• Graham Cluley's blog
• Image gallery
• Customer case studies
• Free anti-virus
• White papers
• Awards and reviews
• Industry affiliations

Info feeds

• Security news
• Company news

• Security news
• Company news

What are info feeds?

28 January 2004

MyDoom worm: the latest weapon in the Linux wars? Sophos comments

Virus researchers at Sophos are suggesting that the W32/MyDoom-A worm, currently spreading widely across the internet, may have been deliberately constructed as a weapon in the current round of "Linux wars". The worm launches a distributed denial of service attack against the website of SCO, who have recently courted controversy in the Linux community. Such an attack could potentially knock SCO's website off the internet.

In May 2003 US-based SCO claimed that versions of the Linux open source operating system use code owned by SCO. It has begun offering Linux users a licence to protect them against possible legal action. Leading Linux developers such as Linus Torvalds, the inventor of Linux, have denied that Linux source code contains any SCO intellectual property. SCO has also launched legal actions against IBM, Red Hat, and Novell.

"Conflicts between SCO and the open source community have been escalating for some months and it seems the MyDoom worm, which attacks the SCO website, may have been deliberately constructed and unleashed by its author as part of this ongoing wrangle," said Sean Richmond, Sophos's Technical Support Manager for Australia and New Zealand.

Once the MyDoom worm has infected a PC it attempts to spread via mass-emailing and includes a backdoor that turns the computer into a "zombie" which can unwittingly launch the attack against SCO's website between 1 and 12 February.

Sophos offers the following advice:

1. Don't act on web links or attachments sent to you in emails.
2. Block all Windows programs (EXE, DLL, SCR, BAT, PIF, CMD, etc.) files at your email gateway if you can. Because of the associated risks, there is almost no business case for distributing programs by email.
3. Filter outbound email with a product such as Sophos PureMessage or Sophos MailMonitor before it leaves your network. This is good "internet citizenship", because it limits the collateral damage you can do to the internet even if you become infected.
4. Update your anti-virus software regularly and frequently so you can identify the latest threats accurately. Using a product (such as Sophos Enterprise Manager) which can automate updates takes the stress and uncertainty out of the process.

• Bookmark with del.icio.us
• Submit this story to digg
• Submit this story to slashdot

About Sophos

Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com