Their press release announces they have set up an alternate address, which is a technique
they obviously could have implemented sooner. They had a week to prepare, after all.
Of course, then they couldn't send out breathless press releases. This is the new
It will be interesting to find out if there are some disappearing documents as a
result of this whole incident. I have gotten one report that the LKP page is missing so far.
Bob Mims has some interesting details. Stowell says they have a number of backup tricks they can try:
"We have had a good four to five days' notice of this," Stowell said, noting Mydoom's Jan. 26 launch. "We have a lot of backup plans in place." This raises the obvious question: why didn't they implement them *before* they were forced off the internet? If you see a train headed straight toward you, the sensible next move is off the tracks. Is that too simple and obvious? Or does SCO have an agenda that requires that they get taken down periodically? The Mims piece notes:
Since it first filed suit against IBM last March, SCO claims its site has been crashed by several smaller scale denial-of-service attacks -- assaults which flood a target with commands that prevent others from accessing the site. Dan Gilmore puts it bluntly:
The attacks seemed timed in conjunction with controversial SCO announcements or Linux-related legal filings.
That doesn't excuse the DDOS, but it does say something about SCO's credibility, not for the first time. SCO and its senior executives have shown themselves to be willing to stretch, if not snap, the truth -- such as Darl McBride's ridiculously inaccurate meanderings about copyright law, as Larry Lessig has picked apart in some detail. (The world is still waiting for SCO to show any actual violations of copyright, meanwhile.) The pattern I've noticed is odd. Am I misremembering or has anyone else formed the impression that every time Darl gratuitously makes a public statement about SCO being attacked, within a short time, there is some kind of alleged attack? I remarked to someone that it reminds me of Bin Laden releasing videos as a signal for attacks to begin. Of course, it could all just be a remarkable coincidence. Incidentally, you might find Netcraft's report on this of interest, as well as their
FAQ and their
chart on web servers. Netcraft
noticed one detail:
sco.com actually resolves to the same ip address as www.thescogroup.com.
% host sco.com
sco.com has address 220.127.116.11
% host www.thescogroup.com
www.thescogroup.com has address 18.104.22.168
The press release:
SCO PROVIDES ALTERNATE COMPANY WEB SITE ACCESS AND UNITES WITH VENDORS
TO COMBAT VIRUS
SCO to provide alternate access to company Web site through www.thescogroup.com
LINDON, Utah—Feb. 2, 2004—The SCO Group, Inc. (Nasdaq: SCOX), the owner of the
UNIX ® operating system and a leading provider of UNIX-based solutions, today
announced it has put alternatives in place for individuals wanting to access its
company Web site. The company is asking customers, resellers, developers,
shareholders and all other Web site visitors to use www.thescogroup.com as the
destination for the company’s Web site through the end of Feb.12, 2004. The
company is putting this alternative Web address in place because the recently
announced Mydoom or Novarg virus creates an attack that is designed to prevent
access to www.sco.com from Feb.1–12, 2004.
“Security experts are calling Mydoom the largest virus attack ever to hit the
Internet, costing businesses and computer users around the world in excess of $1
billion in lost productivity and damage,” said Darl McBride, president and CEO,
The SCO Group, Inc. “Because one of its purposes is to interrupt access to the
www.sco.com Web site, we are taking steps to help our important stakeholders
continue to access the information, data and support that they need from this
new www.thescogroup.com Web site.”
The www.thescogroup.com Web site will provide visitors with all of the
accessibility and resources that they would normally have when visiting
www.sco.com. In addition, the company is including links that point visitors to
security vendors, including Network Associates and Symantec, that will provide
them with all of the latest information on how to download software updates and
protect their PCs against the Mydoom virus.
“Increased traffic has already begun hitting www.sco.com in the last couple of
days,” said Jeff Carlon, director of worldwide IT infrastructure, The SCO Group.
“We expect hundreds of thousands of attacks on www.sco.com because of these
viruses. Starting on Feb.1 and running through Feb.12, SCO has developed layers
of contingency plans to communicate with our valued customers, resellers,
developers, partners and shareholders. The first step of that plan is the
implementation of www.thescogroup.com.” For those having problems getting
through to SCO on the Web, customers may call their local sales office or
1-800-SCO-UNIX (726-8649) to gain assistance from a SCO representative.
Earlier this week, SCO announced that it is working with U.S. law enforcement
authorities including the U.S. Secret Service and Federal Bureau of
Investigation (FBI) to determine the identity of the perpetrators of the Mydoom
virus. The company also announced that it has offered a reward of up to a total
of $250,000 for information leading to the arrest and conviction of the
individual(s) involved with the creation of the virus. Anyone with credible
information or leads should contact their local FBI office. “We believe that
Microsoft’s $250,000 reward in addition to the $250,000 reward offered by SCO
will significantly assist the FBI in obtaining serious leads that may help catch
the perpetrators of this virus,” said McBride.