The effectiveness of the A variant of the worm does not mean its younger and less prolific sibling, MyDoom.B, will be as effective against Microsoft Corp’s web site, which it is due to attack today, however.

The distributed denial-of-service attack on SCO had been scheduled to start at 16.09.18 UTC on February 1. According to a SCO spokesperson, the attack started early, becoming apparent on Saturday night, US Eastern Time.

Within a few hours we were under a full denial-of-service attack, by 9pm Eastern Time [2am UTC] the site was completely overwhelmed with more traffic that it could possibly accommodate, spokesperson Blake Stowell said.

Following a recent series of more ‘manual’ DDoS attacks on SCO, the company has maintained a lot of redundant bandwidth as a precaution – Stowell said that under normal circumstances the firm only uses 5% to 10% of its available bandwidth.

But the DDoS attack from MyDoom’s estimated hundreds of thousands of compromised machines was caused www.sco.com to be hit with 30 to 50 times the usual amount of traffic, Stowell said, eating up all the redundant capacity.

In response, the company first switched off its site entirely by removing sco.com from the internet’s domain name system. Later, it returned sco.com to use, but left the domain www.sco.com, at which the attack was aimed, pointing to nowhere.

Yesterday, it was possible to visit SCO at sco.com or at www.thescogroup.com, a domain the company set up specifically for use between February 1 and February 12, which is when MyDoom is set to go dormant.

DDoS attacks are scarily effective against their targets and those immediately upstream, but rarely cause collateral damage. Keynote Systems Inc, which tracks internet performance, said there was no measurable MyDoom effect on the internet as a whole.

There were likely a number of mitigating factors in the way the virus was designed and the fact that, with www.sco.com removed from the DNS, the worm would often have nowhere to send its streams of spurious HT0TP.

Keynote pointed out that MyDoom was designed to wait for a response or timeout from www.sco.com before sending more traffic, hence to hit SCO with just enough traffic to keep it unavailable, rather than just pumping out packets willy-nilly.

In addition, due to the way the program checked the system date, the DoS component of MyDoom’s payload would only execute on about a quarter of infected PCs, according to anti-virus companies.

There were also reports that at least one major ISP was blocking traffic to www.sco.com over the weekend. eWeek yesterday quoted an anonymous source as saying a large European consumer ISP was doing precisely that.

Microsoft was preparing itself for a similar attack yesterday at press time, but was not at liberty to discuss its plans. We are doing everything we can to ensure that Microsoft properties remain fully available to our customers, the company said in a statement.

This article is based on material originally published by ComputerWire