Biting the Hand That Feeds

On July 26, 2004, something nobody thought could possibly happen; happened. Google went down. Or so it seemed to those who were confronted with the lackluster "Service error -27" message displayed on Google’s website early July 26 (US time).

Reports started flying across the country and across the globe by 15:30 GMT, when web users around the world started noticing that their searches were returning an error message instead of the expected results from Google, with Yahoo, AltaVista and Lycos also affected by a similar problem. Throughout the day, it was revealed that rather than being hacked or having other internal problems, the search engines were all being attacked by a new strain of the MyDoom worm, automatically using the search engines to locate new targets.

Experts say that the new version of MyDoom, propagating via email, was different to previous versions, "because it uses the search engines to verify and locate additional e-mail domains to infect" (Taylor, quoted in eWeek). This process of repeatedly accessing the search engines to locate new email addresses is what is believed to have caused the availability problems being reported across the world. An alert email sent to the MessageLabs email security list at 21:13 GMT provided more details as to the operation and background of the worm, explaining in detail how it locates domain names on infected machines and then searches the Internet for more variants of that domain.

The attack came at the worst possible time for Google, hitting them on the same day as they released the highly-anticipated financial details of their pending IPO. After announcing that they were expecting to float for up to $3.8 billion, Google was then struck down in the widest-ranging problem it has had in recent times. Despite the timing, temporary outages don’t appear to have affected the generally-positive market-sentiment towards the Google IPO. Existing skeptics do not appear to have picked up the attack as a major issue, although they continue to suggest that Google’s growth is in doubt, their opening price is too high and that instant millionaire-employees will lead to increased staff turn-over in the near future.

Meanwhile, security experts were busy warning that a second phase of the worm’s infection was beginning to emerge. "The new attack uses MyDoom-infected systems to launch a denial-of-service attack against Microsoft’s Web site, says Ken Dunham, director of malicious code at security firm iDefense [sic] Inc." The attack is launched through a companion program called "Zindos" which resides on previously-infected computers and "starts bombarding with requests"

Interestingly, publicity surrounding these events appeared to focus more on the fact that major search engines were being attacked than the worm itself or its methods of propagation. This change in approach sparks questions about the future approaches of viruses, the vulnerability of search engines and the continued problem of email-borne viruses in general.