Their press release announces they have set up an alternate address, which is a technique they obviously could have implemented sooner. They had a week to prepare, after all. Of course, then they couldn't send out breathless press releases. This is the new address: www.thescogroup.com
It will be interesting to find out if there are some disappearing documents as a result of this whole incident. I have gotten one report that the LKP page is missing so far.
Bob Mims has some interesting details. Stowell says they have a number of backup tricks they can try: "'We have had a good four to five days' notice of this,' Stowell said, noting Mydoom's Jan. 26 launch. 'We have a lot of backup plans in place.'"
This raises the obvious question: why didn't they implement them *before* they were forced off the internet? If you see a train headed straight toward you, the sensible next move is off the tracks. Is that too simple and obvious? Or does SCO have an agenda that requires that they get taken down periodically? The Mims piece notes:
"Since it first filed suit against IBM last March, SCO claims its site has been crashed by several smaller scale denial-of-service attacks -- assaults which flood a target with commands that prevent others from accessing the site.
"The attacks seemed timed in conjunction with controversial SCO announcements or Linux-related legal filings."
Dan Gilmore puts it bluntly:
"That doesn't excuse the DDOS, but it does say something about SCO's credibility, not for the first time. SCO and its senior executives have shown themselves to be willing to stretch, if not snap, the truth -- such as Darl McBride's ridiculously inaccurate meanderings about copyright law, as Larry Lessig has picked apart in some detail. (The world is still waiting for SCO to show any actual violations of copyright, meanwhile.)"
The pattern I've noticed is odd. Am I misremembering or has anyone else formed the impression that every time Darl gratuitously makes a public statement about SCO being attacked, within a short time, there is some kind of alleged attack? I remarked to someone that it reminds me of Bin Laden releasing videos as a signal for attacks to begin. Of course, it could all just be a remarkable coincidence. Incidentally, you might find Netcraft's report on this of interest, as well as their FAQ and their chart on web servers. Netcraft noticed one detail:
"sco.com actually resolves to the same ip address as www.thescogroup.com.
% host sco.com
sco.com has address 22.214.171.124
% host www.thescogroup.com
www.thescogroup.com has address 126.96.36.199"
SCO PROVIDES ALTERNATE COMPANY WEB SITE ACCESS AND UNITES WITH VENDORS TO COMBAT VIRUS
SCO to provide alternate access to company Web site through www.thescogroup.com
LINDON, Utah—Feb. 2, 2004—The SCO Group, Inc. (Nasdaq: SCOX), the owner of the UNIX ® operating system and a leading provider of UNIX-based solutions, today announced it has put alternatives in place for individuals wanting to access its company Web site. The company is asking customers, resellers, developers, shareholders and all other Web site visitors to use www.thescogroup.com as the destination for the company’s Web site through the end of Feb.12, 2004. The company is putting this alternative Web address in place because the recently announced Mydoom or Novarg virus creates an attack that is designed to prevent access to www.sco.com from Feb.1–12, 2004.
“Security experts are calling Mydoom the largest virus attack ever to hit the Internet, costing businesses and computer users around the world in excess of $1 billion in lost productivity and damage,” said Darl McBride, president and CEO, The SCO Group, Inc. “Because one of its purposes is to interrupt access to the www.sco.com Web site, we are taking steps to help our important stakeholders continue to access the information, data and support that they need from this new www.thescogroup.com Web site.”
The www.thescogroup.com Web site will provide visitors with all of the accessibility and resources that they would normally have when visiting www.sco.com. In addition, the company is including links that point visitors to security vendors, including Network Associates and Symantec, that will provide them with all of the latest information on how to download software updates and protect their PCs against the Mydoom virus.
“Increased traffic has already begun hitting www.sco.com in the last couple of days,” said Jeff Carlon, director of worldwide IT infrastructure, The SCO Group. “We expect hundreds of thousands of attacks on www.sco.com because of these viruses. Starting on Feb.1 and running through Feb.12, SCO has developed layers of contingency plans to communicate with our valued customers, resellers, developers, partners and shareholders. The first step of that plan is the implementation of www.thescogroup.com.” For those having problems getting through to SCO on the Web, customers may call their local sales office or 1-800-SCO-UNIX (726-8649) to gain assistance from a SCO representative.
Earlier this week, SCO announced that it is working with U.S. law enforcement authorities including the U.S. Secret Service and Federal Bureau of Investigation (FBI) to determine the identity of the perpetrators of the Mydoom virus. The company also announced that it has offered a reward of up to a total of $250,000 for information leading to the arrest and conviction of the individual(s) involved with the creation of the virus. Anyone with credible information or leads should contact their local FBI office. “We believe that Microsoft’s $250,000 reward in addition to the $250,000 reward offered by SCO will significantly assist the FBI in obtaining serious leads that may help catch the perpetrators of this virus,” said McBride.