Search Engine Watch
SEO News

Go Back   Search Engine Watch Forums > Search Engines & Directories > Google > Google Web Search
FAQ Members List Calendar Forum Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
Old 07-26-2004   #1
Joseph Morin
 
Joseph Morin's Avatar
 
Join Date: Jun 2004
Location: Irvine, CA
Posts: 655
Joseph Morin is a glorious beacon of lightJoseph Morin is a glorious beacon of lightJoseph Morin is a glorious beacon of lightJoseph Morin is a glorious beacon of lightJoseph Morin is a glorious beacon of light
Google Search Engine Down

Possibly a virus?

http://zdnet.com.com/2100-1104_2-5283750.html
Joseph Morin is offline   Reply With Quote
Old 07-26-2004   #2
AndyBeal
Fortune Interactive
 
Join Date: Jun 2004
Posts: 29
AndyBeal is on a distinguished road
Google DNS Attack

This will help explain a little more...

http://www.searchenginelowdown.com/2...ns-attack.html
AndyBeal is offline   Reply With Quote
Old 07-26-2004   #3
rustybrick
 
rustybrick's Avatar
 
Join Date: Jun 2004
Location: New York, USA
Posts: 2,810
rustybrick has much to be proud ofrustybrick has much to be proud ofrustybrick has much to be proud ofrustybrick has much to be proud ofrustybrick has much to be proud ofrustybrick has much to be proud ofrustybrick has much to be proud ofrustybrick has much to be proud of
SlashDot also has information on it http://slashdot.org/articles/04/07/2...?tid=217&tid=1
rustybrick is offline   Reply With Quote
Old 07-26-2004   #4
Joseph Morin
 
Joseph Morin's Avatar
 
Join Date: Jun 2004
Location: Irvine, CA
Posts: 655
Joseph Morin is a glorious beacon of lightJoseph Morin is a glorious beacon of lightJoseph Morin is a glorious beacon of lightJoseph Morin is a glorious beacon of lightJoseph Morin is a glorious beacon of light
Google back up in So CA

Wonder what that 4 hour outage cost the worldwide economy?
Joseph Morin is offline   Reply With Quote
Old 07-26-2004   #5
garyp
 
Join Date: Jun 2004
Posts: 265
garyp is a jewel in the roughgaryp is a jewel in the roughgaryp is a jewel in the roughgaryp is a jewel in the rough
More in this News.com article.

Quote:
Google representatives confirmed that the MyDoom worm affected performance of the search engine, but, despite numerous e-mail complaints received by CNET News.com, said the attack had a limited impact.

A Lycos representative said the company is aware of the problem and is working to block the performance obstacles.

Last edited by garyp : 07-26-2004 at 03:39 PM.
garyp is offline   Reply With Quote
Old 07-26-2004   #6
garyp
 
Join Date: Jun 2004
Posts: 265
garyp is a jewel in the roughgaryp is a jewel in the roughgaryp is a jewel in the roughgaryp is a jewel in the rough
More on the Storry

This from MessageLabs

Quote:
MyDoom.O Designed to Target Search Engines

New York, NY – July 26, 2004 (3:00 pm ET) - MessageLabs, the leading provider of managed email security services to businesses worldwide, is advising computer users that W32.Mydoom.O contains multiple search engine URLs and is using them to harvest additional domain email addresses.


MyDoom.O searches user files (DOC TXT HTM and HTML) for domain names, then uses search engines (Lycos, AltaVista, Yahoo and Google) to search for "e-mail" and the harvested domain in order to gain access to other email addresses.


There is a strong likelihood that web-based lists such as phone books, memberships, discussion boards and general user home pages will be harvested by the machine and in turn infect others.


A search on Google using the same "e-mail" + domain method has generated a "Forbidden" message, which may indicate activity on the part of the search engines to thwart the virus.


“Because MyDoom.O contains web site links and directs recipients to specific and targeted sites, this virus is in essence creating distributed Denial of Service attacks against Lycos, AltaVista, Yahoo and Google,” said Mark Sunner, Chief Technology Officer of MessageLabs.


The specific URLs contained in MyDoom.O are:

http://search.lycos.com/default.asp?...b=web&query=%s

http://www.altavista.com/web/results?q=%s&kgs=0&kls=0

http://search.yahoo.com/search?p=%s&...t&cop=mss&tab=

http://www.google.com/search?hl=en&i...&oe=UTF-8&q=%s


According to initial intelligence now circulating, MyDoom.O can also harvest emails from any Outlook Windows active on the compromised machine. This will lead to additional propagation via SMTP even after a peak infection period.


General Details

Name: W32/MyDoom.O-mm
Number of copies intercepted so far: 23,000 within first five hours
Time & date first captured: July 26, 2004; 4:40 AM ET
Origin of first intercepted copy: UK

MyDoom.O is a mass-mailing worm with an SMTP engine that sends emails to addresses harvested from infected machines. The sender’s From: email address is forged, and therefore does not indicate the true identity of the sender. MyDoom.O may also spoof from the mailer-daemon@ address, which is typically used to indicate a delivery failure, thus enhancing its social engineering trickery.

The executable file is approximately 27,648 bytes in size. The virus is also packed with UPX v1.0x and stored in a ZIP attachment.

NB: The virus is also being referred to as: MyDoom.M, I-Worm.Mydoom.M, I-Worm.Mydoom. R, and W32/Mydoom.L.

File Types:
- PIF
- SCR
- DOC
- EXE
- HTM

Email Characteristics
From: Spoofed email address (including mailer-daemon@, noreply@)
Subject: Random (see below)
Text: Various
Size: 27,648 bytes

Subject
· hi
· delivery failed
· Message could not be delivered
· Mail System Error - Returned Mail
· Delivery reports about your e-mail
· Returned mail: see transcript for details
· Returned mail: Data format error instruction
· MAILER-DAEMON
· "Mail Administrator"
· "Automatic Email Delivery Software"
· "Post Office"
· "The Post Office"
· "Bounced mail"
· "Returned mail"
· "Mail Delivery Subsystem"

Detection
MessageLabs detected all strains of this virus proactively, using its unique and patented Skeptic™ predictive heuristics technology.

About MessageLabs
MessageLabs is the leading provider of managed email security services to businesses worldwide. The company currently protects more than 8,500 businesses around the world from email threats such as viruses, spam and other unwanted content before they reach their networks and without the need for additional hardware or software. Powered by a global network of control towers that currently spans 13 data centers in the United States, the United Kingdom, Germany, the Netherlands, Australia and Hong Kong, MessageLabs scans millions of emails a day on behalf of customers such as The British Government, The Bank of New York, Bertelsmann, Bic, CSC, Conde Nast Publications, EMI Music, Diageo, Orange, Random House, SC Johnson and StorageTek. The company has more than 300 channel partners, including BT, Cable & Wireless, CSC, IBM, MCI and Unisys and publishes real-time data and analysis on viruses, spam, phishing scams and other email security threats. MessageLabs’ statistics and experts are frequently quoted in media outlets around the world and its executives regularly speak at industry conferences. For more information on MessageLabs and its industry-leading email security and management services, please visit www.messagelabs.com.
garyp is offline   Reply With Quote
Old 07-27-2004   #7
garyp
 
Join Date: Jun 2004
Posts: 265
garyp is a jewel in the roughgaryp is a jewel in the roughgaryp is a jewel in the roughgaryp is a jewel in the rough
DoubleClick Taken Down

Word that DoubleClick was taken down by the virus today (Tuesday).
garyp is offline   Reply With Quote
Old 07-27-2004   #8
orion
 
orion's Avatar
 
Join Date: Jun 2004
Posts: 1,044
orion is a splendid one to beholdorion is a splendid one to beholdorion is a splendid one to beholdorion is a splendid one to beholdorion is a splendid one to beholdorion is a splendid one to behold
Exclamation

According to this news

http://www.msnbc.msn.com/id/5529616/

these attacks are paving the path for a DOS attack against Microsoft's site. The parasite's name is zindos.a.

Orion
orion is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off