Trending Now

WebProWorld

WebProWorld

Menu
Search
Headline
AI Search
OpenAI Expands ChatGPT Capabilities with Integrated Search Functionality
Essential Tips for Structuring the Beginning, Middle, and End of a Novel.
Essential Tips for Structuring the Beginning, Middle, and End of a Novel
How to Write Engaging Blogs People Want to Read
How to Write Engaging Blogs People Want to Read
Why Social Media Habits Can Be Harmful
Why Social Media Habits Can Be Harmful
How to Change Your Apple Watch Face to Digital
How to Change Your Apple Watch 9 Face Clock to Digital
Drivers Who Text 23 Times More Likely To Crash
Drivers Who Text 23 Times More Likely To Crash
Social Media Will Not Replace Search
Social Media Will Not Replace Search
Guide to Improve Your Email Domain Reputation
Guide to Improve Your Email Domain Reputation
Fall Planting Guide for Eastern Tennessee
Fall Planting Guide for Eastern Tennessee

Fallout From The MyDoom Search Engine Attack

Archive
webproworld

Fallout From The MyDoom Search Engine Attack

On Monday, July 26, 2004, the major search engines were hit by a variant of the MyDoom virus. This particular version of the virus sniffs out email addresses and domains from infected computers and proceeds to query the major search engines in order to locate more addresses attached to the discovered domain.

Were you affected by the MyDoom attack? Discuss this at WebProWorld.

Google Enters DefCon 3...Google Enters DefCon 3…

This attack was severe enough that at least one search engine’s (Google) servers were taken down. Or at least that’s what the image posted by Andy Beal would lead some to believe. However, according to Google’s blog, their servers were not taken down; rather they blocked those who were infected with the virus and its automated search queries. From Google:

“A very small percentage of our users and networks–most notably, a few media outlets that write about us–were heavily infected with MyDoom, so our systems temporarily blocked their queries. By noon, service for all our users had been completely restored.”

As reported by John Battelle, MyDoom targeted Lycos, AltaVista, Google, and Yahoo. The virus designated these search engines by including a URL to use when conducting its malicious search. The URLs in question were:

http://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=%s

http://www.altavista.com/web/results?q=%s&kgs=0&kls=0

http://search.yahoo.com/search?p=%s&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=

http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=%s

As previously stated, MyDoom’s approach was to conduct automated queries to these URLs in order to find more email addresses so that the virus could continue to “mail itself” to other unsuspecting users. Needless to say, the anti-virus community’s response was quick. According to SERoundtable, by that afternoon, fixes were already appearing.

Because MyDoom.0 used search engines as part of its attack, the search engine community reacted with its usual zeal. The virus’ queries caused many to notice that traffic to their site had increased as a result of the search engines looking for additional email addresses. One such WebmasterWorld poster called “dataguy” observed: “Search engine traffic to my web sites are up about 15% today over a normal Monday, with an overall higher percentage coming from Google searches.”

Because Google seems to be the only search engine that suffered any server “downtime” (the other search engines appeared to have been slowed by the virus, whereas Google was the only one reported to have a server error page appear), many wondered what kind of impact this attack might have had on the revenue.

jonathanleger at WebmasterWorld estimated the amount Google lost, based on last quarter’s findings:

“Google posted a profit of $79.1 million last quarter, that’s $878,888.89 per day or $36,620.37 per hour. Based on that they’ve lost about $109,861.11 from the past three hours. How’s that for statistics! :)”

However, Joseph Morin, a moderator at the SearchEngineWatch forums wondered, “What that 4 hour outage cost the worldwide economy.” This is an excellent question that may not have an exact answer at least for a while.

Another item of discussion that stood out was the debate about whether Google was actually down or whether it merely blocked IP address that made too many queries. Many search engine forums discussed this; with several users believing Google had actually been hacked. These people didn’t believe the virus explanation because their computers were not infected.

So, the question becomes why would Google block an IP from a computer that wasn’t infected? conor from WMW offers one plausible explanation, “It is (plausible) that IP blocking of unusual usage eg > 10 queries an hour could have been (implemented) in the short term by Google, as (precautionary) measure.”

The idea that Google was taking necessary measures to combat the attack seems reasonable. But, we probably won’t know exactly how Google was affected by the attack, and why they took the steps they did. Especially during their IPO-enforced quiet period.

Chris Richardson is a search engine writer and editor for Murdok. Visit Murdok for the latest search news.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top