Microsoft's website is a Mydoom target

The software giant's technical resources, bugs in Mydoom.B and the limited spread of the virus all helped to cut damage to a minimum.

The response times of the Microsoft website targeted in the attack have remained largely unchanged.

By contrast SCO's website has been unreachable for days thanks to the data barrage launched by the virus.

Attack plan

The attack on www.microsoft.com started at 13:09 GMT on 3 February and involved all those machines infected by the B variant of the Mydoom virus.

MYDOOM DETAILS From: random e-mail address To: address of the recipient Subject: random words Message body: several different mail error messages, such as: Mail transaction failed. Partial message is available Attachment (with a textfile icon): random name ending with ZIP, BAT, CMD, EXE, PIF or SCR extension When a user clicks on the attachment, the worm will start Notepad, filled with random characters Q&A: Mydoom virus

Although Mydoom.A has infected hundreds of thousands of PCs, Mydoom.B has not spread anywhere near as widely.

As a result Microsoft had to weather an attack carried out by a fraction of the number of machines that helped bombard the SCO website with data.

In addition, analysis of the code inside Mydoom.B revealed that only a fraction of these compromised machines will bombard microsoft.com with data at any one time.

The Microsoft website is visited by millions of people everyday which makes it much more likely to cope with a sudden surge in traffic.

As a result when 13:09 GMT ticked round the Microsoft website did not even wobble.

Net monitoring firm Netcraft has been keeping an eye on response times of the websites under attack by Mydoom and it recorded a tiny shift that would go un-noticed by most people visiting the Microsoft site.

"The very small number of reports of Mydoom.B suggests that the attack on Microsoft will fail," said Graham Cluley, technology consultant at anti-virus firm Sophos.

"You are more likely to have seen the worm in newspaper headlines than in your e-mail inbox."

Despite the predictions that the attack would fail Microsoft took some steps just in case the virus proved more successful than people expected.

Waning threat

The webmasters behind microsoft.com changed a key parameter of the site to help them if they suddenly have to move it to a new net location.

PROTECT YOURSELF FROM VIRUSES Install an anti-virus program. Keep it up to date Get the latest patches and updates for your operating system Never automatically open e-mail attachments Download or purchase software from trusted, reputable sources Make backups of important files

By contrast the sco.com website, which was the main target of Mydoom.A, has been offline ever since the attack began.

SCO has been involved in a legal row with the open-source community, after claiming versions of the Linux operating system used code it said it owned.

The US firm has set up a temporary website at www.thescogroup.com until the digital barrage on http://www.sco.com ends. The attack is due to finish on 12 February.

At its peak Mydoom.A was thought to have infected more than a million machines.

However this number is now thought to have shrunk to about 500,000 as businesses and home users infected by the virus clean up their machines.

The Mydoom virus gets its name from a spelling mistake in the code inside the virus. Instead of writing "my domain" the creator wrote "my doomain".

Since it first appeared on 26 January Mydoom has become the fastest spreading virus in net history. At its peak one in 12 of all e-mail messages were infected with it.

The virus is thought to have spread so widely because some of the subject lines it uses make it appear to be a technical message purportedly containing an undeliverable e-mail message.