Many computer users were unable to reach the Google, Yahoo, Lycos and AltaVista search engines yesterday after a new computer virus surfaced that apparently overwhelmed the Internet services with automated queries.
Access to Google was blocked for as long as five hours, some users reported. Visitors attempting to reach the Web site instead received an error message: "The service you requested is not available at this time."
For Internet users, search engines are an indispensable tool for finding information and news scattered across seemingly innumerable Web pages.
"It was like going without power and having to use a candle," said Andy Beal, vice president of marketing at WebSourced Inc., a Web site promotion firm based in Morrisville, N.C. "Google has become so much a part of everyday life that I was lost without it."
Beal said he forgot the site was down and instinctively typed "Google and attack" into his browser's Google search box in an attempt to find news about the problem. When the Google site didn't work, he turned to Yahoo's search engine, which also didn't work on his computer.
Several search engine companies and computer security experts blamed the problem on MyDoom.m, the newest version of a virus that first appeared in January. The variant appeared in the morning and quickly infected thousands of computers, judging from Internet traffic monitored by computer security experts yesterday.
The virus circulates the Web disguised as an e-mail with various subject lines, such as "Mail System Error," or "Undeliverable Mail."
Many messages purported to come from the user's corporate e-mail or Internet service provider: "Your e-mail account was used to send a large amount of junk mail messages during this week," read one message bearing the malicious software. "We suspect that your computer was compromised and now contains a trojan proxy server."
The e-mail then urges the user to click on an attachment embedded in the missive. Users who do so unwittingly activate the worm, which often gives hackers remote access to the computer and also sends copies of the infected e-mail to everyone in the user's e-mail address book.
Unlike its predecessors, the newest variant apparently also was programmed to enter a portion of the addresses it found, the domain name after the "@" sign, into various search engines in an effort to collect further e-mail addresses.
Compromised systems apparently can conduct over 1,000 search engine queries a day, according to computer security firm McAfee Inc.
David Krane, a spokesman for Google Inc., said in an e-mailed statement that the company's site "experienced slowness for a short period of time early today because of the MyDoom virus, which flooded major search engines with automated searches." The company said that the virus hit "a small percentage of our users . . . at no point was the Google website significantly impaired."
Yahoo Inc., too, described the impact of the virus on its service as limited. "We're going to continue to monitor the situation," said spokesman Brian Nelson.
The original version of MyDoom attacked the Web site of a Utah technology company called SCO Group Inc., which has angered many programmers by filing lawsuits claiming it owns intellectual property related to the free, open-source operating system Linux.
While that was an attack specifically aimed to knock SCO's Web site off the Internet, some computer security workers who looked at the programming inside the latest version of MyDoom speculated that the impact on search engine Web sites may have been an accidental byproduct of MyDoom.m's programming.
"It's probably just a side effect of how its attempting to spread -- the faster it can gather e-mail addresses, the better," said Ken Dunham, director of malicious code at the Reston-based computer security firm iDefense Inc.
Craig Schmugar, the virus research manager at McAfee who named the "MyDoom" virus when it first appeared in January, agreed.
Schmugar said that the MyDoom source code has been widely available on underground Web sites since at least February and that the latest version is only different in that it uses search services to help spread itself.
MyDoom was credited by some computer security firms as being the fastest-spreading e-mail virus ever, though its sequels have generally had less impact than the first one. Schmugar said that it would not require a gifted programmer to figure out how to craft the latest modification of the bug.
"If you already had the source code, it wouldn't take a really sophisticated programmer to make the changes," he said.
There was some Internet speculation yesterday that the attack was a targeted effort at Google on the day it announced its IPO price range, computer security experts generally dismissed such speculation.
"If it were a targeted attack against Google, it was not done in an effective manner," said Oliver Friedrichs, senior manager with Symantec Corp., a Cupertino, Calif., software security firm.
Washington Post staff writer Jonathan Krim contributed to this report.