Amazing that some folk aren’t able to figure this out. Or maybe I just got exceptionally lucky linking to Scoble’s blog about what’s been going on with Google.

Anyway, to recap: someone subverted its DNS, which has now spread so that you keep getting the fake Google. (Notice how when you mouse over “News” on the Google page it doesn’t point to “”.

So here at 6.13pm is the BBC suggesting Virus blamed for Google problems. Sorry, people, but this fails the “thinking first” test.

1) has any virus managed ever to spread this fast?
2) the underground who mount DOS attacks increasingly do it for money. Has Google had an extortion note? (Ooh, must ask.)

I’m sitting here amazed that this isn’t all over the blogs. Or am I just reading the wrong blogs? Or is it that everyone’s so stunned by what’s happened they can’t make their fingers work?

Anyhow, you don’t knock 50,000 Linux servers off the Net with a single virus. That much is obvious.

Update 11.25pm: So, Google is saying that it was MyDoom. (Though there’s no press release on its press area – something they’ll have to improve as a public company.) I still don’t buy it. How do they explain the altered whois record at – which gives the output GOOGLE.COM.SUCKS.FIND.CRACKZ.WITH.SEARCH.GULLI.COM

To single out one record, look it up with "xxx", where xxx is one of the
of the records displayed above. If the records are the same, look them up
with "=xxx" to receive a full display for each record.

Last update of whois database: Mon, 26 Jul 2004 08:37:55 EDT

A bad whois spreads like poison in the well. A virus… well, howcome that didn’t take out Yahoo? They must have a pipe the same size. Something about this is not quite right.

And if I’m wrong (perish the thought!) then it really isn’t very clever for Google to get knocked off the Net by a virus’s first day. I’d not buy those shares.

Update 11am Tues: OK! I was wrong! Here’s the lowdown from Danny O’Brien of NTK.
From: “Danny O’Brien” ..Date: Tue, 27 Jul 2004 01:39:08 -0700

Nah. The whois stuff is just an old joke — “whois” searches for any DNS record that has in the title, and people have been filling the searchs with noisy subdomains for years — try whois Or whois, as the text below it indicates. …

Oh well, it was fun while it lasted. Wrong? Me? With my reputation?