Follow Slashdot stories on Twitter


Forgot your password?

MyDoom Windows Worm DDoSing SCO 694

We mentioned the myDoom Worm just a few hours ago, but more information is available now, mainly that its ultimate goal is apparently to DDoS SCO. You can see some more detail at NetCraft. Obviously SCO has a lot of enemies out there right now, but it's always sad to watch someone stoop to this level.
This discussion has been archived. No new comments can be posted.

MyDoom Windows Worm DDoSing SCO

Comments Filter:
  • by corebreech ( 469871 ) on Tuesday January 27, 2004 @09:43AM (#8098803) Journal
    Given their history of underhanded dealings this wouldn't surprise me one bit. This attack only helps SCO. They get sympathy. What do the worm writers get?


  • by markom ( 220743 ) on Tuesday January 27, 2004 @09:44AM (#8098814) Homepage
    If worm writers work for SCO -- everything :-)
  • by Captain Kirk ( 148843 ) on Tuesday January 27, 2004 @09:47AM (#8098841) Homepage Journal
    Within a week, Darl will be equating Linux developers with virus writers - "both are called hackers and both hate me" he'll say and some 'respectable' journalists will report it as true.
  • by Saven Marek ( 739395 ) on Tuesday January 27, 2004 @09:47AM (#8098845)
    ...they get to give SCO a great fat middle finger

    No, not all of us support actions like this against SCO. It does drag people down to their level acting like this, but in the end, frustration does that to people. Not everyone, but some.

    SCO has now, for a full 12 months, made threat after threat, claim after claim, that they can't backup, but there's no way to stop them. People get frustrated by their continuous whining.

    A fly buzzing around my head annoys me. Usually, I'll slap it and kill it. That's taking me down to far below its level, but it's satisfying. Given several hundred million people annoyed with SCO, I'm surprised more haven't acted this way towards them.
  • by Anonymous Coward on Tuesday January 27, 2004 @09:47AM (#8098847)
    FFS, if you know that a worm forges the sender address, DON'T send bounces to that address. Worms are relatively easy to filter, but the crap from the virus-scanners comes in seemingly endless variations. Some even have the nerve to advertise their anti-virus solution, followed by a copy of the worm-mail, binary attachment included. Yeah right, moron, you just sent a copy of the worm to me and you expect me to buy your anti-virus product???
  • by mewyn ( 663989 ) on Tuesday January 27, 2004 @09:52AM (#8098884) Homepage
    I hate SCO as much as the next guy, but doing a DoS attack on them is not the answer. Sure, they are a bunch of low-life scumbags that want to lock up everything, and have a chunk of the profit, but doing massively illegal acts like this make the whole OSS and free software communities look like a bunch of script kiddies. This makes it very hard for us to take the moral high-ground here when it looks like we are doing this crap.

    Mewyn Dy'ner
  • by T-Punkt ( 90023 ) on Tuesday January 27, 2004 @09:52AM (#8098891)
    I asked that myself.

    Could be some PCs with badly set clocks. Well, you know those windows users, they don't set their system clocks, have 00:00 blinking on their VCRs, use outlook and click on every fscking single attachements that made it into their mailbox.

  • by Artifex ( 18308 ) on Tuesday January 27, 2004 @09:53AM (#8098899) Journal
    SCO's Information Ministry can just point to this and claim more evil Linux users are trying to destroy the software business, etc.

    We're right, and we know it. No self-respecting geek would stoop to participating in a DDOS in general, not to mention one against someone/something we consider to be morally bankrupt. We know that we can only claim the moral high road only if we actually stick to the high road... right?

    It would be really interesting to find out if it's just some kids behind it, who aren't aware of the difference between right and wrong, or whether it's an entity who has a vested interest in making us look bad...

  • by turtlexit ( 720052 ) on Tuesday January 27, 2004 @09:53AM (#8098903)
    This is simply, dumb. In addition to DDoS'ing SCO, the worm reportedly installs a backdoor, giving full access to the computer. We all know what this means... possible stolen identities, banking information, spam relays, new targeted DDoS attacks, etc.

    No worm is a good worm, even if it does happen to also attack the (other) company we all love to hate.

  • by crawling_chaos ( 23007 ) on Tuesday January 27, 2004 @09:57AM (#8098948) Homepage
    I got into the office this morning to find 550 unread messages, mostly copies of this, or messages saying that copies I had supposedly sent hadn't been delivered.

    Preach on, brother. I wish some sysadmins would get a clue and realize that with viruses spoofing the From: address, there is no fscking point in sending the "you sent me a virus" panic mail. All it does is bother the wrong people.

  • by herrvinny ( 698679 ) on Tuesday January 27, 2004 @09:58AM (#8098951)
    MyDoom Windows Worm DDoSing SCO

    But it's not DDOSing now. The attack is set to begin February 1st and end on the 12th.

    The virus affects computers running Windows versions 95, 98, ME, NT, 2000 and XP.... The virus also copies itself to the Kazaa download directory on PCs, on which the file-sharing program is loaded.

    I'm thinking, wow, whoever wrote this covered all the bases. He/She even got the Kazaa people.

    Anyway, why don't ISPs, just for the time being, ban connections to It's not like it's a huge Internet portal or anything, and us geeks who actually need access to the site can just set up a mirror or something.
  • by ConversantShogun ( 227587 ) <dengel@sourceharv e s t .com> on Tuesday January 27, 2004 @09:58AM (#8098953)
    It does seem odd that the worm has a trigger to stop spreading on Feb 12. If SCO were to unleash a self-attacking worm, wouldn't they likely include such a provision?
  • by ThogScully ( 589935 ) <> on Tuesday January 27, 2004 @09:59AM (#8098960) Homepage
    1. The virus makes M$ operating systems look bad.

    No, it makes the hacker community, which the with the marketing power of SCO and Microsoft may as well be synonomous with the OSS or FS communities, look bad. From the layman's perspective viruses aren't the fault of Windows - they are glad Microsoft is around to release patches to fix what the hackers broke.

    2. The DDoS attack goes after every Linux lover's most hated target, SCO.

    Yeah, it does and more than a few people are at least smiling to themselves here that SCO is finally getting punished in some way when they've been doling out the threats, extortion policies, etc for so long seemingly unchallenged. But it's still the wrong way to do it and the right way will come.

    Patience is a virtue. Viruses are more likely to hurt the Linux community than Microsoft. Even in terms of monetary losses, this virus has just pushed my companies bandwidth usage over the monthly maximum - it's gonna cost me and I wouldn't touch a Windows machine with a 10 foot pole.

  • by Artifex ( 18308 ) on Tuesday January 27, 2004 @10:01AM (#8098968) Journal
    ...attitude. They deserve this. It's not like anybody is being physically hurt or anything.

    They deserve to have their claims refuted in a court of law, and hopefully they will have to pay damages, court costs, and issue full and public apologies, before going bankrupt. If it can be proved that they deliberately lied in these claims, they also deserve criminal charges brought against them.

    Vigilanteeism, however, is just malice operating under false pretenses.

    Welcome to my foes list.
  • by truG33k ( 740973 ) on Tuesday January 27, 2004 @10:01AM (#8098975)
    There is really no point to write a worm to attack SCO. It simply makes the OSS community as a whole look bad, because the only time you will ever hear the name SCO mentioned in IT, besides "isn't that dead", is about the Linux issue. This only makes us as a whole look like bad. If we wanted to send a clear message to SCO, something like a web site "sit in" would be better. Imagine, every slashdot ueser on a web site holding down F5 to show SCO that there is alot of us that think they should just give up. How long do you guys think they would stay up?
  • by Anonymous Coward on Tuesday January 27, 2004 @10:03AM (#8098984)
    I use linux myself, and I don't mind saying: This doesn't make MS look bad. It doesn't exploit a whole.

    It exploits stupid users who click attachments. This can be prevented by the User-Stupidity-And-Knowledge-Enhancment Patch, V2.0.
  • by Pike65 ( 454932 ) on Tuesday January 27, 2004 @10:04AM (#8098997) Homepage
    1. The virus makes M$ operating systems look bad.

    Actually it's a mass mailer, so all it's doing is making user's look retarded. Again.

    2. The DDoS attack goes after every Linux lover's most hated target, SCO.

    Well yes, it does. But it ain't going to help our cause at all, is it?

    Having said that, I'm going to get me some popcorn and settle down in front of Netcraft >: )
  • by Quantum-Sci ( 732727 ) on Tuesday January 27, 2004 @10:04AM (#8098999) Homepage
    The majority of Linux installations are as servers. No one can equate Linux with virus-writers, without risking their credibility.

    In fact the case could be made that virus-writers are expert Winduhs developers...

  • by Cruciform ( 42896 ) on Tuesday January 27, 2004 @10:13AM (#8099076) Homepage
    Not just a proxy, a backdoor.

    Info here [].

    It would seem that the real goal is to show how many people are stupid enough to still click on attachments when they have no idea what the fuck they are.
  • Re:But, damn it! (Score:5, Insightful)

    by gaijin99 ( 143693 ) on Tuesday January 27, 2004 @10:18AM (#8099119) Journal
    This is going to be a serious blow to the moral credibility of the OSS community, not just Linux users.
    It is only a threat to our credibility if we allow it to be. I'm *REALLY* not trying to derail into an abortion debate here, but its the best example I can think of. The anti-abortion movement, in general, doesn't support clinic bombers and assissins; but clinics still get bombed and doctors still get murdered. So far the anti-abortion movement has quite successfully managed to avoid the actions of this group becoming a blow to their own moral credibility.

    I'd recommend that we on the side of Free Software study the anti-abortion tactics with dealing with such incidents. The first, and most obvious step, is one that was taken last time: immediate and honest sounding disavowel of the actions of the DOSer. Its going to get old for RMS, ESR, Linus, Perens, etc continuously getting out and saying the same thing ("We don't support this, its wrong. We're still right, but the virus writers aren't with us, etc, etc, etc"), but it needs to happen.

    I honestly don't know what the other successfull tactics are. I need to study how the respectable majority in the anti-abortion movement deals with its nutbags. Can anyone think of other movements with similar problems that we should look into?

  • by TamMan2000 ( 578899 ) on Tuesday January 27, 2004 @10:29AM (#8099248) Journal
    I think that this is a great opportunity for members of the OSS comunity to "put their money where their mouth is" so to say...

    I propose that the we work on a patch for this worm and get it out there ASAP, that way only tin foil hat wearing goofballs will believe we are behind this...
  • by pjrc ( 134994 ) <> on Tuesday January 27, 2004 @10:33AM (#8099291) Homepage Journal
    This is someone who just wants to feel important and who thinks that by DDoS'ing SCO everyone will call him a hero.

    Or someone who doesn't give a damn about SCO, and merely wants to distract attention away from their real goal of turning millions of end-user PCs into zombies to do their future bidding.

    Hmmm... who would be interested in that <cough> spammers <cough> and has an established history of it?

  • I see we meet again...

    How do they "deserve" this, exactly? This is a mass-mailing worm propogating through unprotected (as in, the people aren't updating their defs and opening the attachments) machines and opening backdoors that could easily be used later as spam relays.

    On top of that, how many machines are going to simulatneously rear to life on the 1st and begin transmitting data requests back and forth between and all the different boxes? What effect will that have on the rest of us? While we're talking about the rest of us, I keep getting e-mail bounces thanks to these goddamn morons that have my e-mail address and keep getting themselves infected. And, no, I can't just not give them my address.

    Finally, IBM is perfectly capable of handling SCO. I'd like to recognize you for your gullibility, since you've falling to the SCO Threat-o-matic. In case you haven't figured it out yet, SCO has not, can not, and will not make any credible threats against Linux in general and they haven't followed through on any of the other gum-flapping to date. With a few scatterbrained exceptions, nobody is really taking them seriously anyway. Let IBM deal with IBM's problems and drop your smug facade. The only reason you're so pissed off at SCO is because you don't know what's going on, but you like to sound "cool" by bashing them like a lot of the other Slashdotters here. That's fine, nothing wrong with bashing them, but at least try to stay grounded in reality where the thing is pretty contained to a few clueless media outlets, IBM, SCO, Red Hat, and Novell.

    God... do you have an MBA or are you otherwise in management by any chance? I ask, because every time we've ever crossed swords, I've gotten the distinct impression that you're living in your own little world and reality just never comes into your decision-making processes.

  • Mad (Score:5, Insightful)

    by Brian Kendig ( 1959 ) on Tuesday January 27, 2004 @10:34AM (#8099299) Homepage
    So far, since this worm started yesterday afternoon, I have received over a thousand worm emails and erroneous bounce messages (from mail servers who think that just because my address is on the mail that means I sent it).

    And I don't even use any Microsoft products.

    When is somebody going to file a class-action lawsuit against Microsoft for continuing to fail to address the security holes in Windows? I mean, it's been thirteen years since Michelangelo, and still all it takes for a virus to rape Windows is for a user to double-click on an email attachment.
  • by tbase ( 666607 ) on Tuesday January 27, 2004 @10:34AM (#8099304)
    I'm speaking of all of you who are saying SCO deserves it (and only those people). Do I deserve to deal with this virus BS? I have enough trouble dealing with the spam at my company, now I have to deal with this too. Viruses suck, period. Especially this one, which is forging random "from" addresses. It seems to be using #randomfirstname#@domain.extention - so now on top of the dozen or so viruses an hour I'm getting, I'm also getting bounces that I can't filter because the "to" is random. Don't bother telling me to filter out executables, I already do that. As a matter of policy, I'm the one that checks the filtered "junk" to make sure there were no false positives. It's usually about 500 a day, 1200 over the weekend. Also don't bother telling me to bounce undefined addresses. Not an option. Considering how early in the game it is for this virus, the dozen or more an hour I'm getting will probably turn into a lot more. Whoever put this out there is doing far more damage to innocent bystanders than they can ever hope to do to SCO. SCO will hang themselves eventually - the author(s) of this virus is worse than anyone at SCO.

    I do agree with those who are suspicious of the motives - I think the SCO attack is just a front to increase the spread. Some morons will undoubtedly put intentionally infected machines out there, which will be more effective as Spammer relays than as drones to attack SCO. Anyone intentionally letting a machine become infected should have the book thrown at them. It amazes me how stupid very intelligent people can be sometimes.
  • by jotaeleemeese ( 303437 ) on Tuesday January 27, 2004 @10:59AM (#8099544) Homepage Journal
    Without probe of who it was that can be construed as libel, or whatever it is called in the US.

    If SCO is attacked they should pursue this with the appropriate authorities. I hope the perpetrator is caught, brought to justice and fairly punished.

    The OSS community should be completely unambigous about this matter, illegal means have never been supported or encouraged in order to promote the aims of OSS, not only because it is immoral but also completely unnecessary and childish.

    I am appalled that the response of many around here is "SCO deserves it". No dear slashbots, nobody deserves that their resources are abussed in this manner, not even SCO. I am behind them in any action they wish to pursue against the perpetrators, but equally I hope (perhaps in vain) that they will not do false claims without the knowledge of whom and why did this.

    I am also peeved that people here are not unambigious about the condemnation of this DOS attack. This is not only illegal and immoral but also counter productive and it would be nice to see complete and unambigous condemnation of these tactics.

    Do you want to show OSS tactics and aims are reasonable and beneficial? A wonderfule way would be for true hackers organizing themselves and try to identify, shame and denounce the perpetrators of this (or any other) charade.

    Only because people have remained silent and unwilling to help the Internet, bit by bit, little by litte, is being taken away from us, but alas, we have not protected it as it deserves.
  • by Anonymous Coward on Tuesday January 27, 2004 @11:26AM (#8099870)
    You think so, eh? Just when SCO was about to be routinely ignored by the mainstream press, this attack comes along and gives Darl a bigger bullhorn.

    DDOSing a website does nothing to shut them up. One would practically have to be a teenaged script kiddie to think so.
  • by Anonymous Coward on Tuesday January 27, 2004 @11:36AM (#8099961)
    says the teen running two linux boxes from his bedroom. here's a wakeup call asshole, if you're running linux or windows in a *large* environment, it won't matter which you're using, you *will* get calls, and plenty of them.
  • by Anonymous Coward on Tuesday January 27, 2004 @11:36AM (#8099972)
    Despite the fact that it can spread via Kazaa, there's no indication that 'pirates' are responsible for the creation of this variant. If anything, the reverse would be true.

    In addition, what does SCO being the target of this have to do with 'pirates'? Are you referring to pirates in the classic sense, or in the misused 'copyright infringing' sense?

    I don't know why your comment is considered interesting by the moderators, as your reasoning is poor at best. At least your post title has some merit: The fact that you got modded up makes this a sad day indeed.

  • by rar ( 110454 ) on Tuesday January 27, 2004 @11:37AM (#8099973) Homepage
    I agree; people writing worm filters that bounce to forged addresses are as bad as their worm writing counterparts!

    I mean, what happens when user 'joe' gets a couple of "WARNING: You sent me a virus" in their email? They come running to me "just to make sure", and I will have to explain for them how the email protocol works... AGAIN... sigh... for, what is it, the 10:th time that day.

    Here is a hint to people writing these crappy anti-virus/worm filter: make sure you **ONLY** send a bounce IF the detected virus is on A **WHITELIST** for viruses that always send themselves WITHOUT A FORGED SENDER ADDRESS. If you send *any* other bounces, you are a part of the problem -- not the solution...
  • Re:But, damn it! (Score:3, Insightful)

    by roystgnr ( 4015 ) <> on Tuesday January 27, 2004 @11:42AM (#8100033) Homepage
    Can anyone think of other movements with similar problems that we should look into?

    The Palestinians, maybe? They're not all suicide bombers, but some people don't seem to make the distinction. The lesson there seems to be to stay the hell away from morally questionable leaders (like Arafat), because your whole community will be tarred with the same brush.
  • SPF (Score:3, Insightful)

    by koehn ( 575405 ) * on Tuesday January 27, 2004 @11:59AM (#8100241)
    Now this is something that SPF could actually help with: when the virus sends a message with a spoofed from (and HELO, based on what I'm seeing) address, the mail server will read the SPF TXT record, figure out that that address is NOT allowed to send messages for that domain, and nuke the message. Even without anti-virus software.

    All that said, I'm feeling really lucky to have installed amavis-new/clamav last night. I didn't even know this was coming, and it's caught about 200 messages already this morning.
  • by HopeOS ( 74340 ) on Tuesday January 27, 2004 @12:33PM (#8100707)
    Any attempt to involve yourselves in this will be viewed as complicit behavior. Do not get this mess associated with Open Source developers in any way, shape, or form. The culture and purpose of worm authors and OSS developers are completely orthogonal and must remain so.

    SCO has enough enemies to worry about, and they can point fingers all they want. They do not deserve an olive branch, they did not ask for one -- do not take the bait and proactively offer one. You will lose fingers.

  • by gotem ( 678274 ) on Tuesday January 27, 2004 @12:45PM (#8100877) Homepage Journal
    hmmm. time to change the date in my computer
  • by Cecil ( 37810 ) on Tuesday January 27, 2004 @12:48PM (#8100919) Homepage
    That is like, the silliest thing I have ever heard. If you are not trolling, then I pity your utter lack of thought on the matter.

    The international date line isn't some magical gateway that adds or subtracts from your date. It doesn't work like that.

    Ok, start in Japan on noon at February 1st. Head towards the international dateline. Assume you move at infinite speed, so when you get there it's only the timezone difference, which IIRC is +3 hours from japan, but it's irrelevant whether that 's right or not. So it's Feb 1, 3:00pm on the western side of the dateline. Cross the international dateline, and now it's Jan 31, 4:00pm. Go all the way around half the world now to the prime meridian. The time increases by 12 hours, making it Feb 1 again! At 4:00am. Now go around the world at infinite speed until you get to the international dateline. Cross over it again. It's Jan 31 at 4:00pm again. Continue ad nauseum if you like. It will continue to be either Feb 1 or Jan 31.

    No matter how fast you go, no matter how many times you cross the international dateline, it will not 'wind up' or 'wind down' the date to arbitrary values. Indeed, it exists to prevent exactly that very thing from happening. If the date never changed at the international dateline, then you could continue going around the world in an easterly fashion, and just keep adding +24 hours to the time/date for every time you went around the earth.

    All of this is ignoring the fact that emails MUST include the timezone and offset on every date, so they are able to handle this sort of thing by themselves.
  • by HopeOS ( 74340 ) on Tuesday January 27, 2004 @12:50PM (#8100940)
    SCO has been steadily losing credibility since their first accusations. For OSS developers to initiate a DDOS on SCO would be seen as a strike below the belt, and a completely unnecessary one as well.

    This is one of the reasons that I don't believe it was created by anyone in the OSS community. The general concensus has been to wait for IBM to knock SCO clear out of the ring in just under two weeks. A DDOS at this time would be completely unexpected and anticlimactic. It's more likely a private joke in the distributed spam world, and locating and bringing those idiots to justice would be time well spent.

  • Guy's a prick (Score:1, Insightful)

    by Anonymous Coward on Tuesday January 27, 2004 @01:06PM (#8101120)
    one guy in the group who came out in a lawn chair with a six pack and watched it all happen. Raised his beer with a "Hell yea!"

    I would have asked him whether he did the same thing on September 11th. There's nothing amusing about being an ignorant asshole.

  • Re:But, damn it! (Score:3, Insightful)

    by gaijin99 ( 143693 ) on Tuesday January 27, 2004 @01:10PM (#8101182) Journal
    The Palestinians, maybe? They're not all suicide bombers, but some people don't seem to make the distinction
    Looking at PR failures is useful. The Palestinian movement is definately a PR failure, you say the word "Palestinian" and the general public thinks "Suicide Bomber"... [footnote] I don't think that Arafat is solely responsible for this PR failure, but who knows? So, back to the question at hand: what did they do wrong that we can do right?

    Because if people say "Free Software" and the general public thinks "Virus writers" we're definately worse off. So far our "leaders" (if such a term can be used with regards to people like us) have done a pretty good job of condemning the nutbags on our side, even admitting that they are (theoretically at least) on our side. Is that all the Palestinians can teach us here? Condemn the bad guys quickly and unambigiously?


    FOOTNOTE: To try and avoid derails: I'm not saying that its right for the general public to think "Suicide Bomber" when they hear the word Palestinian, I'm just saying that they do. The ethics and rightness of the Palestinian movement isn't the topic I'm trying to raise, the fact that its an enormous PR failure is.

  • Re:Really? (Score:3, Insightful)

    by fudgefactor7 ( 581449 ) on Tuesday January 27, 2004 @01:28PM (#8101403)
    And you can go back and look at the discussions with many people who all played the tune of "fuck Microsoft". Being a spelling Nazi doesn't prove your point; neither does crying strawman when the case is not warranted. Too many people on /. complain when anything hurts their precious Linux or any OSS project (even if the OSS project [or Linux] violates international laws), but if something harms the company-we-love-to-hate their backs are turned and then the snickering begins.

Torque is cheap.