MyDoom Windows Worm DDoSing SCO 694
We mentioned the myDoom Worm just a few hours ago, but more information is available now, mainly that its ultimate goal is apparently to DDoS SCO. You can see some more detail at NetCraft. Obviously SCO has a lot of enemies out there right now, but it's always sad to watch someone stoop to this level.
Workers (Score:5, Interesting)
Something Doesn't Add Up (Score:5, Interesting)
I thought the worm was set to start the DDOS on February 1. So why is SCO showing a DDOS right now?
Was the February 1 thing made up? I've not yet received the virus in my email so I can't check the code for myself.
Or (I consider this more plausible) has SCO taken their own site down with the intention of blaming the "Linux terrorists", but they stupidly took it down 3 days too early.
Maybe, maybe not (Score:5, Interesting)
It's too early to call this one. Relax and pass the popcorn.
ummmm a good virus? (Score:3, Interesting)
I wonder if this DDOS is due to... (Score:5, Interesting)
Conspiricy! (Score:3, Interesting)
I'll put my tin-foil hat on now I think.
Chris
But, damn it! (Score:3, Interesting)
We seriously need some sort of petition stating we do not support Linux or OSS, but not underhanded tactes like DDOSing and viruses.
Re:Something Doesn't Add Up (Score:4, Interesting)
Good god, man, don't complain when you've been that lucky. I got into the office this morning to find 550 unread messages, mostly copies of this, or messages saying that copies I had supposedly sent hadn't been delivered...
Transmission require OE? (Score:3, Interesting)
I'd like to know how worried I should be about Windows machines with Thunderbird installed.
This may be the last straw. I've been thinking about moving all 3-4 of my work machines (p200) to Beos with Fire/Thunderbird and Gobe Productive - I'm tired of the viruses, and I'm tired of maintaining Windows.
Microsoft probably wrote this (Score:3, Interesting)
Yeah, I know it's far fetched, and probably untrue, but some people need to grow up and realize that the only useful weapons against SCO are FACTS.
Either that or a big budget with which to purchase them... but their IP is so worthless, who would buy them?
The SCO Conspiracy (Score:3, Interesting)
They do get something. They get spam relays. (Score:5, Interesting)
Calm before the storm? (Score:5, Interesting)
The people who read these AV stories do not represent the "average" user who is more inclined to fall for the worm's social engineering. Nor would they be opening the "63 connections per second" to sco.com being touted by the AV vendors for that matter. I suspect that blip is going to pale into insignificance compared to the amount of traffic they are going to get come February. It's a fair bet that SCO will be denouncing the "Linux hackers" as being the culprits in numerous press releases as well, they may be right on that, they may not, but it's sure as hell going to get them a lot of sympathy.
This isn't going to help OSS's case at all, and the only saving grace is the February 12th cut off. Then again, I've yet to see anything about what happens to the port the worm listens on come the deactivation date, or what instructions that port might accept.
SCO Self attack vs. RIAA camouflage (Score:2, Interesting)
Not that I don't think your idea is a serious possibility, but SCO is probably being slashdotted by all the people who want to see if it is down.
Tinfoil Hat idea #3: Since this is being spread by Kazaa, perhaps the RIAA is trying to scare file traders off of the Kazaa networks but ensure the virus is blamed on someone else. SCO haters are a dime a dozen.
Enough for now, I've got to finished rereading Catcher in the Rye.
Please tell me... (Score:3, Interesting)
Please tell me I'm missing a whole load; most of the strings found in the binary are readable after de-UPX [sourceforge.net]-ing, then ROT13ing. About half are ROT13d, half aren't.
Ah well, I'm probably totally wrong, but it just sounds odd.
Open Source illegal? But Apache's okay, I guess. (Score:3, Interesting)
This is not one of SCO's enemies... (Score:5, Interesting)
This is someone who just wants to feel important and who thinks that by DDoS'ing SCO everyone will call him a hero.
Well, you stupid ignorant bastard, if you're reading this, and you probably are since you expect that the Slashdot hordes will applaud your bravery in damaging thousands of people's computers, NO ONE ADMIRES YOU. We spit on you, you're the bastard offspring of a lemming and a hamster and your mother had a beard!
With enemies like this SCO hardly needs friends. Anyone who wants to see SCO suffer for the wrongs they have done should unequivocally condemn such acts of terrorism. SCO will be broken by the weight of justice and right, not by mindless thugware.
Re:SCO probably wrote it (Score:1, Interesting)
Re:SCO probably wrote it (Score:3, Interesting)
Why virii never DDoS AV companies? (Score:2, Interesting)
If you want to write a virus that will survive, won't you target antivirus company, like symantec.com, mcafee.com or pandasoftware.com ?
Re:I never thought I'd say this... (Score:4, Interesting)
I witnessed it on the first visit!
Really though, I wanted to see if they might have added a news piece on their site regarding what was already known to be a pending attack.
I mean..they had to know right? Surely someone warned them, or does really -no one- like them. I think that's pretty likely.
And being that McBride is pushing on with the lawsuits, I would say it's safe to say that he doesn't bother reading the news...
Re:But, damn it! (Score:3, Interesting)
It's at http://petitiononline.com/dontddos
well-deserved (Score:4, Interesting)
Do the deserve it? Yes.
Have they been asking for it? Absolutely.
SCO aren't only the bully, they are the bully who has the rules on his side. "The system" is pretty guilty of aiding and supporting their dirty tricks. So it was only a matter of time until someone stepped outside the rules to get even.
Actually, I'm surprised it's just a small DDoS. I'd have more expected that their LAN gets wasted.
I saw it here in someones sig (Score:4, Interesting)
As much as I think that the SCO leeches are slimy forked tongue greedy selfish two-faced hypocrit lying b@stards, I have to say that those folks who are purposefully attacking them are only helping their cause and hurting the perception of the open source community.
Let them kill themselves. The industry is aligned against them, and you can bet they will castrate them before its over.
Hey Bill (Score:4, Interesting)
Now, I recall, the other day Bill Gates wowed to kill spam and worms, and now this? Looks like he has his work cut out for him there....
This has gotta be the Nth time I've seen reports that a worm has put an executable file into an area of the system that really should have been off-limits to anything not really needing to go there. So what does an E-mail program have to do of meaningful work in the OS code directories? Beats me...
I can offer a hint to Mr. Gates: Rework Windows so that it not only does not require Administrator rights to operate normally, but actually disallows certain operations when being Administrator as well. Such as running browser or e-mail programs.
Make sure no ordinary users can run processes that can write anything at all into the areas not set aside for that user, and the common temporary files area. I suspect there has to be some redesign, but I cannot see how this nonsense can be stopped otherwise.
Attack from the Inside (Score:4, Interesting)
Expect more associations between digital terrorism and Linux (as a catch-all media term for "free software"). The greatest threats to any revolution are:
I strongly suggest people become more familiar with how government and industry have undermined and perverted various revolutions. Start with COINTELPRO [icdc.com], an FBI campaign of the 1960s and 70s. And then read a bit of the history of the Homestead strike [pbs.org].
From undermining the right to vote (via electronic "voting") to lying about WMDs in Iraq -- do you honestly think such people will ignore the threat posed by free software to the lucrative commercial software industry? SCO's assault on free software may only be the tip of an iceberg...
Re:SCO probably wrote it (Score:5, Interesting)
Who else releases press releases deriding competitors or about lawsuits for a year straight, with NO press releases regarding actual real products?
Their goal is spreading FUD, and while they are the SCO group and are allowed to do so, they will keep doing it. If this court case with IBM, and the one with Novell, go on for another 3 years, all through that SCO will release statement after statement to the press speaking rubbish about Linux and threatening normal users. They won't stop until they are made to.
Since the law protects them and allows them to keep making these statements, the only thing that will stop them is something like a DDoS, and that's the situation we have.
Re:SCO probably wrote it (Score:5, Interesting)
The attack on SCO is most likely just a diversion. A simple distraction from the actual goal... to turn millions of machines into zombies which can be used to conduct illegal activities (phishing scams), or can turned into email/spam relays to be sold to spammers.
It's already been established that Mydoom installs a backdoor and allows routing of tcp/ip connections to mask the identity of the originator. More or less exactly what scammers hoping to defraud ordinary people of banking details (phishing) need. Also the standard approach to turning machines into a valuable asset that can be sold to spammers in need of mail relays or "bulletproof hosting" for their websites that host the images all those spam messages reference.
Attacking SCO is a smart diversion.... especially if SCO takes the bait and publishes a flamebait press release (seems almost certain), which will of course provoke a response from the free software / open source communities. Lots of free press to help divert the anger of millions of (clueless) victims towards the very visible open source and free software people, and SCO, and away from the real criminals.
Judging from most of the comments here on Slashdot so far, it appears to be working perfectly.
Re:Why virii never DDoS AV companies? (Score:4, Interesting)
Why would the virus writers DDoS their own web sites? No, I don't find it to be an amazing coincidence that the very people supposedly fighting viruses also employ the people most knowledgeable about creating them. It's their job to know everything about viruses and it's their company's business to sell antivirus software. I was less suspicious back when McAfee used to give out free shareware versions, but when everyone went to charging a subscription fee yearly for updates it kind of became obvious that antivirus companies are behind most, if not all viruses in existence today.
Re:Something Doesn't Add Up (Score:5, Interesting)
I've been trying to complain to admins about this ever since Klez. You wouldn't believe the abuse I've gotten back -- and I've been very polite and nice. Generally, sites feel that it's adequate to add the newly found spoofing viruses to a don't-mail-notices blacklist after it's "realized" that yet another one can't be trusted. GET A CLUE, people -- you can't trust *viruses* at all.
The *real* problem is the antivirus software -- notices should only be sent for "known honest" viruses -- if at all. There should be *no* option to send these notices by default. But the antivirus companies *love* this -- they get to send out *millions* of advertisements for the effectiveness of their product, and no one is allowed to call it spam -- even though it *is*.
Build a Better DDOS (Score:3, Interesting)
Perfect... (Score:5, Interesting)
"Fair enough, a new virus, I gotta go to work."
Flash forward 7 hours to now and I can't *believe* what a great opportunity this virus has afforded me and no doubt countless others reading.
The mailbox it was delivered to was a spamtrap, chances are spamtraps all over the world are being sent the real, legitimate IP addresses of spammers dumb enough to click malicious attachments.
Viruses are bad, DoSing SCO is bad, but god damn, all this time we've been bitching and moaning about viruses when we could have been using them on spamtrap addresses to track down spammers to their *own* internet connection.
Honestly children... (Score:3, Interesting)
Get over it. Yes, SCO is a company that appears to be litigating themselves into profitability, at least until they can manage a stock dump. Yes, they are lobbying Congress with lies about the GPL and the open source movement.
But this doesn't justify a lynch mob. What you are doing is illegal.
If that doesn't convince you, think of the millions of people whose days are inconvenienceda and/or wrecked. Don't you think that their misery far exceeds any temporary hurt you could deal to SCO? It's not like they need to have a whole lot of internet connectivity to litigate their cases. If anything, being DOS'ed helps them make their point.
Think of the big picture. Act responsibly.
Apache on Linux? (Score:3, Interesting)
unknown Apache 27-Jan-2004 216.250.128.12 NFT
Linux Apache 12-Dec-2003 216.250.128.12 NFT
Now we know why they were too busy to respond to the judge's discovery order - they were getting their website converted over to another OS (or hiding that the OS was Linux).
Curiously, the netcraft site [netcraft.com] shows they tried this for a day earlier in December and presumably had problems with the cutover. The full Netcraft report shows an interesting evolution in webservers:
unknown Apache 27-Jan-2004 216.250.128.12 NFT
Linux Apache 12-Dec-2003 216.250.128.12 NFT
unknown Apache 11-Dec-2003 216.250.128.12 NFT
Linux Apache 3-Sep-2003 216.250.128.12 NFT
Linux Apache 21-Aug-2003 216.250.140.112 NFT
Linux Apache/1.3.14 (Unix) mod_ssl/2.7.1 OpenSSL/0.9.6 PHP/4.3.2-RC 17-Jun-2003 216.250.140.112 NFT
Linux Apache/1.3.14 (Unix) mod_ssl/2.7.1 OpenSSL/0.9.6 PHP/4.0.3pl1 20-Nov-2002 216.250.140.112 NFT
Linux Apache/1.3.14 (Unix) mod_ssl/2.7.1 OpenSSL/0.9.6 PHP/4.0.3pl1 14-Aug-2002 216.250.140.125 NFT
SCO UNIX Netscape-FastTrack/2.01 13-Aug-2002 132.147.210.109 Caldera, Inc.
SCO UNIX Netscape-FastTrack/2.01 12-Aug-2002 132.147.210.109 Caldera, Inc.
From SCO to Linux? Linux running as recently as December 2003? Of course, since they own Linux, I guess this is ok...
Re:SCO probably wrote it (Score:2, Interesting)
I suspect it's the last one, unless it turns out that they couldn't interbreed. In which case we rather obviously wiped them out.