Slashdot Mirror

all other security vendors won't be able to run properly.

Trend Micro runs on Vista
Computer associates runs on Vista
Avast runs on Vista
AVG Runs on Vista
Mcafee runs on vista
Hell, Symantec runs on vista

Well, at least it wasn't plaintext like it was in the previous versions.

If by "the first PDA virus" you mean LibertyCrack, then I think you mean "the first PDA trojan." LibertyCrack was a phony program distributed by Aaron Ardiri, author of a shareware Game Boy emulator called Liberty, due to Ardiri's frustration with people cracking his shareware program. LibertyCrack wiped out the user's memory completely, but unlike a virus it did not replicate at all or spread to other devices. The software didn't even cause any ill effects to the computer used to transfer it to the Palm device.

I haven't seen a true virus affecting PDAs... there were a few mobile phone exploits, but none have been "viral" in the traditional sense.

I'm gunna have to call FUD on this one... The news report is inaccurate - McAfee clearly acknowledges eEye Digital as discovering the claim, not their own engineers as the article states.

Link to McAfee knowledgebase article: http://knowledge.mcafee.com/SupportSite/search.do? cmd=displayKC&docType=kc&externalId=9925498&sliceI d=SAL_Public

Copy of message sent by McAfee:
> On July 5th, McAfee, Inc. was notified of a security vulnerability, by a private security vendor, that could affect McAfee ePolicy Orchestrator (ePO) Common Management Agent 3.5, and earlier versions. In order to accomplish this exploit, an attacker would need network access to the client machine and would then need to construct a message consisting of proprietary information. The attack is quite complicated and requires several steps of reverse engineering of the software as well as the communication protocols. > > McAfee> '> s key priority is the security of its customers and it takes the quality of its software very seriously. McAfee has been extremely proactive in this area and has a dedicated team run by a leading industry expert that pushes tools and knowledge throughout the product development organization. As a result, the company has a good track record on security. Nonetheless, software can be incredibly complex. > > In the event that a vulnerability is found within any of McAfee> '> s software, there is a strong process in place to work closely with the relevant security research group to ensure the rapid and effective development of a fix and communication plan. McAfee is therefore alerting its customers of the security flaw. > > McAfee apologizes for any unintended impact to customers as a result of this published vulnerability. We know that our ability to protect customers quickly in the event of an outbreak depends largely on your confidence in our work. We are determined to earn that trust every day and will do everything in our control to mitigate this problem now and in the future. > > For more information on this security vulnerability, please visit http://www.mcafee.com/us/support/default.asp . If that link does not work, then click here: http://www.mcafee.com/us/enterprise/support/index. html and go to "Corporate Technical Support". You will see the bulletin on the left-hand side under "Announcements." >

I'm gunna have to call FUD on this one... The news report is inaccurate - McAfee clearly acknowledges eEye Digital as discovering the claim, not their own engineers as the article states.

Link to McAfee knowledgebase article: http://knowledge.mcafee.com/SupportSite/search.do? cmd=displayKC&docType=kc&externalId=9925498&sliceI d=SAL_Public

Copy of message sent by McAfee:
> On July 5th, McAfee, Inc. was notified of a security vulnerability, by a private security vendor, that could affect McAfee ePolicy Orchestrator (ePO) Common Management Agent 3.5, and earlier versions. In order to accomplish this exploit, an attacker would need network access to the client machine and would then need to construct a message consisting of proprietary information. The attack is quite complicated and requires several steps of reverse engineering of the software as well as the communication protocols. > > McAfee> '> s key priority is the security of its customers and it takes the quality of its software very seriously. McAfee has been extremely proactive in this area and has a dedicated team run by a leading industry expert that pushes tools and knowledge throughout the product development organization. As a result, the company has a good track record on security. Nonetheless, software can be incredibly complex. > > In the event that a vulnerability is found within any of McAfee> '> s software, there is a strong process in place to work closely with the relevant security research group to ensure the rapid and effective development of a fix and communication plan. McAfee is therefore alerting its customers of the security flaw. > > McAfee apologizes for any unintended impact to customers as a result of this published vulnerability. We know that our ability to protect customers quickly in the event of an outbreak depends largely on your confidence in our work. We are determined to earn that trust every day and will do everything in our control to mitigate this problem now and in the future. > > For more information on this security vulnerability, please visit http://www.mcafee.com/us/support/default.asp . If that link does not work, then click here: http://www.mcafee.com/us/enterprise/support/index. html and go to "Corporate Technical Support". You will see the bulletin on the left-hand side under "Announcements." >

I'm gunna have to call FUD on this one... The news report is inaccurate - McAfee clearly acknowledges eEye Digital as discovering the claim, not their own engineers as the article states.

Link to McAfee knowledgebase article: http://knowledge.mcafee.com/SupportSite/search.do? cmd=displayKC&docType=kc&externalId=9925498&sliceI d=SAL_Public

Copy of message sent by McAfee:
> On July 5th, McAfee, Inc. was notified of a security vulnerability, by a private security vendor, that could affect McAfee ePolicy Orchestrator (ePO) Common Management Agent 3.5, and earlier versions. In order to accomplish this exploit, an attacker would need network access to the client machine and would then need to construct a message consisting of proprietary information. The attack is quite complicated and requires several steps of reverse engineering of the software as well as the communication protocols. > > McAfee> '> s key priority is the security of its customers and it takes the quality of its software very seriously. McAfee has been extremely proactive in this area and has a dedicated team run by a leading industry expert that pushes tools and knowledge throughout the product development organization. As a result, the company has a good track record on security. Nonetheless, software can be incredibly complex. > > In the event that a vulnerability is found within any of McAfee> '> s software, there is a strong process in place to work closely with the relevant security research group to ensure the rapid and effective development of a fix and communication plan. McAfee is therefore alerting its customers of the security flaw. > > McAfee apologizes for any unintended impact to customers as a result of this published vulnerability. We know that our ability to protect customers quickly in the event of an outbreak depends largely on your confidence in our work. We are determined to earn that trust every day and will do everything in our control to mitigate this problem now and in the future. > > For more information on this security vulnerability, please visit http://www.mcafee.com/us/support/default.asp . If that link does not work, then click here: http://www.mcafee.com/us/enterprise/support/index. html and go to "Corporate Technical Support". You will see the bulletin on the left-hand side under "Announcements." >

A Blu-Ray burner is like the ferrari of the tech world, and you're complaining about a lack of cupholders.

Here, now it's a cupholder too.

(Explanation here).

I have heard for a number of years about the idea that American (or other foreign, for that matter) companies will be able to open new markets and profits by selling their products (whether they be tangible goods or IP) or services in the People's Republic of China because they represent an "almost untapped market of new customers." But does this really hold true, especially for IT companies?

In the seventeen years I have worked in the IT industry (mostly at companies which sold software, but also for a hardware vendor) I have seen varying degrees of interest in selling products in China. For example, in the late 1980s through early 1990s, I worked at McAfee Associates, which even then had a fairly global presence due to marketing the product as shareware. We had never had any sales in China and, as a matter of fact, would regularly receive copies of our own anti-virus software from which our copyright and contact information had been removed and replaced with messages saying it was from the Ministry of Public Security and to contact them if a virus was found. Of course, changing the messages in the software also set off its own anti-tamper checks for signs of damage/infection by a computer virus, so we received plenty of copies of our own software where the warning message had been edited as well and were infected by computer viruses. Still, it is very hard to sell a product in a country whose government itself is hacking and pirating the same software you are trying to sell. When Bill Larson took over the company from John McAfee he expressed a strong desire to sell products in China, but when I left in the mid-1990s there was still no sales coming in from over there, other than the occasional ex-pat who registered a copy of the software.

Strangely enough, the only company I've worked for which has had some success in China is a telecommunications manufacturer, who makes equipment like VoIP PBXs, phones and so forth. They have had a few wins over there and even have a small sales office in Beijing. I was always surprised they never had problems like Cisco did with Huawei. But that's just one company and sales from other countries in the region (Japan, Korea, Taiwan, etc.) outstripped those. I haven't worked there since last year, but I doubt things have changed much.

So, where are the foreign IT companies which are making money in China? Cisco may have had some success there in the past, but Huawei and their "Cisco-like" products look like they are to overshadow them, and services like Alibaba, Baidu and QQ in China are already servicing the markets that Western ecommerce, search and community/messaging have had only limited success in reaching.

How about making bug fixes easier to get while they're at it? Ever since OS X 10.4.4, the eUpdate client will claim that the update failed, even though it actually succeeded. They have an update for it, but you have to go through tech support to get it.

http://knowledge.mcafee.com/article/86/KB46270_f.S AL_Public.html

McAfee is what my company uses on our Exchange server. I'm a linux guy, so I'm familar SpamAssassin and I use SA on my linux mail servers. However, since SA isn't available for windows, I did some research and discovered that McAfee created a product call SpamKiller, which uses SpamAssassin as it's base, and they basically create hooks into Exchange for it. SpamAssassin is currently up to version 3.1.1, and from what I understand, the McAfee product is still using the 2.X base for their code, but it does work OK. SA does a slightly better job since it's more up to date, but with McAfee's nightly antivirus updates, you also get an updated spamfilter settings and code. I'd give it OK marks and definitely suggest using it:

http://www.mcafee.com/us/smb/products/anti_spam/sp amkiller_mail_servers.html

Like ones that delete such malicious files as Microsoft Office and Windows operating systems?

This really got an "Interesting"? This site really needs a -1 Missinformed. The current McAfee scan engine, 4400, has been out without an update since November 2004. That is the software that does the work. Repeat after me: You are not updating the software. What you are subscribing to are the DATs. These files are not executables. They contain the information on the files that should be detected. You want these to be refreshed often because new viruses/trojans and now malware come out even more often. can't believe I just wasted 2 minutes replying to an AC

Name me one unlazy, smart, or educated person that pays for an anti-virus subscription?

Enlighten me. How much does something like that cost?

How much of my time does it take to run it?

What does it give me?

Is this parallel to health insurance for my computer? So I only have to pay a copay of $25 or so for an in-office visit?

Granted, I'm lazy, but I'm not dumb or uneducated, but I have no concept of an "anti-virus subscription".

My point was that I don't use any computers that need such a thing or to my knowledge, there are even subscription offerings for anti-virus subscriptions.
Currently, I run OS X, Linux, and Solaris, and I have never known anybody that has needed an anti-virus subscription for them.
Am I missing out on the fun?

McAfee DATs 4642 and higher will catch it.

Hello,

A bit of searching came up with the following free or trial versions of anti-virus programs which are capable of detecting and removing Win32/MyWife (née CME-24):

Alwil - Avast! 4 Home Edition (free for personal non-commercial use)
ESET - NOD32 trial version (30-day evaluation)
Grisoft - AVG Free Edition (free for personal non-commercial use)
Kaspersky Lab - Anti-Virus Personal 5.0 (30-day evaluation)
McAfee - VirusScan (30-day evaluation)
Microsoft - Windows Malicious Software Removal Tool (KB890830) (free)
Panda - Titanium Antivirus 2006 (30-day evaluation)
Sophos - Anti-Virus (30-day evaluation)
Symantec - W32.Blackmal@mm Removal Tool (free)
Trend Micro - PC-cillin Trial Version (30-day evaluation)

I'm certain other readers will look up and post links to additional vendors, too. Ob-disclaimer: I happen to work for one of the companies listed above, so there.

Regards,

Aryeh Goretsky

Hello,

A bit of searching came up with the following free or trial versions of anti-virus programs which are capable of detecting and removing Win32/MyWife (née CME-24):

Alwil - Avast! 4 Home Edition (free for personal non-commercial use)
ESET - NOD32 trial version (30-day evaluation)
Grisoft - AVG Free Edition (free for personal non-commercial use)
Kaspersky Lab - Anti-Virus Personal 5.0 (30-day evaluation)
McAfee - VirusScan (30-day evaluation)
Microsoft - Windows Malicious Software Removal Tool (KB890830) (free)
Panda - Titanium Antivirus 2006 (30-day evaluation)
Sophos - Anti-Virus (30-day evaluation)
Symantec - W32.Blackmal@mm Removal Tool (free)
Trend Micro - PC-cillin Trial Version (30-day evaluation)

I'm certain other readers will look up and post links to additional vendors, too. Ob-disclaimer: I happen to work for one of the companies listed above, so there.

Regards,

Aryeh Goretsky

• Despite the eagerness to imply that this is something roaming the net randomly looking for computers to infect, it's pretty much your run-of-the-mill e-mail worm that actively requires opening an executable (.scr) attachment to infect a system. Under normal circumstances (i.e., without the free opportunity to bash Microsoft attached), how many IT pros would say that anyone opening a random attachment e-mailed to them deserved what they got?
• McAfee rates this one as low-risk for both home and corporate users.
• Symantec gives it a run-of-the-mill threat assessment (low geographical distribution, easy containment).

oh my god! i might get a HYPER CARD virus! i need to download MCAFEE (R) VIREX (R) for Mac immediately! MCAFEE (R) VIREX (R) will save me from all 40 mac viruses from the last century that no longer run on my operating system! in fact if there is a new virus MCAFEE (R) VIREX (R) wouldn't be able do anything about it since it is designed to detect stuff like trojans! I feel so safe now with my MCAFEE (R) VIREX (R).

oh my god! i might get a HYPER CARD virus! i need to download MCAFEE (R) VIREX (R) for Mac immediately! MCAFEE (R) VIREX (R) will save me from all 40 mac viruses from the last century that no longer run on my operating system! in fact if there is a new virus MCAFEE (R) VIREX (R) wouldn't be able do anything about it since it is designed to detect stuff like trojans! I feel so safe now with my MCAFEE (R) VIREX (R).

oh my god! i might get a HYPER CARD virus! i need to download MCAFEE (R) VIREX (R) for Mac immediately! MCAFEE (R) VIREX (R) will save me from all 40 mac viruses from the last century that no longer run on my operating system! in fact if there is a new virus MCAFEE (R) VIREX (R) wouldn't be able do anything about it since it is designed to detect stuff like trojans! I feel so safe now with my MCAFEE (R) VIREX (R).

oh my god! i might get a HYPER CARD virus! i need to download MCAFEE (R) VIREX (R) for Mac immediately! MCAFEE (R) VIREX (R) will save me from all 40 mac viruses from the last century that no longer run on my operating system! in fact if there is a new virus MCAFEE (R) VIREX (R) wouldn't be able do anything about it since it is designed to detect stuff like trojans! I feel so safe now with my MCAFEE (R) VIREX (R).

...Is he right, and what actual products exist for OS X that would protect against infections?

Check your own link... while I think the actual financial misreporting happened during the NAI days, NAI has since been split up and the successor company is, in fact, McAfee.

http://us.mcafee.com/root/landingpages/afflandpage .asp?lpname=vs_mobile

McAfee has had a similar product on the market for a few months now.

think of the the amount of scammers that would go out of business

when there is so much money in it, its never gonna stop until we kill the disease, not treat the symptoms

OK, so we have a bunch of ignorant users who either don't know or don't care about this problem. I've always wondered if there was a good use for an Internet chain letter, and I think I've finally found one. Just send the following message to your favorite ignorant user. Maybe if this spreads, people will be so afraid that they'll actually clean their systems. Or at least we'll get to watch them squirm.

Subj: WARNING!!! Get rid of viruses or go to jail!!!

Please read this message! It is extremely important! It might even keep you out of jail!!!

You've probably heard about all the computer viruses that have been spreading like wildfire in the past few years. What you probably haven't heard is what they've been doing to the computers they infect. They've been turning these computers into "zombie computers" that can be controlled over the Internet to send spam, to attack other computers and Web sites, and to spread "phishing scams" to trick people into turning over credit card and bank account information to criminals. These infected computers are grouped into "botnets" and rented out to do the dirty work of whoever is willing to pay, often spammers, extortionists, and other criminal gangs located here and overseas in places like Russia, China, and Eastern Europe. AND YOUR COMPUTER COULD BE A ZOMBIE WITHOUT YOU EVEN KNOWING IT! RIGHT NOW, EVEN AS YOU READ THIS, YOUR COMPUTER COULD BE CHURNING OUT SPAM OR PERFORMING MANY OTHER CRIMINAL ACTIVITIES!!!

This isn't just a minor problem. In fact, it's gotten so bad that THE FEDERAL GOVERNMENT WILL SOON START PROSECUTING PEOPLE WITH INFECTED COMPUTERS!

In a recent Senate committee hearing, Dept. of Homeland Security secretary Tom Ridge said, "The attacks these infected computers can launch has become a matter of national security. We've tried and tried to educate people to run antivirus software to keep their computers free of these viruses, but it appears they aren't listening. I hate the idea of having to start prosecuting ordinary Americans for this, but we don't have many options left."

Ridge went on to say that DHS wants to give people time to get these viruses off their computers, so they plan to wait until Tuesday, September 6, 2005 before they start filing charges.

So, you have until TUESDAY, SEPTEMBER 6, 2005 (the day after Labor Day) to clean your computer of viruses. Otherwise, YOU COULD BE PROSECUTED!!!

BUT DON'T PANIC! Cleaning your computer is easy, and you don't even have to shell out any money to do it. Several antivirus companies have stepped up to the plate to help people meet this important deadline by offering free antivirus software.

AVG Free Edition
http://free.grisoft.com/

avast!
http://www.avast.com/eng/down_home.html

AntiVir Personal Edition Classic
http://www.free-av.com/

Even Microsoft has put up a site with links to free antivirus software from several companies.

http://www.microsoft.com/athome/security/protect/w indows2000/antivirus.mspx

If you don't have time to download and install antivirus software right now, several antivirus companies have even put up sites to do a quick scan and clean any viruses they find. THEY DON'T REPLACE ANTIVIRUS SOFTWARE, but they will let you quickly clean your computer until you can get software installed.

Trend Micro
http://housecall.trendmicro.com/

Symantec
http://security.symantec.com/sscv6/default.asp?pro ductid=symhome&langid=ie&venid=sym

McAfee
http://us.mcafe

This leads to many problems like stuff found recently in almost all Computer Associates eTrust Antivirus products. Because Zonealarm licenced the same software, they were affected, too.

This is just one example of many :

• McAfee
• Trend Micro
• F-Secure
• Symantec

So many well known enterprice Antivurs/Firewall companys create drivers that lead to security flaws and it is not limited to Windows....

The "Teddy Bear Virus" http://us.mcafee.com/virusInfo/default.asp?id=desc ription&virus_k=99436 already spread by infecting the computer operator and causing him to e-mail everyone in his address book.

That's because they gave out the wrong link. What they really meant to say was, "Symantec recommends you immediately patch your software."

You're right, the set of spyware tools tested is not among the best or even popular ones.

He should have tested these:

* Ad-Aware from Lavasoft
* Pest Patrol from Computer Associates
* Spy Sweeper from Webroot Software
* McAfee AntiSpyware from Network Associates
* Spyware Blaster from Javacool software

Check this out for a *real* review: http://spywarewarrior.com/asw-test-guide.htm

My guide to avoiding worms:

When you go to the shop for a new pc, rather then asking for the newest and fastest one with the most megahurts, ask for one that can`t get worms while you are just trying to read your mail. Now if only someone where to market this hot new (only thirty year old) technology.

If noone asks, people will sell everyone crap for many years to come.

Packet filters (traffic mutilating routers) and virus scanners (virus cleanup tools from the dos days) have little to do with security. Personal firewalls that specify the processes that get to do networking and the no execute flag in processors are babysteps back to the day when people realized how to build computers a script kiddy can`t mess with no mather how stupid the application coders behave. I am sorry did I say something to offend the billion dollar a year scaring-people-into-buying-shitty-addictive-securi ty-products "business" You know, the one threatening its own customers to pay up for signatures or die a horrible worm infested death.

If you click on the link in the top 10, you'll come here. What's up with "Find Joke Programs?" That seems a little too specific to be real.

Gator beats any virus in infestation rate if you look at the more relevant statistics.

McAffe used to do a WinCE virus scanner, but now it looks like they only support Dell Axims.

A chart like this perhaps ?

or maybe these charts that you can proudly display on your website ?
or how about a complete industry website dedicated to charts and rankings

shall we keep looking or do you see a relationship evolving ?

On this Windows box at work I'm protected from thousands upon thousands of viruses except the one that gets written tomorrow and the idiot that opens its brilliantly socially-engineered email attachment.

This is rhetorical and wishful: when are we going to get some anti-virus software that protects us before an outbreak?

(please don't say don't run Windows, it is realistic but not realistic today right here)

So many people want capital punishment for murderers, yet the real serious crimes are commited by corporations. You'll never see people demand that a CEO of a major corporation be executed for knowingly distributing unsafe products that resulted in the death or serious injury of many people. Now playing devil's advocate one could argue that spammers and virus writers provide jobs for many people

This has to be among the most unnecessary "stipulations" of a settlement I've ever heard. Why, you might ask? Because only the people who purchased McAfee VirusScan and HAVEN'T upgraded it on a regular basis will be able to take advantage of this deal. Any home/business user who consciously ensures the security of his system(s) could care less about this "free" offer, since he's already upgraded from versions 3 & 4 (come onnnnn! we're at 8 already! talk about overdue!), while the others who purchased those older versions and haven't upgraded.. well, seriously, do you really think they're visiting Slashdot or checking the McAfee press releases on a frequent basis? Of course not. Hell, even if they did check the McAfee website lately, they'd find no easy-to-find trace of this upgrade.

This extra "offer" is really useless lip service that gives fake dignity to the company. "Whoops, we messed up, but we're taking care of it, even though it won't even cost us 100 copies of the software in question, but hey, it looks noble and respectful to the people who ARE paying attention, right?" Bullocks.

Clicking the above link install this worm - here are removal instructions.

W32.Wallon.A@mm is a mass-mailing worm that sends email messages containing a hyperlink to download the worm body from certain URLs. It also harvests the email addresses on the infected machine.

The worm exploits the following vulnerability: Microsoft Security Bulletin MS04-004
http://www.microsoft.com/technet/security/bulletin /ms04-004.mspx

Related Web Sites for removal instructions:
http://securityresponse.symantec.com/avcenter/venc /data/w32.wallon.a@mm.html

http://us.mcafee.com/virusInfo/default.asp?id=desc ription&virus_k=125096

this news doesn't affect anybody who uses a customized HOSTS file to stop the majority of ads from appearing anyway.

1. MSIE (heaven forbid!) can block a list of sites. I think the effect is the same (but I may be worng)
2. Tools
3. Internet Options...
4. Security tab
5. Restricted Sites
6. Sites...

I wish there was something similiar in Firefox! My employeer's virus scanner (McAfee) can restrict sites by IP address or URL.

A problem is that these days, some web sites (SlickDeals.net) are doing some things that causes valid pages to fail to load because of my "blocked sites". I usually get a "Cannot find server or DNS Error" because I've blocked various ad sites.

msblast is still out and about, and if you aren't patched far enough from the start (eg, installing from older discs), you've got a good chance of getting infected just by logging on. I usually keep a disc around with patches/firewall/AV software that I install before the machine gets on the network.

It has been my experience that Mcafee 9 will detect and remove spyware, link to McAfee

Phatbot

FYI, I am posting AC for a reason. The company I work for does roll-outs and tech support for small cable companies. Scripts are in place to automatically deactivate accounts with high upload/download bandwidth (meaning trojan p2p programs) and techs monitor e-mail usage. Problem with an account? Notify account holder and de-activate account. If the account holder can't be notified, the account is de-activated anyways.

It's time people start taking responsibility for their actions when using a computer. Computers need to be patched frequently with Windows Update. AntiVirus programs such as Norton Antivirus, Mcafee VirusScan, or Trend Micro PC-Cillin (my personal favorite) are needed with updates and scans run, at the very least, weekly. Computers also need anti-trojan programs such as The Cleaner and anti-spyware programs such as Spybot Search & Destroy and Adaware. Even go as far not to use the default Internet programs, Internet Explorer and Outlook Express. Instead, use free, open source programs such as Mozilla Firefox (browser) and Thunderbird (e-mail).

Naturally, the majority of people on /. know this, but we need to spread the word.

this next service pack is going to seriously fuck up some software industries... a better personal firewall, a popup killer, and now antivirus, all now bundled with the OS? and free?!

So the other free AV tool screwed up the expensive paid ones?

This is a mass-mailing and peer-to-peer file-sharing worm that bears the following characteristics:

* contains its own SMTP engine to construct outgoing messages
* contains a backdoor component (see below)
* contains a Denial of Service payload

...

On receipt of another kind it can relay TCP packets thus providing IP spoofing capabilities (possibly to facilitate SPAM distribution)

• The idea that the payload is inert comes from a single post on the internet by some random guy, and is now being quoted all over slashdot without anyone checking or verifying. It may turn out to be true, but either you should personally verify it, or at least wait for ONE other person to verify it before you start conspiracy theories.
  
  
• Norton Antivirus believes the payload to be an active DDOS against www.sco.com. So does F-Secure. So does McAfee.
  
  
• You can look at the worm yourself and verify that it contains references to www.sco.com. Combine this with the fact that the worm is fairly small and is UPX compressed, you can conclude that the worm author took up space with the reference for a reason, either to create conspiracy theories (which would be unprecedented for a worm/virus I believe) or it's actually to DDOS a website (happens all the time with worms/viruses).
  
  
• The partial dissassembly that people have posted so far indicates that the worm does use the www.sco.com address while creating a thread, opening a socket, and send some data.

McAfee has a writeup, too. Sorry about the Sophos typo.

McAfee has a writeup, too. Sorry about the Sophos typo.

Information on the worm can be found here and here, and removal tools can be found here and here