Slashdot Mirror
Today's Windows Virus - MyDoom / Novarg
Oddster writes "There is a new virus out by the name of Novarg which can infect all Windows versions from 95 to XP. It has two interesting features - first, in addition to mass mailing, it also distributes itself via the P2P network Kazaa. Second, it can perform a denial-of-service against www.sco.com. Details at Symantec
and F-Secure, although neither seems to have finished their analysis." Other readers have sent in links to coverage at CNET and Security Response, and Russ Nelson provides a sample message.
Finally, a worthwhile virus!!
Common sense is not so common.
i just got the patch off of kazaa... sweet jesus, just in the knick of time.
whew.
i was scared there for a ss.....[NO CARRIER]
MARIJUANA, SHROOMS, X: ONLINE?! - E
"Second, it can perform a denial-of-service against www.sco.com" Will this be the first virus I willingly load on my machine?
"Second, it can perform a denial-of-service against www.sco.com."
How do I get it?
Sdelat' Ameriku velikoy Snova!
Who the hell is gonna open a 3kb executable from kazaa?
--
WHO ATE MY BREAKFAST PANTS?
Here's another story.
Funny that I come to submit the article and already find it at the top of the page...
Ok -- which one of you wrote this.....
10b||~10b -- aah, what a question!
Back in my day, viruses came in via the boot-sector of floppy drive. You actually had to know fudge to write one.
You yung whipper-snapper virus writers and your MS holes got it way too easy.
On one hand it seems to be written by the RIAA, on the other it looks like some linux loony, can it be both?!
That's a message from God!
This
5 posts so far, and 3 of them are of the "I WANT TO PARTICIPATE IN A SCO.COM DDOS" variety.
people... that is illegal and not the way to win the fight.
i'd say more, but i have to go load that virus on my 3 other laptops.
MARIJUANA, SHROOMS, X: ONLINE?! - E
Second, it can perform a denial-of-service against www.sco.com
Great. This will give SCO some good PR ammo. Thanks guys.
NOT FUNNY! That's exactly how I expect SCO are going to try and spin this.
http://kerneltrap.org/node/view/1584. zdnet.co.uk/software/linuxunix/0,39020 390,39118285,00.htmw ledge/hype/20031209_l inux.shtml
What goes on?
http://www.cert.org/advisories/CA-2003-21.html
http://news
http://www.trusecure.com/kno
I see a pattern forming and it ain't pretty.
Obviously, SCO has many ennemies. Most of them are probably nix users and the public knows that. If we want to have the public favor OSS, reputation is also important.
Just my 0.02$
DrkBr
Think about it. Until now, the Linux community has seemed very innocent over this whole issue. It's simply a matter of a company trying to oppress people for it's own gain (at least in the courts' eye). When people start doing illegal things such as writing viruses to get back at SCO, on the other hand, the Linux community loses much of its innocence. Look beyond the surface; this is a big PR hit for the Linux community. Remember the debate when SCO was DDoSed? This is the same thing, but much worse, and on a larger scale. Writing a virus in itself is illegal, given their nature, and a DDoS is also illegal (I'm not counting Slashdottings and the like).
Hi,
I believe ClamAV was the first virus scanner to pick it up and because they couldn't find any others that had picked it up and named it, they called it "Worm.SCO.A". Gotta like Open Source.
Oh, and I've blocked over 3000 copies of the worm in the last few hours with clamav.
Jib
www.sco.com isn't responding to me at the moment. or maybe we just slashdotted www.sco.com checking....
What leads you to believe any Linux developers is behind this? I say it is just as likely to be someone who hates linux and wants to make it look bad (out of work MCSE maybe? :) ). Possibly even SCO themselves, would that really be that strange given everything else that have done up to this point.
Strike that, it would be strange if SCO still had anyone working for them that could code.
Finkployd
Our virus filtering usually quarantines around 40 messages per hour. Right now we're seeing over 1600 per hour.
At least the MRTG graphs are pretty.
I just got the first one as I was reading the story on ./ ! :)
Weird thing is : it arrived to a non-existant address on my domain (and was forwarded to the catch-all). I have no idea how it got that email...
Pretty stupid trick : the attachment was README.ZIP, which contains the filename README.HTM_______________.SCR (the _ are spaces) so it looks like an html file at first glance..
Nicely done, but good luck trying to infect my Debian
Why on earth would you assume that it would be some fringe Linux zealot? It could be a pissed off SCO employee, an investor, someone from IBM, any number of UNIX developers. SCO pissed off a lot of people and you don't actually HAVE to use Linux or even care about it to be smart enough to exploit a dumbass Windows user's gullibility.
The only thing more blatantly paranoid than YOUR comment would be to say that Darl himself wrote and released it to make people like you say things like that. Except, Darl is a meathead and I doubt he can spell his own name, so I doubt he wrote it.
Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
To show that there are no hard feelings after the virus enterd my work network, I would like to invite the virus writer to play a game of baseball.
Just show up, I'll brng the bat!!!!!!!
Unlike some other *cough* commercial virus scanners. If you have your MTA setup properly with clamav (like qmail+qmail-scanner), a simple "freshclam --stdout" will do, then watch the "SCO.A" log messages scroll on by.
Let me get this straight:
1) It has a simple text message plus a binary payload attachment.
2) It uses no M$ exploits (patched or unpatched) to install itself.
3) It depends on someone opening the attachment to start an infection.
And after all this time, people are still clicking on binary attachments? Great googly moogly. At least this sucker is only 20-40K. I'm sick of the 140-160K ones swamping my hotmail account. This one will barely be an annoyance.
To quote Evil Willow Rosenberg: "Bored now."
Design for Use, not Construction!
Attempt to enter some code into some random OSS project that DoSes www.kernel.org or www.gnu.org or something like that then make a big media spectable out of it. Reveal 'hints' that point to some SCO fanatic inserting the code. On that note, I think SCO is capable of writing a virus to DoS their own site just to get some good PR ammo.
Hate me!
Absence of data, hmmm....You guys wouldn't happen to work for sco would you?
It is DoS'ing SCO - a million slashdotters descend upon the SCO webpage to see if it still stands.
I am one of many. My idea is not unique, nor do I expect my voice alone to sway you. I speak in a chorus of opinion.
Now Darl seems to have some credibility with the Linux == terrorism threat. Good going, guys....
I'm not so sure, this was obviously done by a WINDOWS hacker. Most of the Linux hackers I know have no freaking idea about MS Windows internals and they honestly don't even care for that sort of "knowledge".
If programs would be read like poetry, most programmers would be Vogons.
how does this reflect badly on linux users? if i'm not mistaken, it infects windows machines, surely this reflects badly on microsoft windows? nobody can say that the virus writer is a linux user, now who's talking shit? SCO have pissed off so many people it could be anyone.
--- any post that takes longer than 20 seconds to write, isn't worth writing
Hmm, if this is a big worm (sounds like it might be), then this will show up in the news. And if it shows up in the news (i.e, MSNBC, CNN, etc), they will have to explain *why* www.sco.com is a target.
Any guesses on how botched/one-sided/anti-Linux their explanation will be?
Not that this virus writer is helping things with this stupid thing.......
So who has the motivation? People who've shorted SCO stock and need it to fall, so they can cover their position. People who've invested in SCO and need a reason to sell off without explaining that they bought into something stupid. Not us.
Humour aside, if that was the intention of the virus, it should bring down the SCO email server (mail.sco.com) as well as www.sco.com. This would hurt sales and cause a major inconvenience.
SCO's lawyers are probably 'creating' a lawsuit as we speak - claiming the portions of the virus are SCO IP. (Which is just as believable as Linux containing SCO's code.)
SCO could also have written the virus - to hurt the image of their competition.
that aims to define exactly who it is that is opening email, saving attachments, opening the attachment, running the payload, and is not using AV software. I mean that is a lot of work by someone with at least *some* clue about email. Who is doing this? Is there a profile? Is it generally a home user, or generally at a public school? Is it that there is a subset of people that for their own sick reasons *always* runs infection attachments just to watch the LAN go down so they can go home early? I'm becoming suspicious [tinfoil hat goes on and is pulled down hard]
=^..^= all your rodent are belong to us
Here's the google cache of the sco site for when the virus takes over.
SCO, killing orphans and nuns since 1999.
riding round the world on an old motorcycle
To all the people who are busy vaulting onto their high horse, ready to scold the Slashdot community for our apparent complicity in this, don't bother. I get so sick of the holier-than-thou attitudes that people cop when the "Linux community" does something to "make Linux look bad".
First off, why do you assume that the person who wrote the virus is reading Slashdot?
Second, how do you know he or she isn't cackling with glee over the froth you guys are working up?
Third, what exactly the hell am I supposed to do about this virus, given that I didn't write it and most likely don't know the person who did write it? Feel bad for SCO?
If I were a script kiddie, this is exactly the effect I'd go for; try to piss off Windows users and Linux users all in one shot.
Face it, the "Linux community" is made up of lots and lots of different people, and it only takes a handful to make life harder for the rest of us. But scolding Slashdot isn't going to do anything other than make yourself feel good.
Jay (=
It does run on Wine..
I was trying to look what these messages were, and I executed the contents via wine.
A Notepad with garbage appeared, then I do a netstat and I saw the control port beeing controled from a wine instance.
So I think it runs on Wine.
I killed the wine instance and the port stopped
listening.
- Smells Like Open Source Code
NEVER underestimate the power of human stupidity.
Browse at -1, because trolls are often the most creative part of
It's not Microsoft's fault that stupid people use Windows. No decently intelligent person is going to open an attached .zip file and the file within it...
Stupid people need something that is easy to use. If Linux was as easily accessible as Windows, I'm sure it would be plagued with many of the stupidity flaws that Windows has.
webpage
Does it run on linu.....
Oh nevermind
Error 407 - No creative sig found
No one likes virii... Then again, who likes the SCO either?
Buckethead
Grandfather (gruff Northern English accent): "In my day a virus was a proper virus, it destroyed your hard drive and wiped away your entire silicon existence but we held together lad, together"
Grandson (wide eyed): "Was that when you had keyboards granddad? Crikey. Pass the DNA-USB dongle over please..."
I've noticed that everyone who is for abortion has already been born - Ronald Reagan
SCO just started yet another lawsuit, this time with Novell. Now the financial types could be recalculating how many quarters until SCO runs out of cash and has to cease operations. Let's not let them get distracted by stupid email tricks.
* ^ *Content-Disposition: attachment;
* filename=".*\.(pif|exe|scr|zip|bat|cmd)"
Looks like it works:
wee@foo:~$ grep 'mail/virus' .procmaillog | wc -l
21
Not terribly effcient, but every little bit helps.
-B
Ash and Hickory, straight-grained and true, make excellent bludgeons, dandy for the cudgeling of vegetarians.
"Why on earth would you assume that it would be some fringe Linux zealot? It could be a pissed off SCO employee, an investor, someone from IBM, any number of UNIX developers."
... well anything else.
a.) The fringe Linux zealots are upset enough to do something like that.
b.) An SCO employee, investor, or somebody from IBM isn't going to attract legal attention.
c.) There aren't many people who'd prioritize an attack on SCO over
It'd be moronic for a Linux zealot to not be at the top of the suspects list for what happened here.
"Derp de derp."
Does the virus install it's source, whine about the GPL and insist on being called GNU/MyDoom?
"W32/MyDoom-A also drops a file named shimgapi.dll, which is a backdoor program loaded by the worm. The backdoor allows outsiders to connect to TCP port 3127 on your computer."
From www.sophos.com
I DO in fact have a paypal account and am willing to accept donations for my contributions to society.
Send donations to:
wenNOdoy@SPAMconsolidated.net
I hadn't seen one until I started reading this story on here... then I got 2....
Strange coincidence.
---- Booth was a patriot ----
Having everything@mydomain redirected to me, I've just noticed that this thing randomly spews out prefix names. In an hour received emails targeting: mary@* george@* smith@* Have not seen anything as prolific in terms of random addressing. The virii before this one very rarely threw up random names. *shrug*
Amen to that! Stupid virus authors, giving a bad name to all us honest respectable SCO-haters... *grumble*
I always download the attachments that say "I love you."
Sure, it might be a virus... But I can't take the chance I might miss a secret admirer.
In fact, unless I miss my guess, this is how it infects you:
1. Receive mail.
2. Open mail.
3. Double-click attachment. This opens the archive.
4. Double-click the payload inside the attachment, thus executing it.
5. Get infected. Lather, rinse, repeat.
So, in order to get infected, you have to open a suspect file inside a suspect archive inside a suspect e-mail.
And it's spreading like wildfire. I was going to ask "are people really this dumb", but I guess the empirical data available makes that question moot...
-HubCity
Altrok & Altrok Radio
SCO makes us all mad. Mad enough to want to sock Darl in the nose. But what good will DOSing them do? So people can't get to their website... Big deal. It's not like they're Amazon.com or anything.
I work at a company who has offices all over the world. One of our offices has XO Communications as it's ISP. The same ISP that SCO uses. I often hear one of our network engineers cursing them because the the service is poor and outages are not handled in a timely manner. It's not Hard to DOS them.
Perhaps the virus should have focused on a more useful target, like the law offices that are handling the whole SCO fiaSCO.
if you install potentially malicious software from unknown sources, you're bound to end up with a broken system. this is not a flaw in the OS.
if you install potentially malicious software from unknown sources, you're bound to end up with a broken system. this is not a flaw in the OS.
if you install potentially malicious software from unknown sources, you're bound to end up with a broken system. this is not a flaw in the OS.
Sure, I can write a fake su or sudo in three lines of bash script. The way beginner Linux distros sudo their way to hell, zillions of users will be affected by this the day Linux gets to the vast unwashed desktop masses.
Many people argue that Linux has less problems because it is more secure. Others say this isn't true (for NT-based Windows, anyway), and that Windows is simply a higher profile target because of the higher user base. It is impossible to prove either arguement since no one knows how many security flaws are in either system. To add another variable to the problem, is Windows a target because Linux users hate Windows. It's probably impossible outside of Redmond to find anyone who hates Linux. This latest Windows attack seems to be perpetrated by a Linux user, since it attacks SCO as well as Windows. Is this attack motivated simply by hatred? Could this be a significant factor in the equation for why Windows is attacked so often?
Vote for Pedro
Normally I would say this idea is paranoia. But then, your point deals with SCO, and we know they are both paranoid and dishonest. It is without many questions that SPAMers have used virus to advance their cause, and there is good reason to believe Darl et al have less integrity than SPAMers do...
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
> 1) It has a simple text message plus a binary payload attachment.
:-/
> 2) It uses no M$ exploits (patched or unpatched) to install itself.
> 3) It depends on someone opening the attachment to start an infection.
Compared to the real world this would be something like:
"Whoa! Theres a black, unmarked bottle on my doorstep that reads 'Returned to sender'. I am quite f*cking sure I did not send this bottle in the first place. So why don't I open and drink it? It can't be dangerous!"
Anybody with some common sense would not act this way IRL, but with computers its all different...
I pity the state of the union
cd pub; more beer
First you save the attachment.
Then you unzip it.
Then you execute it.
Why do the virus writers even bother writing code? If people are willing to do all that, it sounds like the next virus will consist solely of the text:
"Pick a friend at random. Go over to his house and bash his computer with a sledge hammer."
I have received over 30 emails with this virus attached today already. From what I've seen, some come in the email described in the article post, but I have also seen emails containing this virus that look like this: The following email is encoded in UNICODE format please see attachment for message. - or - This file is encoded in 7Bit ascii format please see attachment for message. The attachment is always 22.6k in size. Thought windows slashdotters would be interested in this info.
ping www.sco.com
/dev/null
ping -f www.sco.com
or how about a crontab entry?
* * * * * wget -r http://www.sco.com
Then you're obviously failing to communicate to your mother the gravity of the situation. In all the years my mother used a Windows machine her computer did not have one virus. The rules are very simple. I also have no trouble at the office. With the exception of the H.R. guy who must open attachments (primarily Word documents) in order to read people's resumes it's been a long time since we had any viruses running on any machines in the Hampton office. Furthermore, through a mistake either my boss or I had made we hadn't set his machine to update virus definitions automatically so I give the H.R. guy a lot of credit for having avoided viruses without it.
It certainly doesn't hurt to have a Symantec Anti-Virus Corporate Edition and to be running Novell GroupWise instead of Microsoft Outlook^WOutbreak but it's not the end-all of virus protection either. Proper user education is an important part of running a network. I keep the users at the office informed about how viruses work and how they propagate. I let them know that I've done all I can and that it's up to them to use their good judgement. I remind them that message headers are just as easily forgeable as the return address on an envelope.
It's worth the time. I'm not saying I just wrote one message and all viruses were gone. I wrote several. I talked face to face with people in the office about it. I ask them what they think about viruses and spam. I give them the information they need to make informed decisions. In the end, it makes my life a lot easier.
The simple problem is that people don't know unless you tell them. They only hear what Tom Brokaw or Katie Couric tells them. Tell them how it really works and they will understand and try their best. A few will slip up. Don't be mad at them, just explain things again so they understand.
The only case where this won't work is if you have a high employee turnover. If you do then let your boss know that viruses are simply another cost of high employee turnover. If you do that then he will have the information he needs to make an informed business decision. Maybe he'll decide it's worth taking some measures to keep people around. Put it in terms of dollars. Do whatever it takes but viruses can become a thing of the past if more companies started to do this.
Because clicking on an attachment shouldn't do anything. Only a fascist pig with a read-only mind would think it even a remotely good idea for an email client (note: "email client", as in handles email. The term, "program launcher" isn't expressed or implied anywhere in there) to load and launch an attachment.
There are very narrow cases where it's okay to do something. If its MIME type is text/plain, it's okay to display it. If it's MIME type is text/html, it might be okay to display it (providing you block JavaScript execution). If it's a media file (image/whatever, audio/whatever), then it's probably okay to launch a viewer or display it inline. If it's a compressed archive, it's probably okay to display a listing of its contents (automatically unpacking it is right out). And finally, if it's executable, a warning should be displayed before you allow the user to save -- not launch, save -- the attachment.
Always believe the MIME type. If the filename extension and the MIME type conflict, and you are saddled with an OS designed by orangutans where the three character extension of the filename determines its type, then append to the filename the OS's local extension representing that MIME type before handing off for subsequent interpretation.
Despite how many times The Finest Engineers Working In The Industry have fscked this up, this is not, and never has been, rocket science.
Schwab
Editor, A1-AAA AmeriCaptions
>Now Darl seems to have some credibility with the Linux == terrorism threat.
No, he doesn't; it's a Windows virus, not a Linux virus.
Windows == terrorism
Proof that Windows is a danger to national and economic security.
I don't know the meaning of the word 'don't' - J
It'd be moronic for a Linux zealot to not be at the top of the suspects list for what happened here.
There's absolutely no reason to believe that. While I wouldn't be surprised if some fringe looney tune did release it, I'd be equally unsurprised to discover it was a disgruntled SCO employee or just somebody looking to make Linux users in general look bad publicly.
Or, to put it another way, until there's evidence pointing at someone, I'm not going to go jumping off the conclusion cliff like so many of the other folks here have already done.
Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
Bruce
Bruce Perens.
Alright. Now listen up. Here's the deal....and I'm not accusing anyone...I'm just saying...
"The worm encrypts most of the strings in it's UPX-packed body with ROT13 method,"
I *KNOW* it was one of you fuckers...
I hate to say it, but Norton Anti-Virus doesn't exactly inspire much confidence with me to begin with.
I've removed a *bunch* of back-door trojan horse programs (MovieWorld and so forth) from Windows PCs that were running Norton AntiVirus 2003 with all the latest signature updates being "Live Updated". The freeware AVG Anti-Virus personal edition found them, as did a relatively unknown scanner called Avast.
Why is it people have to pay $30+ per year for a subscription renewal for a big-name, commercial scanner that can't even find things the freeware packages find and remove?
Air-traffic control systems don't run no Linux. They either run QNX or SCO.
Linux in Air Traffic Control
All Hail Discordia. Hail Eris. Fnord.
* ^ *Content-Disposition: attachment;
* filename="(message|body|document|doc|data|readme|
I am not convinced that this is the only method the thing travels by. My laptop at work got infected with this, as did my office mate. We both saw mail going out as us to others in our group, etc. Neither of us double-clicked the attachment or ran it. Being curious though, we did (apparently both of us did this) right click the attachment, save it to a dir on a linux box for inspection in emacs hexl-mode, etc. So unless this thing launches via a right-click and save operation (off of the windows box entirely), there must be some other transmission mechanism.
What if a virus were written by the RIAA? It could plant itself, activate when it sees a violation, and report the user over the internet.
Similar to the way the FBI operates. Only the FBI (usually) uses warrants.
Well I have my copy! Arrived in my fiancee's inbox this afternoon. She helped me analyze it in Linux over the phone. (She's a biblical scholar when she's not hacking. What's not to love? :) Well we ran strings on it, among other things: it contains a few nuggets:
/abcdU VWXYZ
;-)
o Part way down the strings output there the following:
(sync.c,v 0.1 2004
1/xx
: andy)
Weird.
sync.c: I believe is a linux kernel file? Maybe it was written on Linux? Who knows.
o Further down is:
notepad %s
Message
This is consistent with the notepad screenshot on McAfee.com
o Then some more weirdness:
ghijklm
pqrstNwxyzg
ABCDEFGHIJKLMNOPQRST
I guess this cracker knows the alphabet. I am impressed!
o More funniness:
Sack_i
smith[C
&joe?neo/
Matrix fan?
o gold-Pxc
I guess this is reference to the electronic banking system it attacks
o Further down:
USERPROFI
Going for the registry I see...
o More sequences
ASCII
r=it f
0aA!0123456789+
My guess is that the sequences are character food for the random message generator
o Towards the end:
Libra
I guess this hacker is indecisive
o Finally, it wraps up with a list of windows dlls and function names.
-ghostis
our comment violated the "postercomment" compression filter. Try less whitespace and/or less repetition. Comment aborted.our comment violated the "postercomment" compression filter. Try less whitespace and/or less repetition. Comment aborted. lameness filter food
Computer Science is all about trying to find the right wrench to bang in the right screw. -T.Cumbo?
it can perform a denial-of-service against www.sco.com. Details at Symantec and F-Secure, although neither seems to have finished their analysis.
.. lets take our time over this.. no need to rush things now is there? I mean - we wouldn't want to make a mistake or anything now would we?
Cut to the labs of the antivirus companies:
Sir! The new virus seems to launch a DDoS against sco.com!
REALLY? Great work! Now
Take a 2 day lunch.
This has been a war since the mid-90s. At some point, you just give up. There are people, bless them, who are trusting by their nature. She knows to NOT click on things sent to her, but when her friends send her a joke program and she doesn't click on it then she has to field the "Didn't you see the funny thing I sent you?" questions. People don't like to be left out. Call it gullibility, but there are people in the world who will ALWAYS do what the script kiddies and worm writers want just on default behavior alone.
Comparing it to Windows will be a moot point, since El Dorado is going to have a 40% larger code base than XP.
The social engineering on this one isn't half bad.
.zip file was "readme.txt%20%20%20%2020%20%20%2020%20%20%20.scr" , which shows as "readme.txt" in the Windows GUI.
The first one I got looked like a bounce message, with text saying there were some non-7bit characters so the full message would be in an attachment.
The payload inside the
Believe it or not, there are mailers in the Windows world that send bounces with the original message as an attachment. This worm could easily fool someone who wasn't technical or wasn't paranoid.
For the first time in my life, an email virus has actually ended up in my inbox.
:)
*sniff*
Im so happy. Somebody actually has me in their address book.
Well, as proprietor of some anti-SCO websites, let me weigh in here:
/., and what do I see? A virus attacking SCO!
.pif, .scr, .zip file extensions.
.pif or .scr. Until the antivirus
companies release the definition files to detect this new virus, we are
banning the .zip extension also.
As soon as our vendors update the definition files, we will remove
the ban on the .zip extension.
ARE YOU IDIOTS INSANE?
(FYI, I am a college student, U of W @ Madison) I didn't hear about this new virus until now. But at about 4:30 PM today, I get this email from an attractive, intelligent female friend of mine from high school. She goes to Knox College in Illinois. (Let's call her Kristin) The email is listed below in it's entirety, but basically it says watch out for this new virus. So I figure, OK, maybe some stupid Bagle (Beagle, whatever) virus variation has come out, and computer illiterate college students haven't figured out how to push the big Update button on their virus scanners. No biggie.
So late evening, around 6:30 PM, I go to a student government meeting (contrary to published doctrine, some college students actually give a shit about what's happening in the world.) I get back, check
Now, I think everyone here knows I dislike SCO. I own websites that are anti-them (Check my sig, the scolawsuit.com link above, and Litigiousbastards.com linking campaign. But this is not the type of publicity we need. This gives SCO more ammunition, when it needs less. Guess what? The public equates viruses like this to terrorism. The average Joe Sixpack will think "Oh, this poor company's getting hurt by terrorism! These gosh darn Linux assholes are terrorists!" Can you say Guantanamo Bay?
If you want to DOS someone, do something constructive like sending an email to a Congressman/woman, donate to Groklaw.
(And yes, I must admit, and in the spirit of fairness, I was laughing out loud when I saw this article)
My friend's letter:
Hey everyone - Just something you might want to be aware of even with the virus protection software that you have. School is going well, and I am really enjoying myself here. I have a lot of work, but I am having fun. I even had a bat in my room, which was interesting. Ok, time to go back and do homework.
Kristin
=Original Message=
From: "M. Sean Riedel"
Date: Mon, 26 Jan 2004 15:59:33 -0600
A new virus, yet to be named, is spreading quickly and has slipped by many AntiVirus applications. If you have received a message with the following parameters, delete it immediately without opening the attachment. You will only become infected if you open the attachment.
The common factor in its profile is that it carries an unsolicited attachment. So far we have seen filenames of "body", "data", "document", "file", "glszfj", "message", "readme", "test", "text", "vgsu042a", and "vncexdl" attached to messages all with either the
We already ban extensions of
As always, if you receive messages with attachments from anyone you do not know or unexpected attachments from people you do know, don't open them. If the message is from an unknown party, just delete it. If it is from someone you know, verify with that person that the attachment was intended since many viruses will forge the sender.
M. Sean Riedel
Computer Center
Knox College
## drop all Novarg/MyDoom virii
* ^AFAmSgBAA/2yaZosEAT0JegBAE
{
LOG="$NL Novarg/MyDoom Virus$NL"
Novarg.txt
}
No guarantees - Haven't had much time to test it. Not the most efficient either (should probably check the file size first and rule out small messages first) but it should get the job done on most "average traffic" mail servers.
Did anyone bother to read the details?
SCO hasn't been attacked yet. It doesn't kick in until Feb 1st and then it doesn't even go for two weeks.
How kind of virus writers to put a time cap on how long it does damage.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
The executable is way too small (22,528 bytes compressed vs. 150k+ for most of the usual trash by spammers). I certainly doubt it was written in VB.
One line blog. I hear that they're called Twitters now.
When I first heard about this, I had to laugh out loud... "All targeting www.sco.com? Ha!"
Then, the phone rang, and I had my first 2 computers infected on my network. It was 3pm, and it was first discovered at about 1pm. (PST)
This is no laughing matter.
Who ever wrote this was quite the skilled assasin: Works on 95 thru XP machines? Transports by Mail with its own SNMP deamon? Spreads over Kazaa? This is very well planned.
The thought that a Pro-Linux activist did this discusts me. There is no way this can be good for linux's fight against SCO. Hopefully it can be proved to originate from somewhere, because if it comes from a linux user, the linux comunity will damn him. If it comes from anywhere else, then the extra leverage on the SCO vs. Linux suit will be lifted.
Then we have the consperancy therorists: SCO wrote it themselves! Now that's funny... unless it turns out to be true.
I've even heard a guy who claimed that the anti-virus companies' employees write the viruses... eather with the companies' knowledge or not. He claimed that they did this to "keep the demand up for AntiVirus software." Now that's scary.
If I have anybody in the world to blame for this, I'd like to blame the following, who made this possible: 1. Microsoft and their horribly easy to infect OS and mail client. and 2. Kazaa for helping the comunity spread filth.
And SCO: I dissagree with your suit against Linux and Co., but you do not deserve this attack. The rest of the world also does not deserve to help clean up this mess which you are the obvious target.
*Sigh*... I'll be up late getting ready for tomarrow's onslaugt of computers to disinfect.
Pathway
Darl will say Linux supporters must have done it, and the media will quote him, and clueless people will read it and associate whoever did it with us. So while we know it wasn't "one of us" and we don't support it (except in jest), people will read otherwise. We unfortunately don't get to choose who the public associates us with.
Litigious bastards
SCO will most definitely use the virus as evidence to their argument that all Linux users are criminals. Because you know, of the millions of Linux users out there, after nearly a year of putting up with outright lies, insults, threats, and slander, one person among the countless millions got angry enough to release a virus against SCO. If one out of the millions of Linux users was capable of that, just imagine what the rest of them are capable of. At least that's how any argument from SCO would probably sound to us, except that it begs the natural response "They were running Windows!!!"
Yeah, I suggest removing all CD/DVD/Floppy and whatever drives and ripping the network cable out of the wall. Better yet, disconnect the power supply... Voila - secure system.
This comment does not exist.
I doubt you've got the virus. The virus has probably used your email address as the return address, so that you get the bounces despite not having the virus. I've received lots of virus warning bounces, mostly sent to "helen@benroe.com" and "serg@benroe.com", which aren't email addresses I use (obviously).
clamav
Google now shows Caldera as the first hit for a search on "litigious bastards", while www.litigiousbastards.com (a site about SCO) comes up about five down. Go team!
do not read this line twice.
I just think it's funny that Slashdot STILL reports *user-run* attachments as "Windows viruses," as though it's some major flaw in Windows that users are dumb enough to run whatever executables come into their inbox.
Hell, my Outlook won't even let those attachments through to begin with. "BUT IT'S A WINDOWS VIRUS!!1"