Slashdot Mirror
MyDoom Windows Worm DDoSing SCO
We mentioned the myDoom Worm just a few hours ago, but more information is available now, mainly that its ultimate goal is apparently to DDoS SCO. You can see some more detail at NetCraft. Obviously SCO has a lot of enemies out there right now, but it's always sad to watch someone stoop to this level.
Quick, disable your AV software, and get some Windows boxes on the internet!
Given their history of underhanded dealings this wouldn't surprise me one bit. This attack only helps SCO. They get sympathy. What do the worm writers get?
Nothing.
Is this truly the only Earth I can live on?
Maybe theyll change their domain name like M$ did to bastards.sco.com instead of sco.com/bastards
Obviously SCO has a lot of enemies out there right now, but it's always sad to watch someone stoop to this level.
no it's not!!!!!
This may not be the most appropriate way to attack SCO, but after all the FUD they have released and the actions they have taken it puts a smile on my face to see something like this come about. I hope their server gets toasted. Bring on the worms!
those people who think they know everything are a great annoyance to those of us who do. -isaac asimov
SCO ought to start getting hit hard today as office workers and the like start checking their email today starting around 9 Eastern, and running the virus. It'll be interesting to see what SCO's reaction will be. Almost like the calm before the storm ;-)
Oh please infect me! PLEASE!! INFECT ME!!!
I want to get infected.
Fuck SCO.
Lol
Seriously, its is a shame, it will only fuel Darl's paranoia.
*--BigMan--- Time flies like an arrow.. but personally I prefer a nice glass of wine!
I thought the worm was set to start the DDOS on February 1. So why is SCO showing a DDOS right now?
Was the February 1 thing made up? I've not yet received the virus in my email so I can't check the code for myself.
Or (I consider this more plausible) has SCO taken their own site down with the intention of blaming the "Linux terrorists", but they stupidly took it down 3 days too early.
Is SCO finally dying? Will the two stories a day torture end in silent dismissal?
ok guys, whoever created the worm went about it all wrong...what we really need is to just subscribe every e-mail address at SCO to every pr0n newsletter known to man.
I know that would piss me off more than any virus.
Those who trade in their freedom for security, deserve neither.
Seems like this is Linux's ultimate weapon of mass destruction because:
1. The virus makes M$ operating systems look bad.
2. The DDoS attack goes after every Linux lover's most hated target, SCO.
But I do feel sorry for the people forced to used Windows by PHBs or who are novice users that don't know better than to run e-mailed executables.
Two wrongs don't make a right, but three lefts do.
Within a week, Darl will be equating Linux developers with virus writers - "both are called hackers and both hate me" he'll say and some 'respectable' journalists will report it as true.
1000s Warcraft Gold while you sleep
s/is/eir
Flourescent (adj): smelling like ground wheat.
FFS, if you know that a worm forges the sender address, DON'T send bounces to that address. Worms are relatively easy to filter, but the crap from the virus-scanners comes in seemingly endless variations. Some even have the nerve to advertise their anti-virus solution, followed by a copy of the worm-mail, binary attachment included. Yeah right, moron, you just sent a copy of the worm to me and you expect me to buy your anti-virus product???
It's too early to call this one. Relax and pass the popcorn.
One line blog. I hear that they're called Twitters now.
is actually, nice to have SCO.com messsed around. just because they will be forced to use LINUX/APACHE to survive the attack... i guess SCO stock will fall, again just because will be needing to hire akamai server just like microsoft did. linux to save their enemies. ironic
Putting a windows cd backwards, plays evil messages, but it gets worse, putting it right, installs windows.
...millions of people checking sco.com to see if it's still up? or...
...computers with clocks that aren't set correctly? or...
...the virus analysts misinterpreting the taskmon.exe when they decompiled it?
Yes, I imagine that's why CmdrTaco said
We mentioned the myDoom Worm just a few hours ago,
No?
*--BigMan--- Time flies like an arrow.. but personally I prefer a nice glass of wine!
This is very similar to the SETI@Home project. I'd like to try it out and run it for a while. How and where do I sign up?
Maybe this is all just a big conspiricy by SCO to make the open-source community seem like a bunch of immature wotsits? I mean, think of all the positive sco publicity they could milk out of this, not to mention maybe using it in the courts? Trying to associate the open-source community with the scum that writes virus' and worms etc.
.
I'll put my tin-foil hat on now I think.
Chris
Scripture says that you will reap the fruit that you sow. SCO has pissed in so many pools that I don't think I'm capable of feeling sorry for them any more. Yes, a DDOS is probably illegal, but how many of SCO's recent actions have skirted the bounds of illegality also? They've leveled dozens of accusations at Fortune 500 companies without producing a single shred of evidence to back them up. The Linux community may not have the billions of dollars and huge legal team that Microsoft has, but that does not mean that we are a force to be taken likely. I suspect that SCO is slowly starting to figure this out.
If you really wanted to DoS SCO, why not just use the Slashdot Effect, like this: litigous bastards
I am officially gone from
the DOS isn't supposed to start until Feb 1. Maybe this is related to some sort of network "hardening" in preparation. More info
Netcraft confirms: SCO's servers are dying ;)
It is possible SCO may have written this virus. After all, a virus writer who truly hates SCO would have written a virus that identifies and disables/attacks SCO boxes on the net so that way companies would be afraid of going with SCO (causing a real impact on SCO financially).
A virus that targets the sco.com domain only gets them sympathy.
This is going to be a serious blow to the moral credibility of the OSS community, not just Linux users.
We seriously need some sort of petition stating we do not support Linux or OSS, but not underhanded tactes like DDOSing and viruses.
tasks(723) drafts(105) languages(484) examples(29106)
Here is the origional story on slashdot:
There is a new virus out by the name of Novarg which can infect all Windows versions from 95 to XP. It has two interesting features - first, in addition to mass mailing, it also distributes itself via the P2P network Kazaa. Second, it can perform a denial-of-service against www.sco.com. Details at Symantec and F-Secure, although neither seems to have finished their analysis." Other readers have sent in links to coverage at CNET and Security Response, and Russ Nelson provides a sample message.
So tell me again, what new information did we learn between now and then. Looks like slashdot just loves SCO stories to me, even if they are repeats.
--
In London? Need a Physics Tutor?
American Weblog in London
Even the windows noobs are owning SCO now.
I hate SCO as much as the next guy, but doing a DoS attack on them is not the answer. Sure, they are a bunch of low-life scumbags that want to lock up everything, and have a chunk of the profit, but doing massively illegal acts like this make the whole OSS and free software communities look like a bunch of script kiddies. This makes it very hard for us to take the moral high-ground here when it looks like we are doing this crap.
Mewyn Dy'ner
Yes, I know, Godwyn will turn around in his grave, but it needed to be said!
Seems like it's about time SCO came up with a new business model. Here's my suggestion:
FROM: Mr. Darl McBride
Santa Cruz Organisation
Lindon, Utah
Dear Sir:
I have been requested by the Santa Cruz Organisation to contact you for assistance in resolving a matter. The Santa Cruz Organisation has recently concluded a large number of dubious security trades. These pump-and-dump operations have immediately produced moneys equalling US$75,000,000. The Santa Cruz Organisation is desirous of setting up business in other parts of the world, however, because of certain regulations of the U.S. Government, it is unable to move these funds to another region.
Your assistance is requested as a non-U.S. citizen to assist the Santa Cruz Organisation in moving these funds out of the U.S. If the funds can be transferred to your name, in your Swedish account, then you can forward the funds as directed by the Santa Cruz Organisation. In exchange for your accomodating services, the Santa Cruz Organisation would agree to allow you to retain 10%, or US$7.5 million of this amount.
However, to be a legitimate transferee of these moneys according to U.S. law, you must hold at least one license for Santa Cruz Organisation Intellectual Property, which are available at a cost of US$699.
If it will be possible for you to assist us, we would be most grateful. We suggest that you meet with us in person in Lindon, and that during your visit I introduce you to the representatives of the Santa Cruz Organisation.
Please call me at your earliest convenience. Time is of the essence in this matter; very quickly the U.S. Government will realize that the Federal Reserve is maintaining this amount on deposit, and attempt to levy certain depository taxes on it.
Yours truly, etc.
Darl McBride
These sigs are more interesting tha
Where can I download the virus?
I'll do everything to bug sco.
M
Certainly a story about a DDOS of SCO deserves a link.
Obviously there isn't a "linux guy" behind this, at least not anyone marginally into the open source/free software philosophy.
Also, I don't believe in conspiracy theories. You know what I mean.
Lately, we've seen worms released by spammers in order to increase their zombie hordes. This worm sets up a backdoor, I think spreading spam is the main reason it's been set loose. The punch at SCO is probably just to draw attention from this, and to annoy antispammers running linux (most do).
xkcd is not in the sudoers file. This incident will be reported.
On the bottom of the netcraft report you can see an OS history of www.sco.com - apparently they switched from SCO UNIX to Linux in August 2002...
SCO's Information Ministry can just point to this and claim more evil Linux users are trying to destroy the software business, etc.
We're right, and we know it. No self-respecting geek would stoop to participating in a DDOS in general, not to mention one against someone/something we consider to be morally bankrupt. We know that we can only claim the moral high road only if we actually stick to the high road... right?
It would be really interesting to find out if it's just some kids behind it, who aren't aware of the difference between right and wrong, or whether it's an entity who has a vested interest in making us look bad...
Get off my launchpad!
No worm is a good worm, even if it does happen to also attack the (other) company we all love to hate.
OK, basically all the replies will be: 1) SCO should die! I want the virus! or 2) Viruses are bad! and illeagal! I guess the article is informative if any WINDOWS user on /. is dumb enough to open an executable attachment, but as far as "news for nerds" is concerned, this seems just like another unessecary SCO story.
Now, with a proper sed'ing
Trolling using another account since 2005.
I'd like to know how worried I should be about Windows machines with Thunderbird installed.
This may be the last straw. I've been thinking about moving all 3-4 of my work machines (p200) to Beos with Fire/Thunderbird and Gobe Productive - I'm tired of the viruses, and I'm tired of maintaining Windows.
I'm just a Windows user and I don't get the joke. Can somebody please explain it to me?
This virus was probably written by some dingbat who KNOWS what kind of harm it will cause to the Free Software community.
:)
Yeah, I know it's far fetched, and probably untrue, but some people need to grow up and realize that the only useful weapons against SCO are FACTS.
Either that or a big budget with which to purchase them... but their IP is so worthless, who would buy them?
That's pretty funny: If SCO claims this virus contain portions of their code -- they could sue the pants off everyone who has the virus on their machines. Imagine milions and millions of people who have illegally obtained their property on to their machines... They could make riches off of this!
What's so bad about being lazy? What if there was a war and nobody showed up?
I think the real purpose of this worm is to enable spammers to work more comfortably and safely. The attack at SCO conveniently distracts attention from this, and on to the spam-hating linux community.
xkcd is not in the sudoers file. This incident will be reported.
The people who read these AV stories do not represent the "average" user who is more inclined to fall for the worm's social engineering. Nor would they be opening the "63 connections per second" to sco.com being touted by the AV vendors for that matter. I suspect that blip is going to pale into insignificance compared to the amount of traffic they are going to get come February. It's a fair bet that SCO will be denouncing the "Linux hackers" as being the culprits in numerous press releases as well, they may be right on that, they may not, but it's sure as hell going to get them a lot of sympathy.
This isn't going to help OSS's case at all, and the only saving grace is the February 12th cut off. Then again, I've yet to see anything about what happens to the port the worm listens on come the deactivation date, or what instructions that port might accept.
UNIX? They're not even circumcised! Savages!
As there is not much to say about the story itself (except it will probably fuel Darl's belief that the whole wroled is out to get him -- when vice versa may be true), I thought I'd say how childish most of the other (go-get-SCO) responses are -- probably not surprising as most sensible peeps have got bored of SCO, and everything there is to say on this story is in the article -- not that that has ever stopped /.ers before.
Whoever is responsible for the worm is a very pathetic individual (whether they thought it would help or hinder SCO and whether they are from SCO, IBM, Novell, RedHat, the OSS/free-software movement or are totally unconnected); they are just trying to stir up trouble in something that should be solved through discussion (or -- if need be -- lawsuits) not this sort of immoral behaviour.
Joe Llywelyn Griffith Blakesley
[This post is in the public domain (copyright-free) unless otherwise stated]
The hammering of SCO doesn't start until Feb 1 though. Supposed to be Feb 1-12.
I received three of these yesterday, and it's been ages since I received anything with a virus. Must be massive.
Campaign finance reform is national security.
MyDoom Windows Worm DDoSing SCO
But it's not DDOSing now. The attack is set to begin February 1st and end on the 12th.
The virus affects computers running Windows versions 95, 98, ME, NT, 2000 and XP.... The virus also copies itself to the Kazaa download directory on PCs, on which the file-sharing program is loaded.
I'm thinking, wow, whoever wrote this covered all the bases. He/She even got the Kazaa people.
Anyway, why don't ISPs, just for the time being, ban connections to SCO.com? It's not like it's a huge Internet portal or anything, and us geeks who actually need access to the site can just set up a mirror or something.
Note that the DDoS attack is timed to be performed between 1st and 12th Feb, 2004.
Free XBox, PS2
Well, since SCO seems to prefer a world full of Windows, why else whould they try to destroy Linux, they are given a sneak peek of what it whould bring them. This will cause them to give MS back all the money they got from them, because they are enabling terrorist actions against them. It is a Windows virus after all. They will find out how wrong they were. They will convert and tomorrow we will seem Darl hugging Linus and all will be well again.
Maybe...
Or (I consider this more plausible) has SCO taken their own site down with the intention of blaming the "Linux terrorists", but they stupidly took it down 3 days too early.
Not that I don't think your idea is a serious possibility, but SCO is probably being slashdotted by all the people who want to see if it is down.
Tinfoil Hat idea #3: Since this is being spread by Kazaa, perhaps the RIAA is trying to scare file traders off of the Kazaa networks but ensure the virus is blamed on someone else. SCO haters are a dime a dozen.
Enough for now, I've got to finished rereading Catcher in the Rye.
Please tell me I'm missing a whole load; most of the strings found in the binary are readable after de-UPX-ing, then ROT13ing. About half are ROT13d, half aren't.
Ah well, I'm probably totally wrong, but it just sounds odd.
They deserve to have their claims refuted in a court of law, and hopefully they will have to pay damages, court costs, and issue full and public apologies, before going bankrupt. If it can be proved that they deliberately lied in these claims, they also deserve criminal charges brought against them.
Vigilanteeism, however, is just malice operating under false pretenses.
Welcome to my foes list.
Get off my launchpad!
And do I deserve to get all these fsckin virus mails (and bounced virus mails) sent to me and the mailing lists I administer? Virus writers suck.
Donate free food here
There is really no point to write a worm to attack SCO. It simply makes the OSS community as a whole look bad, because the only time you will ever hear the name SCO mentioned in IT, besides "isn't that dead", is about the Linux issue. This only makes us as a whole look like bad. If we wanted to send a clear message to SCO, something like a web site "sit in" would be better. Imagine, every slashdot ueser on a web site holding down F5 to show SCO that there is alot of us that think they should just give up. How long do you guys think they would stay up?
You only live once, so you might as well have fun before you die.
So their hipocracy has repeatedly been pointed out in their claims of the GPL being an illegal economy killer while they use Samba3. But I'd never noticed it being pointed out that they're using Apache (not GPL, granted, but still an open source license nonetheless) for their web server, and as recently as December 12 (according to the Netcraft link in the story) have been running it on Linux. I know I shouldn't be surprised, but c'mon ...
Anyone antisocial and misdirected enough to spend effort writing software that does damage cannot have enough of a sense of wrong and right to give a damn about the SCO case.
This is someone who just wants to feel important and who thinks that by DDoS'ing SCO everyone will call him a hero.
Well, you stupid ignorant bastard, if you're reading this, and you probably are since you expect that the Slashdot hordes will applaud your bravery in damaging thousands of people's computers, NO ONE ADMIRES YOU. We spit on you, you're the bastard offspring of a lemming and a hamster and your mother had a beard!
With enemies like this SCO hardly needs friends. Anyone who wants to see SCO suffer for the wrongs they have done should unequivocally condemn such acts of terrorism. SCO will be broken by the weight of justice and right, not by mindless thugware.
Ceci n'est pas une signature
when the difference between real human beings and pirates is so plainly illustrated, where real human beings take their opressors to court, and pirates initiate violent action against those they dislike.
"Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves
Normally this would worry me but since Darl and his gang are the lowest of the low I don't give a damn. Work hard to become the most hated company in the industry and this sort of thing happens.
Tough shit !!
Ed Almos
The more corrupt the state, the more numerous the laws. - Tacitus, 56-120 A.D.
The majority of Linux installations are as servers. No one can equate Linux with virus-writers, without risking their credibility.
In fact the case could be made that virus-writers are expert Winduhs developers...
Campaign finance reform is national security.
"... we do not support Linux or OSS ..." ???
I doubt that this will have any inpact on Linux or OSS. It might help SOC's FUD if anyone believed anything they say, but that day is long gone.
I guess its time for me to get that windows machine back up and running...
hmm on second thought, thousands of windows computers at work and just as many ignorant email users...
As the article said, I hate to see anyone stoop this low, but SCO had it coming. You can anger windows users, because they don't know any better, but Linux users? Well we fight back!
"why don't you just slip into something more comfortable...like a coma!"
'nuf said
I don't like virii of any kind. However It seems rather poetic to me that M$ used SCO to try and take down Linux and now some Linux folks are using M$ to try and take down SCO.
Or something like that:^)
My old sig was REALLY stoopid.
Did anyone notice that as recently Dec. 12, 2003 their web server was identifying itself as a Linux based system. Lucky for them it's their own IP in the Linux kernel.
Think about it - what were the negative effects for SCO of any prior DDoS (if that's what they were in truth)? Site was down a couple days?
No big deal to them, they don't sell anything from it anyway, and the only frequent visitors to their site are the ones who are data-mining there in order to find documentation that shows SCO for the two-faced lying bastards that they are. They suffered little from any prior DDoS, except maybe some OT pay for their IT staff.
What did they get from the priors? HUGE amounts of free publicity (which, to SCO, is like crack), some infighting in the geek community about who did what and why, and a boost to their "public image" that makes them look like Upstanding Citizens (tm). They LOVED it!
So why not hire some grubby black hat script kiddie to do a little fixing for them? What's it gonna hurt? The guy won't incriminate himself (remember ms's new stance to get tough, along with the DoJ?), and he got paid enough that bragging isn't necessary.
The money and a little fear of prosecution, both Federal and "corporate" (who knows what level Darlsontag would stoop to to keep up the facade) will keep SCO's complicity safe, and they get a free ride on the media, while using the bully pulpit to defame Linux users, the same ones that they are lying to and about, and attempting to steal from.
Apparently Slashdot isn't the only place karma accumulates.
Sheesh, evil *and* a jerk. -- Jade
Sometimes lie for self protection. They probably got some IIS servers with the licensing money Microsoft gave them.
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon
Yes, but it even mentions the SCO DDoS in that article. Here's the text of it (emphasis added):
There is a new virus out by the name of Novarg which can infect all Windows versions from 95 to XP. It has two interesting features - first, in addition to mass mailing, it also distributes itself via the P2P network Kazaa. Second, it can perform a denial-of-service against www.sco.com.
ripped straight from www.sophos.com:
W32/MyDoom-A also drops a file named shimgapi.dll, which is a backdoor program loaded by the worm. The backdoor allows outsiders to connect to TCP port 3127 on your computer.
Yup
Campaign finance reform is national security.
And yes, it would be just as sad if the target were Microsoft.
Here is an analogy: which would you rather see
a good, clean campaign among candidates?
a down+dirty mudslinging childish campaign?
The childish campaigns just make the participants look like petulant immaturati*. As posted elsewhere in this thread, it is conceivable that SCO will try to lump the virus/worm writers in with those mean old open-source communists that stole all of SCO's hard work. (Their [potential] point of view - not mine.) If open-source folks want to be taken seriously in the business world, cheering on these stunts is not the way to go.
* Immaturati = immature people. I drew a blank on a suitable equivalent and just made one up.
I want to drag this out as long as possible. Bring me my protractor.
Obviously SCO has a lot of enemies out there right now, but it's always sad to watch someone stoop to this level.
No it's not.
I'd rather someone exploit these security problems in Outlook now, and hopefully force people to do something about it before someone tries something more serious than DDoS'ing a less than honest company's website.
"I have never let my schooling interfere with my education." - Mark Twain
Obviously SCO has a lot of enemies out there right now, but it's always sad to watch someone stoop to this level.
....or just a script kiddies who didnt grow up?
I don't buy that. Let's stop that hipocrisy, of course everybody is pissed by SCO and I think it's very human to say cool someone pays back those unfair pirates of Captain Darl Doom. Don't you say... fire back all cannons and defend our free sofwtare harbour from those bunch of attacking babarians, prolly send Jonney Depp after him as an anti pirate in the fight against liars and lawyers! Well, what is the weapon of a coder, it's code! I known revenge sux (because IMHO it is not productive, wastes energy used for creating something), however selfdefense in an running attack is fine. the question is how far is an DOS against SCO an counter attack for self defense
It's hard to judge for me. But I would lie, if I say it didn't gave me smile when I read about it last night before logging out for a sleep.
Evil minion #1: We're going to take down our servers on February the 1st and claim it was because of a worm DDoSing us, written by Linux Terrorists.
;)
Evil minion #2: Excellent, we go live in 3 days!
Evil minion #3: Hmmm, February, that does ring a bell for some reason. Wait, isn't February that odd month with only 28 days?
Evil minion #1: Yes it is! But wait, does that mean, if we're going live in 3 days...
Evil minion #2: And February has 28 days...
All evil minions: Then we have to take the servers down immediately!!
A quick phone call and some screams later, a puzzled-looking engineer is unplugging network cables frantically.
The best is yet to come, wait for part two when they put their servers back online after realizing January has 31 days, not 30, and have acted one day too early
---- Take the Space Quiz!
but it's always sad to watch someone stoop to this level
No, no its not. This is just lowering enough to SCO's level to compete.
AND Darl keeps on diggin.
This is my sig. There are many like it, but this one is mine.
Don't you find suspicious that virii always try to DDoS websites like sco.com, whitehouse.gov or microsoft.com ?
If you want to write a virus that will survive, won't you target antivirus company, like symantec.com, mcafee.com or pandasoftware.com ?
As if Sco.com IS down. I cant get to it anyhow. And getting all those damn e-mails is annoying, who in their right mind is dumb enough to open an e-mail because of a message like this: The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment. Please...
No, welcome to my foes list. :-p
their web server [...] as recently as December 12 [...has] been running [...] on Linux.
From their standpoint (assuming they believe their own BS, that is), Linux belongs to them. It's their IP, so running it wouldn't be hypocritical in the slightest.
As for Samba and Apache though, you're right on the money as far as I can see.
These sigs are more interesting tha
Piss off. "Not physically hurting anyone?"
How about all the bandwidth wasted? How about the open proxy it installs on the victim's machine?
It's really aggravating to be lumped in with the digital equivalent of graffiti artists. While they have their little fun and games, the rest of us have to deal with both the cleanup and the eyesore.
Fuckwits.
s/is/eir
It is a regex statement. Essentially, the string typically instructs a language interpreter (PERL, for instance) to search for a pattern and subsequently replace it.
In this case, it is replacing any instances of "is" with "eir"; thus, the following alteration is committed:
Before: but it's always sad to watch someone stoop to this level
After: but it's always sad to watch someone stoop to their level
Do you like German cars?
sco isn't physically hurting anyone either...
> Seems like this is Linux's ultimate weapon of mass destruction because:
> 1. The virus makes M$ operating systems look bad.
Wrong - MS gets hit by so many viruses that this does nothing more to damage MS's poor security reputation. [Taking a sledge hammer to a car after it's been totaled in a wreck really doesn't devalue it any more.] (Not to mention, this relies more on a user impulse flaw more than a Microsoft flaw--"please run this program" - "OK, I don't know what it does but why the heck not".) > 2. The DDoS attack goes after every Linux lover's most hated target, SCO.
Attacking SCO in this manor only hurts Linux. It leads people to think of Linux supporters as evil(TM) hackers out to destroy. The public at large will tend to associate Linux users with the viruses that have infected their system or caused them damage.
MS & SCO can hang themselves well enough on their own. Just let Darl keep on talking. And just let MS shove licensing agreements down our throats.
Obviously SCO has a lot of enemies out there right now, but it's always sad to watch someone stoop to this level.
Yes, it makes me very sad. Can someone hand me a hanky? I think I need some alone time to cry about this.
You think Darl's worried about his credibility?
Where's the code, McBride?
has anyone figured out how to run it under vmware or wine? one could easily run multiple virtual "Windows" sessions on a single box, load the virus, and hey presto - goodbye SCO.
As we all know one of SCO's claims about the evil of open systems is their insecurity. (Besides being anti-capitalism and obviously unamerican) No doubt this little attack shall persuade them from their erroneous stance and bring happiness and joy to all involved.
Or they'll just claim it was all the fault of the evil and manical Open Source conspiracy that threaten to take over the world and spread it's stolen code like so many terrorists infiltrating the God-fearing populace and bringing hardworking American companies to their knees!
Or maybe we'll all just laugh at them, have a good time and get back to coding (or jump onto the next the comes up on Slashdot) after our 8 minute attention span is exhausted.
I read Slashdot for the
Is this ethical? No.
Do the deserve it? Yes.
Have they been asking for it? Absolutely.
SCO aren't only the bully, they are the bully who has the rules on his side. "The system" is pretty guilty of aiding and supporting their dirty tricks. So it was only a matter of time until someone stepped outside the rules to get even.
Actually, I'm surprised it's just a small DDoS. I'd have more expected that their LAN gets wasted.
Assorted stuff I do sometimes: Lemuria.org
"if you have to become evil to fight evil, why are you fighting it?"
As much as I think that the SCO leeches are slimy forked tongue greedy selfish two-faced hypocrit lying b@stards, I have to say that those folks who are purposefully attacking them are only helping their cause and hurting the perception of the open source community.
Let them kill themselves. The industry is aligned against them, and you can bet they will castrate them before its over.
Is the juice worth the sqeeze?
I never even knew that SCO owned any ships, never mind that one of them had been boarded and plundered by pirates.
Server Error
The following error occurred:
[code=SERVER_RESPONSE_RESET] The server response could not be read because of an error. Contact your system administrator.
Please contact the administrator.
Woo-hoo ! I DoSed the SCO server with only one finger !
In Soviet Russia, our new overlords are belong to all your base.
Here is an analogy: which would you rather see?
a good, clean campaign among candidates
a down+dirty mudslinging childish campaign
The childish campaigns just make the participants look like petulant immaturati*. As posted elsewhere in this thread, it is conceivable that SCO will try to lump the virus/worm writers in with those mean old open-source communists that stole all of SCO's hard work. (Their [potential] point of view - not mine.) If non-mainstream-tech folks want to be taken seriously in the business world, cheering on these stunts is not the way to go.
* Immaturati = immature people. I drew a blank on a suitable equivalent and just made one up.
PS Yes, I promise to lighten up in future.
I want to drag this out as long as possible. Bring me my protractor.
If your not part of the Problem, Then you're not part of the solution.
An end doesn't justify its mean. Having sco.com /.'ed is great, but in order to do that you illegitimately utilize network resources of thousands of PCs. If any of you think this approach to fight against SCO.com, you have problem there.
This kind of activism will not help open source community. After all, through media coverage, modern politics is about image, and general mass out there are influenced by that. What image will this kind of worm attack against SCO have and how is it related to SCO haters? The answer is so clear.
Well, at least SOME type of Doom has been released... (even if it's not D3)
Rock!
I suppose it wouldn't be beneath SCO to start suing IPs that hit its website :)
--------
It's OK to be social, just don't tell anyone about it.
The spammers ARE the virus writers nowadays. http://www.spamhaus.org/news.lasso?article=13
xkcd is not in the sudoers file. This incident will be reported.
Now, I recall, the other day Bill Gates wowed to kill spam and worms, and now this? Looks like he has his work cut out for him there....
This has gotta be the Nth time I've seen reports that a worm has put an executable file into an area of the system that really should have been off-limits to anything not really needing to go there. So what does an E-mail program have to do of meaningful work in the OS code directories? Beats me...
I can offer a hint to Mr. Gates: Rework Windows so that it not only does not require Administrator rights to operate normally, but actually disallows certain operations when being Administrator as well. Such as running browser or e-mail programs.
Make sure no ordinary users can run processes that can write anything at all into the areas not set aside for that user, and the common temporary files area. I suspect there has to be some redesign, but I cannot see how this nonsense can be stopped otherwise.
SIGBUS @ NO-07.308
Expect more associations between digital terrorism and Linux (as a catch-all media term for "free software"). The greatest threats to any revolution are:
I strongly suggest people become more familiar with how government and industry have undermined and perverted various revolutions. Start with COINTELPRO, an FBI campaign of the 1960s and 70s. And then read a bit of the history of the Homestead strike.
From undermining the right to vote (via electronic "voting") to lying about WMDs in Iraq -- do you honestly think such people will ignore the threat posed by free software to the lucrative commercial software industry? SCO's assault on free software may only be the tip of an iceberg...
All about me
Kaspersky says that the infection - also known as Novarg, was written in Russia ;-)
I think that this is a great opportunity for members of the OSS comunity to "put their money where their mouth is" so to say...
I propose that the we work on a patch for this worm and get it out there ASAP, that way only tin foil hat wearing goofballs will believe we are behind this...
"I'll have a Guinness, no wait, make that a Coors Light" -Grad student I work with, who shall remain anonymous...
Is there anywhere I can go to get this virus?
proving once again that linux people are for the most part, pathetic childish immature losers.
I see we meet again...
How do they "deserve" this, exactly? This is a mass-mailing worm propogating through unprotected (as in, the people aren't updating their defs and opening the attachments) machines and opening backdoors that could easily be used later as spam relays.
On top of that, how many machines are going to simulatneously rear to life on the 1st and begin transmitting data requests back and forth between www.sco.com and all the different boxes? What effect will that have on the rest of us? While we're talking about the rest of us, I keep getting e-mail bounces thanks to these goddamn morons that have my e-mail address and keep getting themselves infected. And, no, I can't just not give them my address.
Finally, IBM is perfectly capable of handling SCO. I'd like to recognize you for your gullibility, since you've falling to the SCO Threat-o-matic. In case you haven't figured it out yet, SCO has not, can not, and will not make any credible threats against Linux in general and they haven't followed through on any of the other gum-flapping to date. With a few scatterbrained exceptions, nobody is really taking them seriously anyway. Let IBM deal with IBM's problems and drop your smug facade. The only reason you're so pissed off at SCO is because you don't know what's going on, but you like to sound "cool" by bashing them like a lot of the other Slashdotters here. That's fine, nothing wrong with bashing them, but at least try to stay grounded in reality where the thing is pretty contained to a few clueless media outlets, IBM, SCO, Red Hat, and Novell.
God... do you have an MBA or are you otherwise in management by any chance? I ask, because every time we've ever crossed swords, I've gotten the distinct impression that you're living in your own little world and reality just never comes into your decision-making processes.
Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
So far, since this worm started yesterday afternoon, I have received over a thousand worm emails and erroneous bounce messages (from mail servers who think that just because my address is on the mail that means I sent it).
And I don't even use any Microsoft products.
When is somebody going to file a class-action lawsuit against Microsoft for continuing to fail to address the security holes in Windows? I mean, it's been thirteen years since Michelangelo, and still all it takes for a virus to rape Windows is for a user to double-click on an email attachment.
Duh. They now own it, why shouldn't they switch to it?
My beliefs do not require that you agree with them.
I'm speaking of all of you who are saying SCO deserves it (and only those people). Do I deserve to deal with this virus BS? I have enough trouble dealing with the spam at my company, now I have to deal with this too. Viruses suck, period. Especially this one, which is forging random "from" addresses. It seems to be using #randomfirstname#@domain.extention - so now on top of the dozen or so viruses an hour I'm getting, I'm also getting bounces that I can't filter because the "to" is random. Don't bother telling me to filter out executables, I already do that. As a matter of policy, I'm the one that checks the filtered "junk" to make sure there were no false positives. It's usually about 500 a day, 1200 over the weekend. Also don't bother telling me to bounce undefined addresses. Not an option. Considering how early in the game it is for this virus, the dozen or more an hour I'm getting will probably turn into a lot more. Whoever put this out there is doing far more damage to innocent bystanders than they can ever hope to do to SCO. SCO will hang themselves eventually - the author(s) of this virus is worse than anyone at SCO.
I do agree with those who are suspicious of the motives - I think the SCO attack is just a front to increase the spread. Some morons will undoubtedly put intentionally infected machines out there, which will be more effective as Spammer relays than as drones to attack SCO. Anyone intentionally letting a machine become infected should have the book thrown at them. It amazes me how stupid very intelligent people can be sometimes.
666-607: 6th floor apartment of the beast
Maybe, after reading that it DDOS's sco others have purposefully started DDOSing sco as well?
He's already made the comparison, last time SCO was attacked. His cred is gone already, and in case you didn't notice, he does tend to say ridiculous things that have no basis in reality.
Liberal (adj.): Free from bigotry; open to progress; tolerant of others.
So SCO agrees to fight a proxy war against Open Source/Free Software and comes under the pay of Microsoft.
...
They're going to get what every country that engages in a proxy war gets - their asses kicked, ruined infrastructure, and very little thanks at the end of the day. A few corrupt generals are lining their pockets. It *is* exactly like some little banana republic, isn't it?
Now the natives in the homeland of the paymaster in this war have been subverted and they begin attacking the proxy in this war - excellent move - gives M$ *another* huge black eye on the security front and their puppet state of SCO is on the receiving end.
I don't understand the problem - sure, fiaSCO will try to spin this as something IBM orchestrated, but is anyone listening? They've offended everyone in computing except the natives that live on the beach where Intel collects sand to make their silicon and I'm sure they'll get sued next over some 'fine grained' multitasking copyright SCO fantasizes that they have.
SCO's web server is probably on fire right now. I think it is a moral duty of all slashdot readers to promptly mirror that site with wget so we can help 'em rebuild after the attack dies down. Lets enter the necessary wget command, count three simultaneously, and then press enter
I am very easy to get along with, but I don't have time to waste being nice to people who are being stupid. -Theo
9:41 EST It's working again. :)
As much as people want to enjoy this attack on SCO, I personally don't appreciate finding 30 infected emails in my Inbox.
Symantec say that the DDOS will begin on February 1st.
Looks like SCO have taken their site down too early.
Ahh, good point, that's very true.
I'm just amazed people are still using Windows boxes connected directly to the Internet. How hard is it to download Zonealarm if you're too cheap to buy a router? Most of these people should have their computers taken away from them for their irresponsibility.
Does it matter if SCO's web site goes down? I thought they only communicated using registered mail from lawyers these days, anyway.
Thief (targeting a pistol): Money, quickly!
Real Human Being (With a disarming smile): Mr Thief, Would you like to visit a court with me in order to resolve our conflict? I just happen to have some megabucks to spend for our litigation!
what linux user knows enough about windows to write such a virus anyway?
seriously though, people should not jump to conclusions about who wrote this. There are a lot of people who oppose linux who might think they could benefit from writing such a virus.
hahahahah...yessssssssssssssss.die sco die....................heheheheheheh
And to add to the irony, they used a closed source web server (Netscape-FastTrack/2.01) back when they were on a "Caldera, Inc." owned netblock, and didn't actually switch to Apache until August of 2002. When did their litigation begin, again? It was early 2003, right? They started using other people's open source projects right before declaring open source the bane of the free market?
They are either The SCO Group, Inc., or Caldera Systems, Inc. The Santa Cruz Operation renamed itself to Tarantella, Inc. after selling whatever it sold to Caldera. The whole oldSCO / newSCO mishmash is one of Darl & Co's favorite bits of misinformation, so PLEASE keep them straight, even when being satirical!!!
Save Maine's economy: write stuff down. All comments are exclusively my own, not my employer.
To all the people adding comments saying it's not the DDoS as it's not timed to start until February 1st...
Is your VCR clock time set right? Your Microwave? Your PC?
Yours might be. Is your mothers, fathers, brothers, grannies? Say 2% of the infected computers have their clocks set wrong. How much is the total number of infected PCs? How much is 2% of that?
Lots of questions, but I'd suggest that misset clocks could be causing the effects to be seen early, on a much smaller scale.
Yeah. Right. But it doesn't make it any less enjoyable. Schadenfreud is what they call it, I believe. The $699 Fee Troll can suck my mancrank. We gloat over your obvious penis envy.
for stockpiling WMD (weapons of mass destruction)...oops wrong thread... ;)
Without probe of who it was that can be construed as libel, or whatever it is called in the US.
If SCO is attacked they should pursue this with the appropriate authorities. I hope the perpetrator is caught, brought to justice and fairly punished.
The OSS community should be completely unambigous about this matter, illegal means have never been supported or encouraged in order to promote the aims of OSS, not only because it is immoral but also completely unnecessary and childish.
I am appalled that the response of many around here is "SCO deserves it". No dear slashbots, nobody deserves that their resources are abussed in this manner, not even SCO. I am behind them in any action they wish to pursue against the perpetrators, but equally I hope (perhaps in vain) that they will not do false claims without the knowledge of whom and why did this.
I am also peeved that people here are not unambigious about the condemnation of this DOS attack. This is not only illegal and immoral but also counter productive and it would be nice to see complete and unambigous condemnation of these tactics.
Do you want to show OSS tactics and aims are reasonable and beneficial? A wonderfule way would be for true hackers organizing themselves and try to identify, shame and denounce the perpetrators of this (or any other) charade.
Only because people have remained silent and unwilling to help the Internet, bit by bit, little by litte, is being taken away from us, but alas, we have not protected it as it deserves.
IANAL but write like a drunk one.
... while the virus does its part.
1.) Virus DDoS'es www.sco.com
2.) Set default homepage to www.sco.com in Firebird.
3.) Tabbed browsing to default homepage as set above.
4.) ??? (something magical happens here)
5.) Slashdotted!
It would seem that the real goal is to show how many people are stupid enough to still click on attachments when they have no idea what the fuck they are.
Eaaasy, big fella. All three of the virus emails I got yesterday had attachments named body.zip and test.zip. (to smuggle through corporate firewalls) Inside these were a single file, like body.txt-----------------.scr or document.html-----------------.scr (instead of -'s, spaces, and lots of them), so it looks like a harmless file to non-experts. We've always told them to not click on executable attachments.
Campaign finance reform is national security.
And to him ( or her ), that is all that matters.
Plus he gets his kicks out of all the press his little 'toy' is getting...
The damage that is being done ( in lost resources, not actual physical damage ) and the lost dollars dont effect him... its just the 'cool' factor among his buddies.
---- Booth was a patriot ----
The graphs that are linked to in the /. story simply illustrate that SCO's shxt keeps on crashing - which is not really suprising after Darl had to fire the network admin to feed his Lawyer habit.
Good security is based upon reality and common sense. Common sense is a function of having common knowledge.
We do all hate him.
Lets all take a look at what Netcraft has to say about SCO's hosting setup today...
/me places tounge in cheek
Hmmm... looks like they switched operating systems on January 27, 2004. Notice the table at the bottom of the page. They used to be running Apache on a Linux kernel up until today. Now it is Apache on 'unknown'. Perhaps that explains the downtime.
They might be switching from GNU/Linux systems to something a little bit more suited to enterprise environments.
emacs: meta-f meta-f meta-f meta-f meta-f meta-f meta-f meta-f meta-f meta-f meta-f meta-f eir
vi: w w w w w w w w w w w l l c w eir
notepad:cntrl-<right arrow> cntrl-<right arrow> cntrl-<right arrow> cntrl-<right arrow> cntrl-<right arrow> cntrl-<right arrow> cntrl-<right arrow> cntrl-<right arrow> cntrl-<right arrow> cntrl-<right arrow> <backspace> <backspace> <backspace> eir
If that's too hard, use mouse to highlight "ir" and type eir.
They'd get alot less mileage from martyrdom, than they'd lose for the embarassment of being down.
This is complicated though, by the fact that they actually run Linux, LOL.
Campaign finance reform is national security.
Doing DDoS on SCO just makes people feel sorry for them. They do not deserve that.
Besides SCO doesn't need the internet as they hardly can expect to have any real customers left.
Nowdays their business model is based purely on litegation. To my knowledge lawsuits are delivered by hand, so a DDoS would not disturb their business at all.
God is REAL! Unless explicitly declared INTEGER
i think sco released this virus themselves.it does seem a little funny
Maybe they paid themselves the $699 to use a linux web server, then proclaimed themselves as a customer?
There is no reasonable defense against an idiot with an agenda
:wq
No it's not. I thoroughly enjoy it.
[Darl] You see the stock yesterday? Kept going down. And hard. I even heard the analysts are onto our scam.
[Bob] Yup. It's getting just plain impossible to dump this stock anymore. What do we do? We got hammered on that 'dog ate our homework' line on our court filing last week. What do you think David? You guys did a bang up job making it look like Gore won Florida when there was no way a recount would ever show that. Hell, half the country still believes that 'selected, not elected' crap.
[Boies] Well I always say, play offense, not defense. We need to get the public back on our side. Control the spin. You know, make us out to be the victim again. It plays into these schmucks capability for pity.
[Darl] I got it! What if we were being attacked by evil hackers again? (laughs)
[Boies] Bingo. What can your geeks whip up quick, Darl?
[Darl] Well they sure ain't coding operating systems and their time spent looking for code violations in Linux has been a big waste. Maybe we could put them on making some sort of johnson or trojan or something that attacks our Internet connection. Bench, you think that'd help our numbers?
[Bob] Might. What'da say Dave?
[Boies] Hell, it'd be perfect! I'd bet it'd not only turn the PR our way, but I could put that half-assed son of Hatch's to business suing Internet service providers for causing our business damage. And if we totally bomb in court with this asshole judge, we'll just claim the whole company imploded cause of the Internet hacks and sue the pants off of every provider.
[Darl] Love it! Hey, let's call it some prophetic name like SCO doom or our doom like those bozos at the church are always yacking about end of world crap. Should get them riled up too. And hey, it might just be true for SCO! To the bank, buddies!
I dont think so. If neither government, police nor anyone else can "officially" end a threat to the freedom, property and (mental) health of humans, it is necessary to help yourself and fellow citizens. This is by no means differend than a neighbourhood watch or vigilante action anywhere in the real world.
Mod me down if you like, but my stance is, that peaceful protest only brings you so far, but not everywhere. The time of diplomacy and fair discussion with SCO is over. They did not show any interest in a peaceful solution, in a fair settlement nor in anything else that may be a sign of peace. They kept pushing harder and harder, lobbied Congress, used every dirty trick on the book and lied and manipulated wherever they could. These people will not react to friendly protest or legal action. I frankly don't see a better solution and I'm pretty sure, no one would be surprised if a certain SCO officer would have a terrible accident or is sniped away during his lunch break.
DDOSing SCO's web site only prevents the general public and groklaw.net from access to their ongoing press releases and Darl's bio -- I mean -- does www.sco.com get traffic for any /other/ reason? People checking for Openserver upgrades and enhancements?? The latest download of Skunkware?? A fresh copy of the $699. Linux Licensing form???
With all of the debate the other day over SPEWS, anyone care to talk about what reaction SPEWS will have to those infected with this virus?
Isn't that why Seinfeld went to jail for?
The site came right up for me.
It's not like they have any customers left. Who would be going to their site anymore?
It may you feel better, but it allows SCO to accumulate another martyrdom "point" that they most certainly whine about during the real battle to come.
You are helping SCO's cause, fool.
Businessweek on SCO
Who would stand to lose the most if Linux were to gain a ubiquitous foothold? Probably not Microsoft. Think about it, there's lots and lots of money at stake in unbridled spam.
...
Plan:
1. Infect willing relays.
2. Divert everyone's attention to poor SCO.
3.
4. Profit
Err... 4. Spam the Universe while Linux is derided for being "that hacker software".
Widespread Linux would make the world a harder place for spammers to live. By making Linux look bad, spammers win.
Only a moron would rate something like this overrated :)
Fuck slashdot moron mods!
and I don't agree with it!
Whenever it looks like legal recourses are not serving the cause of justice, then poeple will get frustrated and try to create their own justice.
This case has dragged on far too long with no muzzle being applied to Darl and Co. I mean, come on, it took Germany a matter of weeks to shut SCO up in a completely legal manner. This has dragged on in America for far too long with no end in sight.
In the last round of this legal battle, they were ordered by the courts to produce evidence of SCO code in Linux. Their response: "We need evidence from IBM to prove our case." Why in the hell doesn't the judge just throw this out? SCO admitted that they have no proof of their own and that they are counting on IBM to provide evidence of IBM's own guilt!
This whole thing is a mockery of justice and a condemnation of the US legal system. No wonder people are resorting to vigilantism!
It would be, because, as much as anyone can understand McBride (of what-is-he-smoking fame), my understanding is that he only claims that part of Linux is his (and definitely only part of GNU), therefore his company is using GPLed software (that they think is evil) (includig the stuff they claim contains their EIER aka IP) and probably distributing it under the GPL terms.
Joe Llywelyn Griffith Blakesley
[This post is in the public domain (copyright-free) unless otherwise stated]
A better DDOS would be a smtp based attack. If you flooded your enemy's MXers it would hurt them more than taking out their web site.
-- Bird in the Bush: The Renewable Energy Blog http://www.birdinthebush.org
No love lost here for SCO but I am absolutly and completely against the idea that a DDOS attack is a good thing. The open source community will be blamed for this and it would seem to me that a concerted effort by the resources in the "open source community' could actually find out who is responsible. Besides...you don't want to keep them from receiving hate mail...you want to keep them from spewing FUD....in the days of CB radio...we would have "pinned" their coax :)
The one good worm ;)
This is a test. This is a test of the emergency sig system. This has been only a test.
I don't buy that. Vigilanteeism[sic] is taking the law into ones' own hands. Malice is not a prerequisite for such a thing, and sometimes, vigilanteism is the only avenue of justice.
Sometimes the law is wrong, sometimes the law fails, and sometimes there is a lack of law. In those cases, vigilanteism is often an acceptable avenue of justice. The Internet was once, and sometimes still is, a modern place where lawlessness runs rampant, and many a system administrator has handed down his own rule of law, ie. engaged in vigilanteism.
However, you are most certainly correct that in this case, the law must be given time to sort things out; doing otherwise right now only damages "our" reputation. It is possible, however remote, that the law may fail us. If it does, would certain acts of vigilanteism be acceptable? I certainly believe so, but not the sort that this discussion is about(ie. not email worms and the like).
So, while I agree that the OP was justifying an excersie in delinquency, perhaps his heart is not in the wrong place, and I wouldn't be so quick to judge him too harshly.
Cheers.
Sticking feathers up your butt does not make you a chicken - Tyler Durden
I got a copy of this virus before I left for work this morning, saw the mail and thought "ok, I don't know them and it's got an attachment, it's a virus", opened up the zip for a look though and saw the payload.
"Fair enough, a new virus, I gotta go to work."
Flash forward 7 hours to now and I can't *believe* what a great opportunity this virus has afforded me and no doubt countless others reading.
The mailbox it was delivered to was a spamtrap, chances are spamtraps all over the world are being sent the real, legitimate IP addresses of spammers dumb enough to click malicious attachments.
Viruses are bad, DoSing SCO is bad, but god damn, all this time we've been bitching and moaning about viruses when we could have been using them on spamtrap addresses to track down spammers to their *own* internet connection.
One thing is for sure, it probably WILL easily have a buffer overflow error in it to make sure NEW code can be uploaded and place anything on their or a massive super worm that would DDoS everything in site. Who knows. This could be a Commy attack ;)
Or it could be the doing of the CIA/BushCO to then later bring in Patriot III, which would OUTLAW all non-registered ISPS/Websites and force super monitoring of ALL systems, welcome to 1984.
Liberty freedom are no1, not dicks in suits.
Did anyone notice at the bottom of the netcraft page http://uptime.netcraft.com/perf/graph?site=www.sco .com that SCO seems to have switched to Linux (from SCO Unix) on their servers back in August, 2002?
I guess SCO Unix just wasn't cutting it...
Sad because the talent is lost on childish pranks such as this. Hilarious because it's happening to SCO. The market has spoken!
The page cannot be displayed The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings.
Brings a tear to my eye.....
...this never could have happened!
Ok, I'll bite; What has Greenpeace done to belong in that list of nutbags? How can you mention religios nutbags and forget Scientology?
Is that it's really a bit contradictory. Most people who are vehemently against SCO use Linux... and their computers won't be infected. So it really doesn't make sense that this was written by someone in the OSS community. They would most suredly write something that allowed people on Linux to play along.
But given my experience with the OSS people... they wouldn't do it this way. They'd send out a mass communication asking be to voluntarily ping SCO.com as many times as possible on a particular date.
Get over it. Yes, SCO is a company that appears to be litigating themselves into profitability, at least until they can manage a stock dump. Yes, they are lobbying Congress with lies about the GPL and the open source movement.
But this doesn't justify a lynch mob. What you are doing is illegal.
If that doesn't convince you, think of the millions of people whose days are inconvenienceda and/or wrecked. Don't you think that their misery far exceeds any temporary hurt you could deal to SCO? It's not like they need to have a whole lot of internet connectivity to litigate their cases. If anything, being DOS'ed helps them make their point.
Think of the big picture. Act responsibly.
There is much pleasure to be gained in useless knowledge.
Now this is something that SPF could actually help with: when the virus sends a message with a spoofed from (and HELO, based on what I'm seeing) address, the mail server will read the SPF TXT record, figure out that that address is NOT allowed to send messages for that domain, and nuke the message. Even without anti-virus software.
All that said, I'm feeling really lucky to have installed amavis-new/clamav last night. I didn't even know this was coming, and it's caught about 200 messages already this morning.
This SMACKS of SCO.
I would lay BIG MONEY on it that SCO paid some Russian 1337357 to do this.
How much you wanna bet??
It isn't like they are distributing products from their website or have any new customers going to their website. The only place you can hurt SCO these days is in the courts, because that is where they are doing business.
I think this is a clear cut case where the windows platform is being used as a tool to conduct terrorist activities. I think it should be banned.
Anyone notice they (temporarily?) took this article off the Slashdot main page? Slashdot was probably contributing to the DDoS. Prudent thing to do I suppose...
Okay, hear me out... do I WANT this virus? I think I might. Hmmm...
"Politicians find new names for institutions which under old names have become odious to the people."
I'd be glad to allow a virus attack SCO. How do I get a copy?
Now "the open source community" is being blamed for writing this...
It would be interesting to find out who out there would infect their own machines or allow their machines to be infected and not clean the virus out just because they WANT to take part in a DDOS of SCO. For all those that agree that SCO is a basket full of idiots and want to do something that will 'fight back' but don't quite have the means to do a DOS themselves - This may be an option for them...
Just a thought...
The1Genius - Littera Scripta Manet
We need some of you guys to crack this thing and set it to also attack the RIAA come on, you know its for the greater good
FOR SHAME! I can not believe that ANYONE here would even CONSIDER doing something like this. I am SHOCKED! Simply SHOCKED! al queda SHOCKED, I say. Communist conspiracy It is unimaginable that a true Open Source advocate would do something like this, I am simply SHOCKED! Fidel Castro SHOCKED, I am. This really undermines the intergety of the whole movement RMS picking fleas out of his beard and everything we stand for. SHOCKED is not a strong enough word for this dastardly dead, and I know that nobody here at Slashdot would ever do anything like this everyone and their bastard brother. This is just a SHOCKING thing, and I for one, am SHOCKED! Whoever has done this bad thing that truly SHOCKS me your sister, needs to sit down and take a long hard look at them selves Che Guevara. SHOCKED! I simply do NOT believe that any true Open Source advocate everyone on the planet would do something like this. I am SHOCKED!
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
...to the Schadenfreude Worm.
Any technology distinguishable from magic is insufficiently advanced.
Of course, with the theories about MS being behind SCO's campaign, and SCO attacking itself to gain sympathy, it's obvious Microsoft isn't calling the shots. Nothing has hurt MS in the market more than the easy proliferation of viruses and owned machines.
The Windows operating system has a very insecure design which has been apparent for years and yet Microsoft continues to use the same insecure paradigm again and again, version after version.
Seems to me you can't blame Microsoft's stupidity on their dumb users.
burnin
The RIAA did it.
1) Attacks users of Kazaa
2) Attacks evil corporation on top and finally returns RIAA to their hard fought spot!
"We need a fourth law of Robotics: Stop Fingering My Wife"
www.sco.com seems to be having issues.
It has failed to load from multiple locations around the globe.
I thought it was for FEB ? hmmm interesting.
Monsanto already patented that business model.
The ______ Agenda
"Obviously SCO has a lot of enemies out there right now, but it's always sad to watch someone stoop to this level."
Why do I have the feeling that if it was Microsoft being DOSed your statement would be more along the lines of "go get 'em!"? Is it because it was most likely an OSS/GNU/Linux person who wrote the malware and you're just trying to cover for them?
I'm sorry, but I smell hypocracy.
Any attempt to involve yourselves in this will be viewed as complicit behavior. Do not get this mess associated with Open Source developers in any way, shape, or form. The culture and purpose of worm authors and OSS developers are completely orthogonal and must remain so.
SCO has enough enemies to worry about, and they can point fingers all they want. They do not deserve an olive branch, they did not ask for one -- do not take the bait and proactively offer one. You will lose fingers.
-Hope
Go and ask Microsoft black ops, they're fighting for their survival. A large-scale movement of openness across the planet will make some corporations and The Cabal (in the Winston Churchill meaning of it, google it up) collapse as people re-think their values and if it is worthwhile to shell out money for everything.
...so I thought I'd try the imaginary URL and see the response, and that certainly surprised me (using the above link):
Document Not Found
To find the document you're looking for, please see our company sitemap
or use the following search:
If you're having problems with a broken link, send us your e-mail and we'll find the page for you. If the page is on the Linux Documentation Project site (http://www.sco.com/LDP/), email feedback@linuxdocs.org
How long have they been 'battling' Linux?!
Are you local? There's nothing for you here!
SCO has been steadily losing credibility since their first accusations. For OSS developers to initiate a DDOS on SCO would be seen as a strike below the belt, and a completely unnecessary one as well.
This is one of the reasons that I don't believe it was created by anyone in the OSS community. The general concensus has been to wait for IBM to knock SCO clear out of the ring in just under two weeks. A DDOS at this time would be completely unexpected and anticlimactic. It's more likely a private joke in the distributed spam world, and locating and bringing those idiots to justice would be time well spent.
-HopeOS
This seems to be a trend lately in worms: this isn't targeting any software vulnerability, it's just targeting dumb users. I hate to say this, but like the past couple of big worms, this one isn't really Microsoft's fault. Even with a more POSIX-like user security model, if the user can send mail the OS can host a worm like this.
All's true that is mistrusted
As for SCO, when the full scope of the cost of all their crap is finally added up, I'm sure it will have cost Americans more than all the Terrorists we have faced since 1776. He'll make Enron look like a swiped candybar.
But hey; that's GREED for you.
"Can there be a Klein bottle that is an efficient and effective beer pitcher?"
Releasing a virus/worm which attacks on a future
date lets anti virus soft guys and web site
maintainers thank you for helping them to defend
against your brain dead attack.
Imagine a worm which doesn't wait until URLs are
changed, routers are reprogrammed or anti virus
soft is rewritten...
I tell my family and co-workers that unless you were expecting the attachment, don't open it. Doesn't matter what kind of file it is. Save it to a /suspect directory where it can be scanned later or you can verify that the person sending it did.
The number of people I know that click on anything has dropped considerably. There's a couple that would get infected even if the file was called "Data_Destroying_Spam_Serving_Executable.zip", but they'll never come around.
It's like people driving into a pothole to see how deep it is.
This just in.
SCO annouces that they will sue the creators
of the myDoom worm for infringing to SCO's
intellectual property.
SCO claims that several lines of code in the
myDoom worm were stolen from UNIX, but thus far
SCO has failed to show the infringing code.
More at eleven.
You've got 8% of my love - 8% of my love - 8/100's of the time you're the only girl I'm dreaming of.
I just created and installed a Postfix remedy for this recent deluge, and thought I'd pass it on.
In main.cf, insert this:
body_checks=pcre:/etc/postfix/virus_body_checks
Create a file virus_body_checks containing this:
/^UEsDBAoAAAAAA...OzDKJx\+eAFgAAABYAA/ REJECT Attached zip file appears to contain a virus.
If anyone has an improved solution, let me know, but this seems to work.
I would have asked him whether he did the same thing on September 11th. There's nothing amusing about being an ignorant asshole.
I remember 2036 very clearly. It is difficult to describe 2036 in detail without spending a great deal of time explaining why things are so different. In 2036, I live in central Florida with my family and I'm currently stationed at an Army base in Tampa. A world war in 2015 killed nearly three billion people. The people that survived grew closer together. Life is centered on the family and then the community. I cannot imagine living even a few hundred miles away from my parents. There is no large industrial complex creating masses of useless food and recreational items. Food and livestock is grown and sold locally. People spend much more time reading and talking together face to face. Religion is taken seriously and everyone can multiple and divide in the heads.
...and subscribe for caching services from Akamai. :)
Hey, they could offer a free Linux binary licence for Akamai in exchange for the services
Akamai uses a few thousand Linux servers to ballance load to it's clients' machines and Microsoft had to hide behind them when MSBlaster attacked their windows update site
Anyone notice the bottom of the Netcraft report (under OS, Web Server and Hosting History for www.sco.com)?
unknown Apache 27-Jan-2004 216.250.128.12 NFT
Linux Apache 12-Dec-2003 216.250.128.12 NFT
Now we know why they were too busy to respond to the judge's discovery order - they were getting their website converted over to another OS (or hiding that the OS was Linux).
Curiously, the netcraft site shows they tried this for a day earlier in December and presumably had problems with the cutover. The full Netcraft report shows an interesting evolution in webservers:
unknown Apache 27-Jan-2004 216.250.128.12 NFT
Linux Apache 12-Dec-2003 216.250.128.12 NFT
unknown Apache 11-Dec-2003 216.250.128.12 NFT
Linux Apache 3-Sep-2003 216.250.128.12 NFT
Linux Apache 21-Aug-2003 216.250.140.112 NFT
Linux Apache/1.3.14 (Unix) mod_ssl/2.7.1 OpenSSL/0.9.6 PHP/4.3.2-RC 17-Jun-2003 216.250.140.112 NFT
Linux Apache/1.3.14 (Unix) mod_ssl/2.7.1 OpenSSL/0.9.6 PHP/4.0.3pl1 20-Nov-2002 216.250.140.112 NFT
Linux Apache/1.3.14 (Unix) mod_ssl/2.7.1 OpenSSL/0.9.6 PHP/4.0.3pl1 14-Aug-2002 216.250.140.125 NFT
SCO UNIX Netscape-FastTrack/2.01 13-Aug-2002 132.147.210.109 Caldera, Inc.
SCO UNIX Netscape-FastTrack/2.01 12-Aug-2002 132.147.210.109 Caldera, Inc.
From SCO to Linux? Linux running as recently as December 2003? Of course, since they own Linux, I guess this is ok...
Obviously SCO has a lot of enemies out there right now, but it's always sad to watch someone stoop to this level.
HUH? Stoop to this level? Hell - when I found out the virus was DDOSing SCO, I intentioanlly infected all of my machines with it! :)
After all, it's the end goal that counts... not the means by which you get there.
Never try to beat a professional at his own game!
Writing a virus is NOT terrorism. Stop equating everything stupid people do with terrorism, it only demeans the many many thousands of people around the world who have been killed by actual terrorists. The person who wrote this is a criminal and a loser, but he or she is no terrorist.
One thing those of us out here won't find is the truth. I see you were scored zero...shouldn't be. My observation was just the same. Why not let their site get whacked...it is not like they have business to do right?
When the people fear their government, there is tyranny; when the government fears the people, there is liberty.
I was just thinking about this after getting copies of this crap in an inbox of an email address I've only given out to a few people. The return addresses were indeed spoofed from places like foo@travelocity.com , but I'm still able to narrow the possible culprits down to the few people who know my address. So.. how about this. Get together with the admin of a reasonably popular forum that's scoured by spammers. Whip up a script that will create a unique email address for each IP address that visits, such as HASHOFADDRESS@foo.com , and is displayed on the pages. When you start getting these viruses in the mail, just check which IP the email address corresponds to. With luck, you'll find the virus writers scouring for more addresses. At the very least, you'll catch a spammer or two.
http://cltracker.net -- powerful craigslist multi-city search
Virus experts suggested MyDoom's author was a fan of the Linux open source community, because the bug, which targets computers running Microsoft Windows, launched a Denial of Service Attack on SCO's site. Utah-based SCO Group, owner of the UNIX operating system, claims some versions of the Linux operating system use its proprietary code.
"The MyDoom worm takes the Linux Wars to a new intensity," said Chris Belthoff, an analyst for anti-virus firm Sophos. "It appears that the author of MyDoom may have taken the war of words from the courtrooms and Internet message boards to a new level by unleashing this worm which attacks SCO's Web site."
This page was generated by a Flock of Attack Rabbits for you.
Let's say these virus writers ACTUALLY divert peoples anger towards the Open Source community and SCO. (Why would people who actually care to read stories be stupid enough blame the Open Source community?)
HOW would distracting the press and a few clueless people actually help the criminals? Are the police going to stop chasing them? Are anti-virus companies going to start ignoring them? Are people going to start liking SPAM all of the sudden?
Seriously, What do the criminals get out of it other than enjoying sticking it to SCO.
I see so many people saying that the guy who wrote this is open source...My only question is 'Then where's the source?' :-)
I haven't used Windows since NT4, so I stand corrected.
However, tell me this. When someone purchases a box from Dell, or picks up a shrink wrapped XP to install, do they end up with the same secure system as the one you would have put together or do they end up with an admin user?
burnin
I think it's because of their attack on all free software. anything free, (without cost) would be banned if they have their way.
SCO already looked at the MyDoom code and have determined beyond a shadow of a doubt based on the opinions of their technical developers that MyDoom could not have been written by the open source community. They suspect IBM currently.
Everyone blames Windows and MS for this bs, lets be honest for a second, if Linux had as many users as Windows there would be virus's for that too, maybe not as many but they would show up. It cant be stopped, no code can ever be perfect or free of bugs and when you have billions of people using the same software finding and exploiting bugs can be as easy as going to google.
Lets face facts, if more windows users took an hour and learned a little bit more about how their pc and the internet works, and how to protect themselves the world would be a better place. I know 5 windows users who have NEVER update their anti virus software or installed a single patch, i know 7 people who leave their pc on 24/7, have broadband yet dont use a firewall, yes i know some fault has to go to MS but if it werent for the idiots of the world who are to lazy to learn about the basics of security and virus's we wouldnt have these problems.
be sure to license it first!.
dont want a lawsuit on your hands, now do you?
I don't know about you, but I don't want to /download/ the virus.
For those blocking at the server level, please silently drop, DON'T BOUNCE the message, as it has spoofed from addresses. E.g. 1000s of these bounce messages:
host xxx: 550-message rejected -- looks like a virus 550 (attachment 'file.zip' contains executable file
are as bad as 1000 viruses..
Just download our free handy-dandy automagic clock-setting utility with FREE SMTP (Simple Mean Time Protocol)* Engine! It automatically sets the clock on your PC and helps deliver important messages on the Internet too! Do your part to help make the Internet better. Click HERE to download.
====
* SMTP = Simple Mail Transfer Protocol
I found this message, the funny part about it is the forged headers.
D B"
A FREE SERVICE FOR SUBSCRIBERS OF JAYWALK INTERACTIVE CC
Free virus scanning, and improved SPAM control
Call +27.21.790-7459
The Declude Virus v1.75 software on lodestone.co.za has reported that you
sent an E-mail to allan@lodestone.co.za, containing the W32/Mydoom.A@mm virus in the
test.zip attachment. The subject of the E-mail was "hi".
The E-mail containing the virus has been quarantined to prevent further damage.
Headers Follow:
Received: from xxx.org [193.253.216.105] by mail.directories.co.za with ESMTP
(SMTPD32-8.02) id AEC126B020E; Tue, 27 Jan 2004 15:59:29 +0200
From: xxx@xxx.org
To: allan@lodestone.co.za
Subject: hi
Date: Tue, 27 Jan 2004 14:56:22 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0014_1330887B.A92835
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id:
Virus Name = W32/Mydoom.A@mm
Virus File = test.zip
---
[This E-mail scanned for viruses by Declude Virus and Jaywalk Interactive]
[Mail is also scanned to reduce SPAM using statistical and other methods]
*sigh*
Yarr!
Heave to and prepare to pay yer $799, ya scaliwags!
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
Why doesn't OSDL or somebody with enough machines to handle this DDOS offer to host the SCO site for free? Offer to put it on some machines so that if the DDOS is big enough to take them down it will also take down some OSS sites like SlashDot. If SCO turns them down it is proof that SCO wants this DDOS to happen, and a press release to this effect can be done.
I agree that some spam house wrote this and the intention is to install a backdoor. And the virus writer likely has a vendetta against the "Linux community" and wants it to get bad publicity. They probably don't care one bit about SCO.
I also think SCO mistakenly took down their own site in anticipation of this virus, which really does not happen until Feb 1st. Watch for it to reappear later today after they read some slashdot comments pointing this out, and then promptly disappear on Feburary 1st Utah time (rather than gradually being DDos'd over a 24-hour period). The number of Windows machines set exactly 3 to 15 days ahead is a trivial number that could not DDOS anybody. Though SCO probably did not write the virus, they are certainly interested in making it look like it hurts them.
looks like a few people straddle the fence when it comes to using the DarkSide to help the Force. However, in my humble opinion, they might as well go on ahead do RIAA as well. I know that I'll have a few windows boxes up and runnin just to see if I can "catch" this nasty little bugger of a bug.
may the source be with you
.. if SCO is doing this themselves? Think about it... what better way to make hackers everywhere lose credibility than by releasing a virus that DoSs SCO.com?
Then they can blame "those" linux hacktivists for causing all this trouble.
Once again they can seem the victim.. yet again, after all, we stole their IP, and now we steal their business by knocking down their web server.
Or maybe I've seen too many X-File/Conspiracy TV shows....
If as many people hated linux as windows, there would be just as many linux viruses.
Why do so many think this will "hurt" tho OS community?
Most people know our corporate leaders snif coke, evade tax payment, bribe politicians, visit hookers and do we ever stop buying things from them?
I'm not talking about one rotten apple, there's usually more than one rotten apple in the basket.
If yhe OS communuty wanted to, then SCO would not be able to connect to the net, I think the OS community is recourcefull(massive) enough to do just that and even get away with it, dissapearing into the crowds,
It takes one script kiddie to pull a stunt like this, and sure most Open Sourcers are laughing out loud.
Eat shit MacBribe!
MyDoom==MiMail, that much is known. The MiMail malware runs on Windows, for the most part (know of any exceptions?) and in the past as been a tool to build spam and relay zombies for UCE and possibly criminal activity. That MyDoom would be the product of Linux supporters is immediately suspicious; far more likely (as others have already noted) it is going to do what every other MiMail variant did and that is to create zombies for organized crime, to be sold/rented to the Mafia and online gangs of Nigerian 419ers, singly and in bulk.
Now, the windows angle. As viruses become more common, not less, Windows platforms running in mission-critical roles might decrease, not increase. This is even more likely as the Linux/SCO thing is resolved in favor of Linux remaining open and free; one can imagine something of a stampede onto Liniux or FreeBSD after the court findings. So if you were a Mafia hacker, and you were watching all this, and you thought maybe you could sort of swing things in favor of the status quo, which certainly would keep you employeed writing viri for your Boss, why not involve SCO for a few days? Maybe influence the courts, some politicians, you know the friends of Big Money. And after that, why not MSN? Microsoft could use the public forum to decry their opponents. And then DDoS maybe a combination of SCO, MSN and the the Department of Homeland Security. You know, just so it is obvious how anti-Democratic and anti-choice these Linux freaks really are. During an election cycle.
Then sit back and let those wheels of power do their beautiful thing. With luck, Linux falls under the IP of SCO Group, the OSS community goes into shock, Linux and even FreeBSD deployments collapse, Microsoft issues an "I told you so" PR and rolls up the server market, their Trusted Computing development budget withers on the vine because they don't need it anymore to counter any external threat to their marketing drivel. Viruses run rampant for another 10 years until some later excess makes the governments of the world take action, by then too late. In the meantime the gangster are essentially printing money, they 0wnz the Internet, and r00t perhaps half the computers in the world.
You think I'm nuts? Tin-foil hat askew? Don't ever underestimate the criminal, or political, communities.
=^..^= all your rodent are belong to us
a worm to ddos attack SCO? where do I download it?
Feature request for version 2: add Microsoft, **AA, and that stupid fragger on bf42 who can't seem to stop killing his own teammates to the list of targets.
Snooze and you lose your sushi.
The major problem is that SCO can rush out FUD press releases about how this is an attack on their integrity caused by evil forces, a result of the open-source model, and that clearly those who write worms would not stop at stealing IP (1).
The OS community can respond - Linus could make a press release, but so could several others, all saying different things. There is no - there cannot be an - overall coordinated response by the community to this problem.
Under that scenario, likely SCO's release would get as much, if not more, coverage, as all the response releases put together. That makes Open Source look bad.
1) I make no claim that such a series of press releases has or will be made.
Exercise your right not to vote. thinkoutside.org
all this does is raise their stock price even more.
I was wondering what the Virus/Financial Damage Ratio of this virus is on the long run...
$ 5 billion, 10 billion ?
It must be astronomous though...
Moral decisions - I hate 'em. ;->
If I find this thing on my computer do I have to take it off?
Yeah, yesterday I tried to patch a girl I met in a club, but she slapped me in the face... Let me put my diff in your patch, baby! :(
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
Roses are red, violets are blue, most poems rhyme, but this one doesn't...
Any of the following domains gets spared:
avp
syma
icrosof
msn.
hotmail
panda
sopho
borlan
inpris
example
mydomai
nodomai
rusli
gov.
foo.
berkeley
unix
math
bsd
mit.e
gnu
fsf.
ibm.com
google
kernel
linux
fido
usen
iana
ietf
rfc-ed
sendmail
arin.
ripe.
is
isc.o
secur
acketst
pgp
tanford.e
utgers
mozilla
Borland, Microsoft?, packetstorm, securityfocus, stanford, rutgers, mit and the list goes on. Some are only partials and have to be figured out (eg acketst=packetstorm) but most are pretty obvious.
the question is why they left these out. Hotmail would be a horrible vector to spread this worm, and the
I hate SCO too for what they are doing to the linux movement. I also don't agree with dealing with them using a worm. But this rant isn't a polictical one, this rant is technical.
this worm is smarter then any I've seen before. It has a target, a date, and makes use of an exclusion list so as not to kill itself off. If this intellegence were in a 0day worm that didn't need the 'blended threat' model we'd all be in a lot of trouble.
Recall that SCO is lobbying Congress for restrictions on open source. This will help their lobbying.
Why make up conspiracy theories?
With 1 in 12 emails containing this worm (cnn.com) there are a lot of infected computers. If only 0.1% of them have their date set wrong there could already be significant traffic against SCO.
Experts: Vicious worm 'Linux war' weapon
Excerpted from the article posted 12:40PM EST:
Below is feedback I sent to them in response:
Anti-virus vendor: One in 12 e-mails infected
Yeah, and 10 out of 12 are spam!
If that is the case, a shrink wrapped copy of XP will by default have the user as admin, then nothing has changed at Microsoft.
Having security capability doesn't mean squat if you bypass it by default. Sounds like usual inept Microsoft to me.
And claiming users will end up bewildered is a false assumption. There are ways around this such as installing apps in user space. This works for linux and it works for OS X. Windows simply suffers from poor design by Microsoft.
burnin
The SCO lawsuit is about Linux right, right?
And Mydoom is a Windos worm/virus, right?
So exactly how is the Linux community supposed to be involved in the authoring of it, if we are all happily wonking away on our penguins?
re: "mainly that its ultimate goal is apparently to DDoS SCO":
.cx domain ...) a link to shocking or hateful stuff, or (read at -1 sometime) posts the shocking, hateful stuff itself, he's not doing it because they're nice, or because they're cute pranksters. They're expressing anger / derision / hatred / malice that they didn't learn in kindergarten to sublimate or control. If I were a psychologist, maybe you'd take more seriously my guess that they're mostly angry with their parents, if not The Whole World. It's a lot easier to ruin a conversation than take part in one as a positive contributor, and if your goal is destruction, a lot more satisfying, too.
Maybe, but I doubt it.
I think the ultimate goal is the same as most viruses (and it may not be clear even to the ones doing it) -- to make people dislike and distrust each other, inch by inch. In this case, the writer has tried to put a big kick-me sign on the backs of two different groups, two-for-one. Incidentally, I think that's the same goal that drives a lot of the malicious stuff posted on Slashdot and any other forum nice enough to provide a soapbox to the jerks as well as the nice guys.
When someone posts (posted? one can hope, about a particular site with a
The same sort of people (when / if they interact with the real world) are probably tempted to kick dogs and push old ladies down stairways, pee in public pools, feed exlax to pigeons, and leave flaming lunchbags on doorsteps. Oh, well.Hopefully one day the old ladies will be armed, the dogs will bite, the pigeons will explode over their lunch, and the swimming pool incident will lead to an indecent exposure charge.
timothy
jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
kinda weird. i was hoping that sco.com would just stay down forever...
01100111 01100101 01110100 00100000 01101111 01110101 01110100 00100000 01101101 01101111 01110010 01100101 00101110
it's always sad to watch someone stoop to this level.
Yeah...the next thing you know, someone will start sending out invoices to people for imaginary things that they "sold" to "customers".
Lots of petrified grits
but it's always sad to watch someone stoop to this level.
To whom are you referring, the virus writer or SCO?
What makes you think this worm's objective is to DDOS SCO? I contend that's just a distraction. The worm's real intent is to create a smokescreen while opening up a back door for spammers to install proxy-relaying software. All the circumstantial evidence points more to these worms being launched by spammers who are trying to steal more IP space from which to operate. Getting entangled in the SCO debacle simply makes an excellent diversion, that will mislead investigators. Also, attacking SCO enhances their case and claim they're being "victimized", which seems to be SCO's primary business model these days.
"Obviously SCO has a lot of enemies out there right now, but it's always sad to watch someone stoop to this level."
WTFever. SCO's legal "strategy" is nothing more than a litigious DOS attack, filing briefs and injunctions on whatever they can, whenever they can. Those assholes had this coming.
Does the History at the bottom of Netcraft SCO History mean that they're using Linux?
Or used it in the Past?
hehe, damn bastards!
the creature of a desperate cabal of corporate IT types mired in the vast wasteland under m$ dominion.
These intrepid, beleaguered souls must feel certain that the SCO assault on Linux threatens to obliterate the one dim ray of hope they can glimpse shining through the miasma of spam and swirling swarms of virii arising out of the m$-infected forests of FUDdery - the gleaming outlines of free (as in RMS) software and openness in standards.
And thus, using the only tools they have to hand, no matter that the tools are of dubious and perhaps treacherous provenance, they are counterattacking the minions of the dark forces in IT in the only way they know, in order to aid any possible relieving force bringing brighter hopes of an IBM or Novell or Sun or *anyone* Linux rollout in their workplace.
Naaaah.
I have to agree: it is probably devious spammers. Second guess: someone getting paid by a cutout for interests threatened by free software, because they can't sell lock-in crap when better software is freely available.
. . . me neither, I never thought I'd say this but. . .
The lowly dirty execs at the SCO Group deserve every bit of this DDoS attack. I hope it brings their business to ruin. Some of you may say, that people shouldn't do this because it makes the OSS community look bad. Quite frankly, I don't give a d@mn. I'd say it is just punishment for the m0r0ns at SCO.
My advice to SCO Group employees, workerbees, leave while you can. The SCO Group ship is going to sink and it is going to sink VERY badly and this time there will be any survivors; especially after IBM gets done with them.
Here's a company that takes claim to other peoples work and threatens customers with a bullsh*t lawsuit if they do not pay up; yeah, right, me pay up? Who the heck are these guys(SCO) kidding?!
I hope IBM crushes them like a fly. . . .
http://money.cnn.com/2004/01/27/technology/techinv estor/lamonica/index.htm
....
"Of worms and penguins?
So where does the worm come in? Chris Belthoff, senior security analyst with privately held anti-software firm Sophos, said that it looks like the main intention of MyDoom is to launch a denial of service attack against the Web site of SCO Group. "This appears to be a facet of the Linux war," said Belthoff. "This is the first time we've seen a virus or malicious code used in this legal battle.""
The LAST thing the Linux effort needs is the label of "a community of electronic terrorists". That would invite ALL the WROING folks into the picture (think government agencies, arrests, a general and aggressive "clamping down"). Worm attacks are not constructive - they are DEstructive.
Is the juice worth the sqeeze?
SCO probably put out the virus itself and soon will be billing anyone running it.
The race isn't always to the swift... but that's the way to bet!
Whoever wrote this virus should open source it and make it for download on Sourceforge.net under the GPL. This will allow Linux hackers to make improvements to it so the anti-virus programs can't defeat it! We will shut down SCO once and for all!
I suggest you stick with windows as being a Linux administrator is a very lonely job.
You've got to be kidding me. Programming the backend for one website could be a full time job.
A server farm with 500+ takes a large team.
http://www.cnn.com/2004/TECH/internet/01/27/mydoom .spread/index.html
CNN calls the virus a "Linux War Weapon" and describes the author as being a "fan" of Linux.
I wish these idiots would stop setting up attacks against SCO. It isn't helping a thing, it only hurts. SCO is trying to make Linux users seem like criminals, and I'm sure they are very pleased when they are attacked, since it helps them do just that.
If you really support Linux and want to help, you should spend your time educating people about SCO's FUD. You should not write these annoying worms that make Linux users look like punks.
"You spoony bard!" -Tellah
huh?
All this talk about 'DDOS this' and 'spammers back door' etc. yes, very obvious..and already covered in many many threads.
not many comments...if at all, about the Netcraft stats.
SCO certainly didnt keep SCO Unix for their web server. no, they are quite happy with Linux. in fact, they are quite happy with lots of Open Source to be doing their legwork for them.
SCO appears to be prepared for a (D)DOS attack against their web server. A quick DNS query for www.sco.com revealed this:
www.sco.com. 60 IN A 216.250.128.12
If SCO is hit with a DDOS attack, they can simply change the IP address for www.sco.com to point to a mirror of their web server on a completely different network. They are able to do this by setting the time to live (TTL) value to 60 seconds (above) for the host www.sco.com, so that a change like this would essentially take 60 seconds to become active.
Why do people attack web servers anyway? Isn't the communications system (e-mail) a better target (wink, wink)?
Haven't you noticed? Sco is now the oficial "Love to Hate" company of slashdot now. That's why there are so many (misguided IMHO) Let-em-burn posts on here. I appreciate seeing a grown up attitudeamong /. posters myself
"Obviously SCO has a lot of enemies out there right now, but it's always sad to watch someone stoop to this level."
No, it's not. What goes around comes around. Isn't that "Karma"?
Trolls dont like to be Flamebait, because they burn so well. Protect our Troll heritage!
SCO:
1) seems to have a business plan predicated on lawsuits (their lawyers are likely to be web isolated and so not hurt by this) and press releases (which, while they probably are placed on the web, can also be sent to lots of other places and news organizations)
2) probably doesn't have many programmers now (they don't seem to make much of a product after all) and they probably would be isolated as well.
3) doesn't sell anything - see their revenue (if it weren't for M$ and Sun^H^H^H^H^H^H^H^H^H^Htwo unnamed Fortune 500 companies, they wouldn't have much in the way of revenue at all), so losing their web portal isn't exactly catastrophic.
A DDoS against SCO doesn't hurt them but could potentially hurt the reputation of Linux and OSS.
If the virus was written by a Linux or OSS partisan, it was really misguided - like trying to hit Darl McBride's car with a pistol but only hitting the bumper and then getting hit by the ricochet. Of course, if the virus was written to attack SCO, the ports that the virus opens and other goodies contained in the virus which do not expire (unlike the DDoS on SCO) don't make any sense.
Spammers, however, are logical authors for this virus. they are, after all, malicious and evil. They likely wrote the virus on which this was based. The port opening and other functions fit well the MO of spammers. as a bonus, hurting Linux might helps spammers - while Linux does have vulnerabilities, it doesn't open functionality as root by default, and the diversity of Linux variants means that Linux boxes should be harder to attack en masse. Spammers would prefer an OS monoculture - even if MS improves its security, computers (90% of which run MS OSes) will still be easier to attack than a large number of computers with diversity of OSes.
I for one welcome our new SCO doom bringers!
I said SCO deserved to be DDOS'd. that's what the story's about [hint: read the title]. where did I say anything about back doors?
I stopped reading after "back doors". I suspect having set up a nice straw man you just tear into it for all the "Insightful" mods you can get.
Slashdot DDoS's websites every day, crashing servers, costing people thousands of dollars in bandwidth, without even so much as a friendly warning... this is just another stupid virus, not a political agenda, move along, nothing to see here...
Meep
I just read abot the SCO connection on CNN (busy day today). Interesting symbolism, using Microsoft Windows vulnerabilities to attack a company that's trying to 'close-source' Linux.
-------- In Soviet Russia, "Soviet Russia" sigs hate Slashdot.
Only laugh I've had in this whole thread...
...says the guy who responded to 1/2 of my post like it was the whole thing.
Here's a hint buddy: try reading more than 50% of something before you respond to it. It's amazing how much less of a dumbass you can sound like when you actually read the entire text and understand its context.
Now, again: care to explain how SCO "deserves" someone DDoS'ing them when they are IBM's problem and IBM's problem only?
You know, I normally don't comment on .sigs, but let's see here... if there are all these idiots around you, and you're the common demonitator, what does that actually suggest? I may be crude and rude and nasty to people, but at least I take the time to craft my responses carefully when I'm trying to make a point and don't just wildly fly off the handle and say stupid shit like your post that started this thread.
Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
These morons at SCO have shown that they will do ANYTHING to stay in the news. I suspect they attacked their own damned website. Unrealistic? Yeah, so is every other thing they have done in the last year.
But Officer, I DID read the f**king article!
Its main purpose, he [MessageLabs marketing chief Brian Czarny] said, is to attack and overload the website of one of the world's biggest vendors of the Unix operating system, a competitor to Microsoft Windows....Meanwhile, the apparent target of the virus, Unix operating system owner SCO Group, said it was offering a $US250,000 ($A321,667) reward for information leading to the arrest and prosecution of the virus creators.
8 80 55588.html
Utah-based SCO confirmed that it was being hit with a distributed Denial-of-Service (DDOS) attack, or bombarded with information requests in an effort to crash its central computers.
"During the past ten months, SCO has been the target of several DDOS attacks," said Darl McBride, SCO president and chief executive.
"The perpetrator of this virus is attacking SCO, but hurting many others at the same time. We do not know the origins or reasons for this attack, although we have our suspicions. This is criminal activity and it must be stopped."
SCO said it was working with US law enforcement authorities including the US Secret Service and FBI in the probe.
http://www.smh.com.au/articles/2004/01/28/10750
It's amazing how much less of a retard you can sound when you don't start your argument by bitching about something I didn't even say.
...yeah, crafted REALLY carefully.
what's a demonitator?
Please explain how SCO is only IBM's problem when Darl has made it clear he believes Linux to be, among other things, a tool for terrorist states to develop WMDs and a threat to the entire US computer industry. And he has the backing of the world's richest man. And the US government isn't known for making a habit of putting people before profits when lobbied by rich companies. Or understanding technology enough to produce quality legislature (e.g. software patents, DMCA).
to a bunch of children who can't even obey the law? Makes me wonder what other laws Linuxs users are breaking, and how much of a case SCO really has to get them so riled up.
Umm, has anyone bothered to stop and ponder the link in the actual article?
s co .com
http://uptime.netcraft.com/perf/graph?site=www.
that one? You'll please note at the bottom.....the dates/server types that www.sco.com is running on...... I'm not going to say anything more.
SCO is offering a bounty of a quarter million dollars to anyone providing information that leads to the arrest of the virus writer. Here's the article.
But what is SCO so worried about? It's not like their business model involes selling anything...
I mean, as much as I despise SCO, the virus author rates lower in my book.
Once things are cleaned up, we can put out a nice press release that says something to the effect of "As much as we dislike SCO, we wanted to keep SCO focussed on their court case. When (not if) they lose in court, there should be no ambiguity. SCO didn't lose because they were distracted, or reviled. They lost because they were evil^h^h^h^h wrong."
On Tuesday, SCO announced a $250,000 reward for information leading to the arrest and conviction of Mydoom's creator.
1st one to catch SCO wins!
Yes, but are 100% certain. But until IBM provides every revision of AIX, Dynix, and every other operting system and piece of software they've ever written over the last 40 years, SCO won't be able to say with specifity exactly why they are 100% certain....
PJRC: Electronic Projects, 8051 Microcontroller Tools
1 - Set your local date to February 1st.
2 - Repeat step 1 every week.
This isn't cool! Get that site back online so we have a complete, infinite mirrored version of their whole site!
wget -nd -m http://www.sco.com --retry-connrefuse --waitretry=5
Apparently, SCO's "valuable" Intellectual Property did not include ways to keep a script kiddie from crashing their servers. ...morons
http://www.eweek.com/article2/0,4149,1463923,00.as p
But there is another kind of evil that we must fear most... and that is the indifference of good men.
They released it a looooong time ago in a Service Pack.
You can create "bounce" scripts that su to a cripple user (still in the admin group) which runs the application.
So you'd create a warcraft user in the Administrators group, deny interactive/network logon, then create the bounce script reference by a shortcut on your desktop.
For full protection, you make the bounce script invisible to everyone except for "interactive users". (The bounce script contains the password for the special admin user, so you don't want people browsing your network share to see it if you can avoid it)
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
what's a demonitator?
A bit of a chuckle for me. If the best you can do is point out my typos, you're in a sorry state. The only thing you'll prove is that I don't spend enough time previewing my posts on a board with a S/N ratio of about 1:500, but I already knew that.
What did I falsely claim you said? I started my original response to your thread by bitching about the side effects of this, then retaliated against your claim that SCO somehow "deserves" being illegally attacked by the most lowbrow, idiotic, mind-numbingly uncreative, and dull attack since mailbombs. I never claimed YOU said any of that stuff in the first half of my first post, I simply said it.
If I'm missing something, please do quote me so I can see where I misquoted you or misrepresented what you said. I'm all ears (or eyes.. or whatever).
SCO is suing IBM. SCO is not suing you. SCO is not suing Linus. SCO is not suing anybody else. Why? Because the crux of SCO's suit is that IBM pissed all over one or more of their contracts regarding UNIX code.
Now, SCO is most certainly attempting to prod stupid people with near extortionist tactics. However, I emphasize stupid because only a complete gibbering moron would pay up based on imaginary code and vague written threats. In addition, I suppose SCO is the problem of stupid investors who don't bother to research the company at all.
So, I amend my original statement. SCO still isn't really our problem since if everyone would just ignore them, IBM's lawyers would thump the shit out of them and they'd silently die off. SCO is a problem for IBM and for stupid people.
If they start suing Linux users, things change. Until then - they're just full of hot air, and you'd do the FOSS community much better to go preach the benefits of FOSS and, more importantly, help people who've decided to take it for a spin. Standing around cheering on some moron who couldn't think of anything better to do then write another spam-enabling POS application that happens to DDoS sco.com only makes people think you're just as technologically incompetent and morally stunted.
Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
Although there is no evidence that you're a Linux user, by doing this you're giving the Linux community a bad name. Please stop this foolish and childish attack. Open Source and Free Software are a force for good and you're damaging that by doing this.
Please remember the following.
1) No one likes or respects you for this.
2) It's illegal.
3) It harms GNU/Linux's image as the good guy against SCO's obviously bogus case.
4) It makes the community look bad even though 99.999999% of us aren't foolish enough to engage in something like this.
In short you're accomplishing nothing by doing this.
SCO *will* be dealt with by lawful means. I urge you to stop the attack by whatever means NOW.
GJC
Gregory Casamento
## Chief Maintainer for GNUstep
This is a stupid question. But can someone explain why windows would execute a file with .zip extention?
How windows knows if a given file is executable or not?
(can't be looking at extentions or it would not execute .zip files :)
Thanks
It does seem odd that the worm has a trigger to stop spreading on Feb 12. If SCO were to unleash a self-attacking worm, wouldn't they likely include such a provision?
There has been a series of spam forwarder viruses published, each with a stop-spreading date and one or more further self-destruct or stop-working dates.
The idea seems to be that after a while the anti-virus community will get it cleaned out anyhow. So the virus conveniently dies out to take the heat off and clear the field for the next version.
Without this mechanism the spammer is dependent on the old verion, which is gradually cleared out (reducing his zombie population) AND the remainders watched for his usage, eventually leading his discovery and capture. With it, he presents much like a mutating virus - flu or common cold - constantly changing slightly to re-infect the same population of victims and distract its "immune system" (the antivirus companies and security/law-enforcement community).
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
We have weathered the last dozen email viruses; certainly, we can last through this one. My simple mail server is receiving hundreds of these messages an hour, and I'm plenty irritated by the whole thing. Nonetheless, I have not one tear for SCO.
-Hope
Vigilanteeism, however, is just malice operating under false pretenses.
Revenge of the nerds!!!
Each time I explain that email is insecure and people can forge your email address then point out that it is unlikely that the windows virus has infected my linux mail server...
Q.
Insert Signature Here
I opened my email this evening and look what Ziff-Davis has to say about the OpenSource community's reaction to the planned attack of SCO-s ?d=75-117 -1-1-588930-5203-1" They cite only TWO posts that might come close to this description, yet the lead in makes it sound like the whole O-S community is a bunch of net-thuging twits.
"...Find out who's saying what, and where
these sophomoric and misguided posts are coming from."
Followed by:
"..Ignorant Open-Source Fans Praise MyDoom:
http://eletters.wnn.ziffdavis.com/zd1/ct
At least they put in a plug for our beloved Slashdot (backhanded as it may be)
"..Reactions on Slashdot, arguably the largest discussion board for technophiles, displayed a cathartic wave of pleasure, "Finally a worthwhile virus!" exclaims one poster."
They take a few potshots at folks who hold the theory that this is all a ploy by SCO to discredit the O-S movement.
So the question remains- is Z/D taking SCO money to say un-nice things about Linux users, or have they snuggled up with Bills check book for the same reason? Might make a nice Slashdot poll?
"If they start suing Linux users, things change..."
"First they came for the Jews..."
Yea, good comparison. That would be an awesome response if it wasn't for the fact that you're using the quote totally out of context and there's an ENORMOUS difference between a psychotic government kidnapping and offing its citizens and some crazy company digging its own grave. I guess if there were a risk that SCO was coming to your house or IBM's house to kick them in the nuts, then you might have made some sense. However, since SCO is merely attempting to play on stupid people's fears and to play the court system - two things which can easily be remedied legally with a little patience, I can only conclude that your neurons were just firing randomly when you trotted out that sorry excuse of a response. Quick! Explain to me how genocide and not having a business plan are somehow related!
Here's a hint, wait... stop me if you've heard this one: IBM CAN TAKE CARE OF ITSELF. Oh.. gee... imagine that.. the court system will actually foil SCO's dirty little plans... meaning.. anyone... who... starts... or... cheers on.. such a thugish, dull attack is nothing more than a petty criminal or an idiot.
So, again, seeing as how IBM is capable of taking care of itself, I'll ask: how is it that SCO deserves to be DDoS'ed? I figure if I ask you often enough, maybe the odds will play out in my favor that you actually answer the question.
Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
You have got to be kidding. I admit my lack of knowledge when someone points out my mistake so I ask an honest question to clarify my misunderstanding and I'm modded a Troll?
Since the question is innocent enough it must be considered a troll because someone doesn't like what the answer will be.
Whatever,
burnin
Every time SCO is out of the news for two days something else happens to put them there. Personally, I suspect they manufacture these incidents just to avoid their inevitable irrelevancy.
But Officer, I DID read the f**king article!
And he claimes to be a linux user... http://story.news.yahoo.com/news?tmpl=story&u=/zd/ 20040127/tc_zd/117511
This is really... I don't even know the words to put it in... You've got the idiots that bitch about how the virus is hurting them more than it's helping the "revolution." You've got the other idiots that are praising the virus because it takes down the SCO website (So?) You've still got more idiots that praise the "revolution" but hate SCO but hate the virus even though it takes down the SCO website (again... So?) To summarize... This little Linux revolution.. Hmm.. let me put this in terms some of you might understand... This little Linux revolution is just one line of coding. There's a lot more to life than just sitting around feeling like a freedom fighter, because you're more comfortable using an operating system that is not dominant. Hate to break this to all of you... Shutting down the SCO website isn't very impressive, still less, it does almost nothing. This "revolution" has got to be the most pathetic attempt at feeling better about oneself... that I have ever seen. Better luck next time...