Slashdot Mirror

← Back to Stories (view on slashdot.org)

MyDoom Windows Worm DDoSing SCO

Posted by ryuzaki0 on from the now-thats-just-not-cool dept.

We mentioned the myDoom Worm just a few hours ago, but more information is available now, mainly that its ultimate goal is apparently to DDoS SCO. You can see some more detail at NetCraft. Obviously SCO has a lot of enemies out there right now, but it's always sad to watch someone stoop to this level.

5 of 694 comments (clear)

  1. Funny, I think: by cockroach2 · · Score: 5, Informative

    On the bottom of the netcraft report you can see an OS history of www.sco.com - apparently they switched from SCO UNIX to Linux in August 2002...

  2. DDoS by savagedome · · Score: 4, Informative

    Note that the DDoS attack is timed to be performed between 1st and 12th Feb, 2004.

    --


    Free XBox, PS2
  3. Re:Transmission require OE? by codepunk · · Score: 4, Informative

    Yes it does use outlook (the typhoid mary of the internet) to spread itself. I suggest you stick with windows as being a Linux administrator is a very lonely job. It is very much like being a Maytag repairman, nobody ever calls.

    --


    Got Code?
  4. Get your facts straight... by JRHelgeson · · Score: 4, Informative
    The DDoS against SCO.com doesn't start until the infected machine is rebooted any time after February 1, 2004 at 00:00:01 and will continue until the machine is rebooted after February 12, 2004. At that point in time, the DDoS will stop and the infected host will keep its back door open - listening on ports 3127 to 3198 TCP (It only listens on one port, but if 3127 isn't available it'll listen on the next port on up the chain). Presumably, after 12 Feb, the infected machine will be used as a spam relay as the virus obviously has Message Transfer capabilities encoded within it.

    The graphs that are linked to in the /. story simply illustrate that SCO's shxt keeps on crashing - which is not really suprising after Darl had to fire the network admin to feed his Lawyer habit.

    --
    Good security is based upon reality and common sense. Common sense is a function of having common knowledge.
  5. Meanwhile, for Postfix admins... by sunset · · Score: 4, Informative

    I just created and installed a Postfix remedy for this recent deluge, and thought I'd pass it on.

    In main.cf, insert this:

    body_checks=pcre:/etc/postfix/virus_body_checks

    Create a file virus_body_checks containing this:

    /^TVqQAAMAAAAEAAAA\/\/8AALg/ REJECT Microsoft executable attachments are not allowed here.
    /^UEsDBAoAAAAAA...OzDKJx\+eAFgAAABYAA/ REJECT Attached zip file appears to contain a virus.

    If anyone has an improved solution, let me know, but this seems to work.