Slashdot Mirror
MyDoom Windows Worm DDoSing SCO
We mentioned the myDoom Worm just a few hours ago, but more information is available now, mainly that its ultimate goal is apparently to DDoS SCO. You can see some more detail at NetCraft. Obviously SCO has a lot of enemies out there right now, but it's always sad to watch someone stoop to this level.
Given their history of underhanded dealings this wouldn't surprise me one bit. This attack only helps SCO. They get sympathy. What do the worm writers get?
Nothing.
Is this truly the only Earth I can live on?
Within a week, Darl will be equating Linux developers with virus writers - "both are called hackers and both hate me" he'll say and some 'respectable' journalists will report it as true.
1000s Warcraft Gold while you sleep
FFS, if you know that a worm forges the sender address, DON'T send bounces to that address. Worms are relatively easy to filter, but the crap from the virus-scanners comes in seemingly endless variations. Some even have the nerve to advertise their anti-virus solution, followed by a copy of the worm-mail, binary attachment included. Yeah right, moron, you just sent a copy of the worm to me and you expect me to buy your anti-virus product???
I hate SCO as much as the next guy, but doing a DoS attack on them is not the answer. Sure, they are a bunch of low-life scumbags that want to lock up everything, and have a chunk of the profit, but doing massively illegal acts like this make the whole OSS and free software communities look like a bunch of script kiddies. This makes it very hard for us to take the moral high-ground here when it looks like we are doing this crap.
Mewyn Dy'ner
I asked that myself.
Could be some PCs with badly set clocks. Well, you know those windows users, they don't set their system clocks, have 00:00 blinking on their VCRs, use outlook and click on every fscking single attachements that made it into their mailbox.
SCO's Information Ministry can just point to this and claim more evil Linux users are trying to destroy the software business, etc.
We're right, and we know it. No self-respecting geek would stoop to participating in a DDOS in general, not to mention one against someone/something we consider to be morally bankrupt. We know that we can only claim the moral high road only if we actually stick to the high road... right?
It would be really interesting to find out if it's just some kids behind it, who aren't aware of the difference between right and wrong, or whether it's an entity who has a vested interest in making us look bad...
Get off my launchpad!
No worm is a good worm, even if it does happen to also attack the (other) company we all love to hate.
Preach on, brother. I wish some sysadmins would get a clue and realize that with viruses spoofing the From: address, there is no fscking point in sending the "you sent me a virus" panic mail. All it does is bother the wrong people.
You can only drink 30 or 40 glasses of beer a day, no matter how rich you are.
-- Colonel Adolphus Busch
MyDoom Windows Worm DDoSing SCO
But it's not DDOSing now. The attack is set to begin February 1st and end on the 12th.
The virus affects computers running Windows versions 95, 98, ME, NT, 2000 and XP.... The virus also copies itself to the Kazaa download directory on PCs, on which the file-sharing program is loaded.
I'm thinking, wow, whoever wrote this covered all the bases. He/She even got the Kazaa people.
Anyway, why don't ISPs, just for the time being, ban connections to SCO.com? It's not like it's a huge Internet portal or anything, and us geeks who actually need access to the site can just set up a mirror or something.
No, it makes the hacker community, which the with the marketing power of SCO and Microsoft may as well be synonomous with the OSS or FS communities, look bad. From the layman's perspective viruses aren't the fault of Windows - they are glad Microsoft is around to release patches to fix what the hackers broke.
2. The DDoS attack goes after every Linux lover's most hated target, SCO.
Yeah, it does and more than a few people are at least smiling to themselves here that SCO is finally getting punished in some way when they've been doling out the threats, extortion policies, etc for so long seemingly unchallenged. But it's still the wrong way to do it and the right way will come.
Patience is a virtue. Viruses are more likely to hurt the Linux community than Microsoft. Even in terms of monetary losses, this virus has just pushed my companies bandwidth usage over the monthly maximum - it's gonna cost me and I wouldn't touch a Windows machine with a 10 foot pole.
-N
I've nothing to say here...
They deserve to have their claims refuted in a court of law, and hopefully they will have to pay damages, court costs, and issue full and public apologies, before going bankrupt. If it can be proved that they deliberately lied in these claims, they also deserve criminal charges brought against them.
Vigilanteeism, however, is just malice operating under false pretenses.
Welcome to my foes list.
Get off my launchpad!
There is really no point to write a worm to attack SCO. It simply makes the OSS community as a whole look bad, because the only time you will ever hear the name SCO mentioned in IT, besides "isn't that dead", is about the Linux issue. This only makes us as a whole look like bad. If we wanted to send a clear message to SCO, something like a web site "sit in" would be better. Imagine, every slashdot ueser on a web site holding down F5 to show SCO that there is alot of us that think they should just give up. How long do you guys think they would stay up?
You only live once, so you might as well have fun before you die.
I use linux myself, and I don't mind saying: This doesn't make MS look bad. It doesn't exploit a whole.
It exploits stupid users who click attachments. This can be prevented by the User-Stupidity-And-Knowledge-Enhancment Patch, V2.0.
1. The virus makes M$ operating systems look bad.
Actually it's a mass mailer, so all it's doing is making user's look retarded. Again.
2. The DDoS attack goes after every Linux lover's most hated target, SCO.
Well yes, it does. But it ain't going to help our cause at all, is it?
Having said that, I'm going to get me some popcorn and settle down in front of Netcraft >: )
"If being a geek means being passionate about something, then I pity those who aren't geeks." - Pike65
The majority of Linux installations are as servers. No one can equate Linux with virus-writers, without risking their credibility.
In fact the case could be made that virus-writers are expert Winduhs developers...
Campaign finance reform is national security.
Not just a proxy, a backdoor.
Info here.
It would seem that the real goal is to show how many people are stupid enough to still click on attachments when they have no idea what the fuck they are.
I'd recommend that we on the side of Free Software study the anti-abortion tactics with dealing with such incidents. The first, and most obvious step, is one that was taken last time: immediate and honest sounding disavowel of the actions of the DOSer. Its going to get old for RMS, ESR, Linus, Perens, etc continuously getting out and saying the same thing ("We don't support this, its wrong. We're still right, but the virus writers aren't with us, etc, etc, etc"), but it needs to happen.
I honestly don't know what the other successfull tactics are. I need to study how the respectable majority in the anti-abortion movement deals with its nutbags. Can anyone think of other movements with similar problems that we should look into?
"Mission Accomplished" -- George W. Bush May 1, 2003
I think that this is a great opportunity for members of the OSS comunity to "put their money where their mouth is" so to say...
I propose that the we work on a patch for this worm and get it out there ASAP, that way only tin foil hat wearing goofballs will believe we are behind this...
"I'll have a Guinness, no wait, make that a Coors Light" -Grad student I work with, who shall remain anonymous...
Or someone who doesn't give a damn about SCO, and merely wants to distract attention away from their real goal of turning millions of end-user PCs into zombies to do their future bidding.
Hmmm... who would be interested in that <cough> spammers <cough> and has an established history of it?
PJRC: Electronic Projects, 8051 Microcontroller Tools
I see we meet again...
How do they "deserve" this, exactly? This is a mass-mailing worm propogating through unprotected (as in, the people aren't updating their defs and opening the attachments) machines and opening backdoors that could easily be used later as spam relays.
On top of that, how many machines are going to simulatneously rear to life on the 1st and begin transmitting data requests back and forth between www.sco.com and all the different boxes? What effect will that have on the rest of us? While we're talking about the rest of us, I keep getting e-mail bounces thanks to these goddamn morons that have my e-mail address and keep getting themselves infected. And, no, I can't just not give them my address.
Finally, IBM is perfectly capable of handling SCO. I'd like to recognize you for your gullibility, since you've falling to the SCO Threat-o-matic. In case you haven't figured it out yet, SCO has not, can not, and will not make any credible threats against Linux in general and they haven't followed through on any of the other gum-flapping to date. With a few scatterbrained exceptions, nobody is really taking them seriously anyway. Let IBM deal with IBM's problems and drop your smug facade. The only reason you're so pissed off at SCO is because you don't know what's going on, but you like to sound "cool" by bashing them like a lot of the other Slashdotters here. That's fine, nothing wrong with bashing them, but at least try to stay grounded in reality where the thing is pretty contained to a few clueless media outlets, IBM, SCO, Red Hat, and Novell.
God... do you have an MBA or are you otherwise in management by any chance? I ask, because every time we've ever crossed swords, I've gotten the distinct impression that you're living in your own little world and reality just never comes into your decision-making processes.
Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
So far, since this worm started yesterday afternoon, I have received over a thousand worm emails and erroneous bounce messages (from mail servers who think that just because my address is on the mail that means I sent it).
And I don't even use any Microsoft products.
When is somebody going to file a class-action lawsuit against Microsoft for continuing to fail to address the security holes in Windows? I mean, it's been thirteen years since Michelangelo, and still all it takes for a virus to rape Windows is for a user to double-click on an email attachment.
I'm speaking of all of you who are saying SCO deserves it (and only those people). Do I deserve to deal with this virus BS? I have enough trouble dealing with the spam at my company, now I have to deal with this too. Viruses suck, period. Especially this one, which is forging random "from" addresses. It seems to be using #randomfirstname#@domain.extention - so now on top of the dozen or so viruses an hour I'm getting, I'm also getting bounces that I can't filter because the "to" is random. Don't bother telling me to filter out executables, I already do that. As a matter of policy, I'm the one that checks the filtered "junk" to make sure there were no false positives. It's usually about 500 a day, 1200 over the weekend. Also don't bother telling me to bounce undefined addresses. Not an option. Considering how early in the game it is for this virus, the dozen or more an hour I'm getting will probably turn into a lot more. Whoever put this out there is doing far more damage to innocent bystanders than they can ever hope to do to SCO. SCO will hang themselves eventually - the author(s) of this virus is worse than anyone at SCO.
I do agree with those who are suspicious of the motives - I think the SCO attack is just a front to increase the spread. Some morons will undoubtedly put intentionally infected machines out there, which will be more effective as Spammer relays than as drones to attack SCO. Anyone intentionally letting a machine become infected should have the book thrown at them. It amazes me how stupid very intelligent people can be sometimes.
666-607: 6th floor apartment of the beast
Without probe of who it was that can be construed as libel, or whatever it is called in the US.
If SCO is attacked they should pursue this with the appropriate authorities. I hope the perpetrator is caught, brought to justice and fairly punished.
The OSS community should be completely unambigous about this matter, illegal means have never been supported or encouraged in order to promote the aims of OSS, not only because it is immoral but also completely unnecessary and childish.
I am appalled that the response of many around here is "SCO deserves it". No dear slashbots, nobody deserves that their resources are abussed in this manner, not even SCO. I am behind them in any action they wish to pursue against the perpetrators, but equally I hope (perhaps in vain) that they will not do false claims without the knowledge of whom and why did this.
I am also peeved that people here are not unambigious about the condemnation of this DOS attack. This is not only illegal and immoral but also counter productive and it would be nice to see complete and unambigous condemnation of these tactics.
Do you want to show OSS tactics and aims are reasonable and beneficial? A wonderfule way would be for true hackers organizing themselves and try to identify, shame and denounce the perpetrators of this (or any other) charade.
Only because people have remained silent and unwilling to help the Internet, bit by bit, little by litte, is being taken away from us, but alas, we have not protected it as it deserves.
IANAL but write like a drunk one.
says the teen running two linux boxes from his bedroom. here's a wakeup call asshole, if you're running linux or windows in a *large* environment, it won't matter which you're using, you *will* get calls, and plenty of them.
Despite the fact that it can spread via Kazaa, there's no indication that 'pirates' are responsible for the creation of this variant. If anything, the reverse would be true.
In addition, what does SCO being the target of this have to do with 'pirates'? Are you referring to pirates in the classic sense, or in the misused 'copyright infringing' sense?
I don't know why your comment is considered interesting by the moderators, as your reasoning is poor at best. At least your post title has some merit: The fact that you got modded up makes this a sad day indeed.
Can anyone think of other movements with similar problems that we should look into?
The Palestinians, maybe? They're not all suicide bombers, but some people don't seem to make the distinction. The lesson there seems to be to stay the hell away from morally questionable leaders (like Arafat), because your whole community will be tarred with the same brush.
Now this is something that SPF could actually help with: when the virus sends a message with a spoofed from (and HELO, based on what I'm seeing) address, the mail server will read the SPF TXT record, figure out that that address is NOT allowed to send messages for that domain, and nuke the message. Even without anti-virus software.
All that said, I'm feeling really lucky to have installed amavis-new/clamav last night. I didn't even know this was coming, and it's caught about 200 messages already this morning.
Any attempt to involve yourselves in this will be viewed as complicit behavior. Do not get this mess associated with Open Source developers in any way, shape, or form. The culture and purpose of worm authors and OSS developers are completely orthogonal and must remain so.
SCO has enough enemies to worry about, and they can point fingers all they want. They do not deserve an olive branch, they did not ask for one -- do not take the bait and proactively offer one. You will lose fingers.
-Hope
That is like, the silliest thing I have ever heard. If you are not trolling, then I pity your utter lack of thought on the matter.
The international date line isn't some magical gateway that adds or subtracts from your date. It doesn't work like that.
Ok, start in Japan on noon at February 1st. Head towards the international dateline. Assume you move at infinite speed, so when you get there it's only the timezone difference, which IIRC is +3 hours from japan, but it's irrelevant whether that 's right or not. So it's Feb 1, 3:00pm on the western side of the dateline. Cross the international dateline, and now it's Jan 31, 4:00pm. Go all the way around half the world now to the prime meridian. The time increases by 12 hours, making it Feb 1 again! At 4:00am. Now go around the world at infinite speed until you get to the international dateline. Cross over it again. It's Jan 31 at 4:00pm again. Continue ad nauseum if you like. It will continue to be either Feb 1 or Jan 31.
No matter how fast you go, no matter how many times you cross the international dateline, it will not 'wind up' or 'wind down' the date to arbitrary values. Indeed, it exists to prevent exactly that very thing from happening. If the date never changed at the international dateline, then you could continue going around the world in an easterly fashion, and just keep adding +24 hours to the time/date for every time you went around the earth.
All of this is ignoring the fact that emails MUST include the timezone and offset on every date, so they are able to handle this sort of thing by themselves.
Random and weird software I've written.
SCO has been steadily losing credibility since their first accusations. For OSS developers to initiate a DDOS on SCO would be seen as a strike below the belt, and a completely unnecessary one as well.
This is one of the reasons that I don't believe it was created by anyone in the OSS community. The general concensus has been to wait for IBM to knock SCO clear out of the ring in just under two weeks. A DDOS at this time would be completely unexpected and anticlimactic. It's more likely a private joke in the distributed spam world, and locating and bringing those idiots to justice would be time well spent.
-HopeOS
I would have asked him whether he did the same thing on September 11th. There's nothing amusing about being an ignorant asshole.
Because if people say "Free Software" and the general public thinks "Virus writers" we're definately worse off. So far our "leaders" (if such a term can be used with regards to people like us) have done a pretty good job of condemning the nutbags on our side, even admitting that they are (theoretically at least) on our side. Is that all the Palestinians can teach us here? Condemn the bad guys quickly and unambigiously?
.
FOOTNOTE: To try and avoid derails: I'm not saying that its right for the general public to think "Suicide Bomber" when they hear the word Palestinian, I'm just saying that they do. The ethics and rightness of the Palestinian movement isn't the topic I'm trying to raise, the fact that its an enormous PR failure is.
"Mission Accomplished" -- George W. Bush May 1, 2003
And you can go back and look at the discussions with many people who all played the tune of "fuck Microsoft". Being a spelling Nazi doesn't prove your point; neither does crying strawman when the case is not warranted. Too many people on /. complain when anything hurts their precious Linux or any OSS project (even if the OSS project [or Linux] violates international laws), but if something harms the company-we-love-to-hate their backs are turned and then the snickering begins.