Slashdot Mirror
MyDoom Windows Worm DDoSing SCO
We mentioned the myDoom Worm just a few hours ago, but more information is available now, mainly that its ultimate goal is apparently to DDoS SCO. You can see some more detail at NetCraft. Obviously SCO has a lot of enemies out there right now, but it's always sad to watch someone stoop to this level.
Given their history of underhanded dealings this wouldn't surprise me one bit. This attack only helps SCO. They get sympathy. What do the worm writers get?
Nothing.
Is this truly the only Earth I can live on?
Maybe theyll change their domain name like M$ did to bastards.sco.com instead of sco.com/bastards
This may not be the most appropriate way to attack SCO, but after all the FUD they have released and the actions they have taken it puts a smile on my face to see something like this come about. I hope their server gets toasted. Bring on the worms!
those people who think they know everything are a great annoyance to those of us who do. -isaac asimov
SCO ought to start getting hit hard today as office workers and the like start checking their email today starting around 9 Eastern, and running the virus. It'll be interesting to see what SCO's reaction will be. Almost like the calm before the storm ;-)
Lol
Seriously, its is a shame, it will only fuel Darl's paranoia.
*--BigMan--- Time flies like an arrow.. but personally I prefer a nice glass of wine!
I thought the worm was set to start the DDOS on February 1. So why is SCO showing a DDOS right now?
Was the February 1 thing made up? I've not yet received the virus in my email so I can't check the code for myself.
Or (I consider this more plausible) has SCO taken their own site down with the intention of blaming the "Linux terrorists", but they stupidly took it down 3 days too early.
Seems like this is Linux's ultimate weapon of mass destruction because:
1. The virus makes M$ operating systems look bad.
2. The DDoS attack goes after every Linux lover's most hated target, SCO.
But I do feel sorry for the people forced to used Windows by PHBs or who are novice users that don't know better than to run e-mailed executables.
Two wrongs don't make a right, but three lefts do.
Within a week, Darl will be equating Linux developers with virus writers - "both are called hackers and both hate me" he'll say and some 'respectable' journalists will report it as true.
1000s Warcraft Gold while you sleep
Better yet, go here and keep clicking refresh - maybe you'll be the first to see the DDoS taking place!
Life is the leading cause of death in America.
s/is/eir
Flourescent (adj): smelling like ground wheat.
FFS, if you know that a worm forges the sender address, DON'T send bounces to that address. Worms are relatively easy to filter, but the crap from the virus-scanners comes in seemingly endless variations. Some even have the nerve to advertise their anti-virus solution, followed by a copy of the worm-mail, binary attachment included. Yeah right, moron, you just sent a copy of the worm to me and you expect me to buy your anti-virus product???
It's too early to call this one. Relax and pass the popcorn.
One line blog. I hear that they're called Twitters now.
is actually, nice to have SCO.com messsed around. just because they will be forced to use LINUX/APACHE to survive the attack... i guess SCO stock will fall, again just because will be needing to hire akamai server just like microsoft did. linux to save their enemies. ironic
Putting a windows cd backwards, plays evil messages, but it gets worse, putting it right, installs windows.
...millions of people checking sco.com to see if it's still up? or...
...computers with clocks that aren't set correctly? or...
...the virus analysts misinterpreting the taskmon.exe when they decompiled it?
This is very similar to the SETI@Home project. I'd like to try it out and run it for a while. How and where do I sign up?
Maybe this is all just a big conspiricy by SCO to make the open-source community seem like a bunch of immature wotsits? I mean, think of all the positive sco publicity they could milk out of this, not to mention maybe using it in the courts? Trying to associate the open-source community with the scum that writes virus' and worms etc.
.
I'll put my tin-foil hat on now I think.
Chris
the DOS isn't supposed to start until Feb 1. Maybe this is related to some sort of network "hardening" in preparation. More info
This is going to be a serious blow to the moral credibility of the OSS community, not just Linux users.
We seriously need some sort of petition stating we do not support Linux or OSS, but not underhanded tactes like DDOSing and viruses.
tasks(723) drafts(105) languages(484) examples(29106)
I hate SCO as much as the next guy, but doing a DoS attack on them is not the answer. Sure, they are a bunch of low-life scumbags that want to lock up everything, and have a chunk of the profit, but doing massively illegal acts like this make the whole OSS and free software communities look like a bunch of script kiddies. This makes it very hard for us to take the moral high-ground here when it looks like we are doing this crap.
Mewyn Dy'ner
Seems like it's about time SCO came up with a new business model. Here's my suggestion:
FROM: Mr. Darl McBride
Santa Cruz Organisation
Lindon, Utah
Dear Sir:
I have been requested by the Santa Cruz Organisation to contact you for assistance in resolving a matter. The Santa Cruz Organisation has recently concluded a large number of dubious security trades. These pump-and-dump operations have immediately produced moneys equalling US$75,000,000. The Santa Cruz Organisation is desirous of setting up business in other parts of the world, however, because of certain regulations of the U.S. Government, it is unable to move these funds to another region.
Your assistance is requested as a non-U.S. citizen to assist the Santa Cruz Organisation in moving these funds out of the U.S. If the funds can be transferred to your name, in your Swedish account, then you can forward the funds as directed by the Santa Cruz Organisation. In exchange for your accomodating services, the Santa Cruz Organisation would agree to allow you to retain 10%, or US$7.5 million of this amount.
However, to be a legitimate transferee of these moneys according to U.S. law, you must hold at least one license for Santa Cruz Organisation Intellectual Property, which are available at a cost of US$699.
If it will be possible for you to assist us, we would be most grateful. We suggest that you meet with us in person in Lindon, and that during your visit I introduce you to the representatives of the Santa Cruz Organisation.
Please call me at your earliest convenience. Time is of the essence in this matter; very quickly the U.S. Government will realize that the Federal Reserve is maintaining this amount on deposit, and attempt to levy certain depository taxes on it.
Yours truly, etc.
Darl McBride
These sigs are more interesting tha
On the bottom of the netcraft report you can see an OS history of www.sco.com - apparently they switched from SCO UNIX to Linux in August 2002...
SCO's Information Ministry can just point to this and claim more evil Linux users are trying to destroy the software business, etc.
We're right, and we know it. No self-respecting geek would stoop to participating in a DDOS in general, not to mention one against someone/something we consider to be morally bankrupt. We know that we can only claim the moral high road only if we actually stick to the high road... right?
It would be really interesting to find out if it's just some kids behind it, who aren't aware of the difference between right and wrong, or whether it's an entity who has a vested interest in making us look bad...
Get off my launchpad!
No worm is a good worm, even if it does happen to also attack the (other) company we all love to hate.
Now, with a proper sed'ing
Trolling using another account since 2005.
I'd like to know how worried I should be about Windows machines with Thunderbird installed.
This may be the last straw. I've been thinking about moving all 3-4 of my work machines (p200) to Beos with Fire/Thunderbird and Gobe Productive - I'm tired of the viruses, and I'm tired of maintaining Windows.
This virus was probably written by some dingbat who KNOWS what kind of harm it will cause to the Free Software community.
:)
Yeah, I know it's far fetched, and probably untrue, but some people need to grow up and realize that the only useful weapons against SCO are FACTS.
Either that or a big budget with which to purchase them... but their IP is so worthless, who would buy them?
That's pretty funny: If SCO claims this virus contain portions of their code -- they could sue the pants off everyone who has the virus on their machines. Imagine milions and millions of people who have illegally obtained their property on to their machines... They could make riches off of this!
What's so bad about being lazy? What if there was a war and nobody showed up?
I think the real purpose of this worm is to enable spammers to work more comfortably and safely. The attack at SCO conveniently distracts attention from this, and on to the spam-hating linux community.
xkcd is not in the sudoers file. This incident will be reported.
The people who read these AV stories do not represent the "average" user who is more inclined to fall for the worm's social engineering. Nor would they be opening the "63 connections per second" to sco.com being touted by the AV vendors for that matter. I suspect that blip is going to pale into insignificance compared to the amount of traffic they are going to get come February. It's a fair bet that SCO will be denouncing the "Linux hackers" as being the culprits in numerous press releases as well, they may be right on that, they may not, but it's sure as hell going to get them a lot of sympathy.
This isn't going to help OSS's case at all, and the only saving grace is the February 12th cut off. Then again, I've yet to see anything about what happens to the port the worm listens on come the deactivation date, or what instructions that port might accept.
UNIX? They're not even circumcised! Savages!
The hammering of SCO doesn't start until Feb 1 though. Supposed to be Feb 1-12.
I received three of these yesterday, and it's been ages since I received anything with a virus. Must be massive.
Campaign finance reform is national security.
MyDoom Windows Worm DDoSing SCO
But it's not DDOSing now. The attack is set to begin February 1st and end on the 12th.
The virus affects computers running Windows versions 95, 98, ME, NT, 2000 and XP.... The virus also copies itself to the Kazaa download directory on PCs, on which the file-sharing program is loaded.
I'm thinking, wow, whoever wrote this covered all the bases. He/She even got the Kazaa people.
Anyway, why don't ISPs, just for the time being, ban connections to SCO.com? It's not like it's a huge Internet portal or anything, and us geeks who actually need access to the site can just set up a mirror or something.
Note that the DDoS attack is timed to be performed between 1st and 12th Feb, 2004.
Free XBox, PS2
Or (I consider this more plausible) has SCO taken their own site down with the intention of blaming the "Linux terrorists", but they stupidly took it down 3 days too early.
Not that I don't think your idea is a serious possibility, but SCO is probably being slashdotted by all the people who want to see if it is down.
Tinfoil Hat idea #3: Since this is being spread by Kazaa, perhaps the RIAA is trying to scare file traders off of the Kazaa networks but ensure the virus is blamed on someone else. SCO haters are a dime a dozen.
Enough for now, I've got to finished rereading Catcher in the Rye.
Please tell me I'm missing a whole load; most of the strings found in the binary are readable after de-UPX-ing, then ROT13ing. About half are ROT13d, half aren't.
Ah well, I'm probably totally wrong, but it just sounds odd.
They deserve to have their claims refuted in a court of law, and hopefully they will have to pay damages, court costs, and issue full and public apologies, before going bankrupt. If it can be proved that they deliberately lied in these claims, they also deserve criminal charges brought against them.
Vigilanteeism, however, is just malice operating under false pretenses.
Welcome to my foes list.
Get off my launchpad!
Obviously SCO has a lot of enemies out there right now, but it's always sad to watch someone stoop to this level.
Quick, disable your AV software, and get some Windows boxes on the internet!
You know, this reminds me of one time when an apartment building in our neighborhood was burning. Sure, you felt sorry to see it burn, and you felt sorry to see the people who lived there get hurt, but man, it's really fun to watch a building burn!
Really, there was one guy in the group who came out in a lawn chair with a six pack and watched it all happen. Raised his beer with a "Hell yea!" when the wooden frame structure collapsed.
There is really no point to write a worm to attack SCO. It simply makes the OSS community as a whole look bad, because the only time you will ever hear the name SCO mentioned in IT, besides "isn't that dead", is about the Linux issue. This only makes us as a whole look like bad. If we wanted to send a clear message to SCO, something like a web site "sit in" would be better. Imagine, every slashdot ueser on a web site holding down F5 to show SCO that there is alot of us that think they should just give up. How long do you guys think they would stay up?
You only live once, so you might as well have fun before you die.
So their hipocracy has repeatedly been pointed out in their claims of the GPL being an illegal economy killer while they use Samba3. But I'd never noticed it being pointed out that they're using Apache (not GPL, granted, but still an open source license nonetheless) for their web server, and as recently as December 12 (according to the Netcraft link in the story) have been running it on Linux. I know I shouldn't be surprised, but c'mon ...
Anyone antisocial and misdirected enough to spend effort writing software that does damage cannot have enough of a sense of wrong and right to give a damn about the SCO case.
This is someone who just wants to feel important and who thinks that by DDoS'ing SCO everyone will call him a hero.
Well, you stupid ignorant bastard, if you're reading this, and you probably are since you expect that the Slashdot hordes will applaud your bravery in damaging thousands of people's computers, NO ONE ADMIRES YOU. We spit on you, you're the bastard offspring of a lemming and a hamster and your mother had a beard!
With enemies like this SCO hardly needs friends. Anyone who wants to see SCO suffer for the wrongs they have done should unequivocally condemn such acts of terrorism. SCO will be broken by the weight of justice and right, not by mindless thugware.
Ceci n'est pas une signature
The majority of Linux installations are as servers. No one can equate Linux with virus-writers, without risking their credibility.
In fact the case could be made that virus-writers are expert Winduhs developers...
Campaign finance reform is national security.
ripped straight from www.sophos.com:
W32/MyDoom-A also drops a file named shimgapi.dll, which is a backdoor program loaded by the worm. The backdoor allows outsiders to connect to TCP port 3127 on your computer.
Don't you find suspicious that virii always try to DDoS websites like sco.com, whitehouse.gov or microsoft.com ?
If you want to write a virus that will survive, won't you target antivirus company, like symantec.com, mcafee.com or pandasoftware.com ?
Great News!!
I witnessed it on the first visit!
Really though, I wanted to see if they might have added a news piece on their site regarding what was already known to be a pending attack.
I mean..they had to know right? Surely someone warned them, or does really -no one- like them. I think that's pretty likely.
And being that McBride is pushing on with the lawsuits, I would say it's safe to say that he doesn't bother reading the news...
the s/foo/bar command will replace all instances of "foo" with "bar". In this example, it changes "this" to "their".
Whoever stated that signature sizes should be limited to one hundred and twenty characters can just go ahead and kiss my
s/is/eir
It is a regex statement. Essentially, the string typically instructs a language interpreter (PERL, for instance) to search for a pattern and subsequently replace it.
In this case, it is replacing any instances of "is" with "eir"; thus, the following alteration is committed:
Before: but it's always sad to watch someone stoop to this level
After: but it's always sad to watch someone stoop to their level
Do you like German cars?
Obviously SCO has a lot of enemies out there right now, but it's always sad to watch someone stoop to this level.
Yes, it makes me very sad. Can someone hand me a hanky? I think I need some alone time to cry about this.
The funny thing is that the virus isn't even supposed to start the DDoS until February 1st... STOP CLICKING HERE PEOPLE!
Life is the leading cause of death in America.
Is this ethical? No.
Do the deserve it? Yes.
Have they been asking for it? Absolutely.
SCO aren't only the bully, they are the bully who has the rules on his side. "The system" is pretty guilty of aiding and supporting their dirty tricks. So it was only a matter of time until someone stepped outside the rules to get even.
Actually, I'm surprised it's just a small DDoS. I'd have more expected that their LAN gets wasted.
Assorted stuff I do sometimes: Lemuria.org
"if you have to become evil to fight evil, why are you fighting it?"
As much as I think that the SCO leeches are slimy forked tongue greedy selfish two-faced hypocrit lying b@stards, I have to say that those folks who are purposefully attacking them are only helping their cause and hurting the perception of the open source community.
Let them kill themselves. The industry is aligned against them, and you can bet they will castrate them before its over.
Is the juice worth the sqeeze?
I never even knew that SCO owned any ships, never mind that one of them had been boarded and plundered by pirates.
Better yet can someone send me the virus in a handy network install so I can role it out onto our corp nets?
Server Error
The following error occurred:
[code=SERVER_RESPONSE_RESET] The server response could not be read because of an error. Contact your system administrator.
Please contact the administrator.
Woo-hoo ! I DoSed the SCO server with only one finger !
In Soviet Russia, our new overlords are belong to all your base.
Well, at least SOME type of Doom has been released... (even if it's not D3)
Rock!
Now, I recall, the other day Bill Gates wowed to kill spam and worms, and now this? Looks like he has his work cut out for him there....
This has gotta be the Nth time I've seen reports that a worm has put an executable file into an area of the system that really should have been off-limits to anything not really needing to go there. So what does an E-mail program have to do of meaningful work in the OS code directories? Beats me...
I can offer a hint to Mr. Gates: Rework Windows so that it not only does not require Administrator rights to operate normally, but actually disallows certain operations when being Administrator as well. Such as running browser or e-mail programs.
Make sure no ordinary users can run processes that can write anything at all into the areas not set aside for that user, and the common temporary files area. I suspect there has to be some redesign, but I cannot see how this nonsense can be stopped otherwise.
SIGBUS @ NO-07.308
Expect more associations between digital terrorism and Linux (as a catch-all media term for "free software"). The greatest threats to any revolution are:
I strongly suggest people become more familiar with how government and industry have undermined and perverted various revolutions. Start with COINTELPRO, an FBI campaign of the 1960s and 70s. And then read a bit of the history of the Homestead strike.
From undermining the right to vote (via electronic "voting") to lying about WMDs in Iraq -- do you honestly think such people will ignore the threat posed by free software to the lucrative commercial software industry? SCO's assault on free software may only be the tip of an iceberg...
All about me
I think that this is a great opportunity for members of the OSS comunity to "put their money where their mouth is" so to say...
I propose that the we work on a patch for this worm and get it out there ASAP, that way only tin foil hat wearing goofballs will believe we are behind this...
"I'll have a Guinness, no wait, make that a Coors Light" -Grad student I work with, who shall remain anonymous...
Is there anywhere I can go to get this virus?
I see we meet again...
How do they "deserve" this, exactly? This is a mass-mailing worm propogating through unprotected (as in, the people aren't updating their defs and opening the attachments) machines and opening backdoors that could easily be used later as spam relays.
On top of that, how many machines are going to simulatneously rear to life on the 1st and begin transmitting data requests back and forth between www.sco.com and all the different boxes? What effect will that have on the rest of us? While we're talking about the rest of us, I keep getting e-mail bounces thanks to these goddamn morons that have my e-mail address and keep getting themselves infected. And, no, I can't just not give them my address.
Finally, IBM is perfectly capable of handling SCO. I'd like to recognize you for your gullibility, since you've falling to the SCO Threat-o-matic. In case you haven't figured it out yet, SCO has not, can not, and will not make any credible threats against Linux in general and they haven't followed through on any of the other gum-flapping to date. With a few scatterbrained exceptions, nobody is really taking them seriously anyway. Let IBM deal with IBM's problems and drop your smug facade. The only reason you're so pissed off at SCO is because you don't know what's going on, but you like to sound "cool" by bashing them like a lot of the other Slashdotters here. That's fine, nothing wrong with bashing them, but at least try to stay grounded in reality where the thing is pretty contained to a few clueless media outlets, IBM, SCO, Red Hat, and Novell.
God... do you have an MBA or are you otherwise in management by any chance? I ask, because every time we've ever crossed swords, I've gotten the distinct impression that you're living in your own little world and reality just never comes into your decision-making processes.
Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
So far, since this worm started yesterday afternoon, I have received over a thousand worm emails and erroneous bounce messages (from mail servers who think that just because my address is on the mail that means I sent it).
And I don't even use any Microsoft products.
When is somebody going to file a class-action lawsuit against Microsoft for continuing to fail to address the security holes in Windows? I mean, it's been thirteen years since Michelangelo, and still all it takes for a virus to rape Windows is for a user to double-click on an email attachment.
I'm speaking of all of you who are saying SCO deserves it (and only those people). Do I deserve to deal with this virus BS? I have enough trouble dealing with the spam at my company, now I have to deal with this too. Viruses suck, period. Especially this one, which is forging random "from" addresses. It seems to be using #randomfirstname#@domain.extention - so now on top of the dozen or so viruses an hour I'm getting, I'm also getting bounces that I can't filter because the "to" is random. Don't bother telling me to filter out executables, I already do that. As a matter of policy, I'm the one that checks the filtered "junk" to make sure there were no false positives. It's usually about 500 a day, 1200 over the weekend. Also don't bother telling me to bounce undefined addresses. Not an option. Considering how early in the game it is for this virus, the dozen or more an hour I'm getting will probably turn into a lot more. Whoever put this out there is doing far more damage to innocent bystanders than they can ever hope to do to SCO. SCO will hang themselves eventually - the author(s) of this virus is worse than anyone at SCO.
I do agree with those who are suspicious of the motives - I think the SCO attack is just a front to increase the spread. Some morons will undoubtedly put intentionally infected machines out there, which will be more effective as Spammer relays than as drones to attack SCO. Anyone intentionally letting a machine become infected should have the book thrown at them. It amazes me how stupid very intelligent people can be sometimes.
666-607: 6th floor apartment of the beast
What the hell, lets slashdot them too.
Thief (targeting a pistol): Money, quickly!
Real Human Being (With a disarming smile): Mr Thief, Would you like to visit a court with me in order to resolve our conflict? I just happen to have some megabucks to spend for our litigation!
Without probe of who it was that can be construed as libel, or whatever it is called in the US.
If SCO is attacked they should pursue this with the appropriate authorities. I hope the perpetrator is caught, brought to justice and fairly punished.
The OSS community should be completely unambigous about this matter, illegal means have never been supported or encouraged in order to promote the aims of OSS, not only because it is immoral but also completely unnecessary and childish.
I am appalled that the response of many around here is "SCO deserves it". No dear slashbots, nobody deserves that their resources are abussed in this manner, not even SCO. I am behind them in any action they wish to pursue against the perpetrators, but equally I hope (perhaps in vain) that they will not do false claims without the knowledge of whom and why did this.
I am also peeved that people here are not unambigious about the condemnation of this DOS attack. This is not only illegal and immoral but also counter productive and it would be nice to see complete and unambigous condemnation of these tactics.
Do you want to show OSS tactics and aims are reasonable and beneficial? A wonderfule way would be for true hackers organizing themselves and try to identify, shame and denounce the perpetrators of this (or any other) charade.
Only because people have remained silent and unwilling to help the Internet, bit by bit, little by litte, is being taken away from us, but alas, we have not protected it as it deserves.
IANAL but write like a drunk one.
The graphs that are linked to in the /. story simply illustrate that SCO's shxt keeps on crashing - which is not really suprising after Darl had to fire the network admin to feed his Lawyer habit.
Good security is based upon reality and common sense. Common sense is a function of having common knowledge.
Doing DDoS on SCO just makes people feel sorry for them. They do not deserve that.
Besides SCO doesn't need the internet as they hardly can expect to have any real customers left.
Nowdays their business model is based purely on litegation. To my knowledge lawsuits are delivered by hand, so a DDoS would not disturb their business at all.
God is REAL! Unless explicitly declared INTEGER
[Darl] You see the stock yesterday? Kept going down. And hard. I even heard the analysts are onto our scam.
[Bob] Yup. It's getting just plain impossible to dump this stock anymore. What do we do? We got hammered on that 'dog ate our homework' line on our court filing last week. What do you think David? You guys did a bang up job making it look like Gore won Florida when there was no way a recount would ever show that. Hell, half the country still believes that 'selected, not elected' crap.
[Boies] Well I always say, play offense, not defense. We need to get the public back on our side. Control the spin. You know, make us out to be the victim again. It plays into these schmucks capability for pity.
[Darl] I got it! What if we were being attacked by evil hackers again? (laughs)
[Boies] Bingo. What can your geeks whip up quick, Darl?
[Darl] Well they sure ain't coding operating systems and their time spent looking for code violations in Linux has been a big waste. Maybe we could put them on making some sort of johnson or trojan or something that attacks our Internet connection. Bench, you think that'd help our numbers?
[Bob] Might. What'da say Dave?
[Boies] Hell, it'd be perfect! I'd bet it'd not only turn the PR our way, but I could put that half-assed son of Hatch's to business suing Internet service providers for causing our business damage. And if we totally bomb in court with this asshole judge, we'll just claim the whole company imploded cause of the Internet hacks and sue the pants off of every provider.
[Darl] Love it! Hey, let's call it some prophetic name like SCO doom or our doom like those bozos at the church are always yacking about end of world crap. Should get them riled up too. And hey, it might just be true for SCO! To the bank, buddies!
DDOSing SCO's web site only prevents the general public and groklaw.net from access to their ongoing press releases and Darl's bio -- I mean -- does www.sco.com get traffic for any /other/ reason? People checking for Openserver upgrades and enhancements?? The latest download of Skunkware?? A fresh copy of the $699. Linux Licensing form???
A better DDOS would be a smtp based attack. If you flooded your enemy's MXers it would hurt them more than taking out their web site.
-- Bird in the Bush: The Renewable Energy Blog http://www.birdinthebush.org
I got a copy of this virus before I left for work this morning, saw the mail and thought "ok, I don't know them and it's got an attachment, it's a virus", opened up the zip for a look though and saw the payload.
"Fair enough, a new virus, I gotta go to work."
Flash forward 7 hours to now and I can't *believe* what a great opportunity this virus has afforded me and no doubt countless others reading.
The mailbox it was delivered to was a spamtrap, chances are spamtraps all over the world are being sent the real, legitimate IP addresses of spammers dumb enough to click malicious attachments.
Viruses are bad, DoSing SCO is bad, but god damn, all this time we've been bitching and moaning about viruses when we could have been using them on spamtrap addresses to track down spammers to their *own* internet connection.
Get over it. Yes, SCO is a company that appears to be litigating themselves into profitability, at least until they can manage a stock dump. Yes, they are lobbying Congress with lies about the GPL and the open source movement.
But this doesn't justify a lynch mob. What you are doing is illegal.
If that doesn't convince you, think of the millions of people whose days are inconvenienceda and/or wrecked. Don't you think that their misery far exceeds any temporary hurt you could deal to SCO? It's not like they need to have a whole lot of internet connectivity to litigate their cases. If anything, being DOS'ed helps them make their point.
Think of the big picture. Act responsibly.
There is much pleasure to be gained in useless knowledge.
Now this is something that SPF could actually help with: when the virus sends a message with a spoofed from (and HELO, based on what I'm seeing) address, the mail server will read the SPF TXT record, figure out that that address is NOT allowed to send messages for that domain, and nuke the message. Even without anti-virus software.
All that said, I'm feeling really lucky to have installed amavis-new/clamav last night. I didn't even know this was coming, and it's caught about 200 messages already this morning.
The RIAA did it.
1) Attacks users of Kazaa
2) Attacks evil corporation on top and finally returns RIAA to their hard fought spot!
"We need a fourth law of Robotics: Stop Fingering My Wife"
Hey, that's my birthday!
Aw geez, you guys shouldn't have!
Any attempt to involve yourselves in this will be viewed as complicit behavior. Do not get this mess associated with Open Source developers in any way, shape, or form. The culture and purpose of worm authors and OSS developers are completely orthogonal and must remain so.
SCO has enough enemies to worry about, and they can point fingers all they want. They do not deserve an olive branch, they did not ask for one -- do not take the bait and proactively offer one. You will lose fingers.
-Hope
SCO has been steadily losing credibility since their first accusations. For OSS developers to initiate a DDOS on SCO would be seen as a strike below the belt, and a completely unnecessary one as well.
This is one of the reasons that I don't believe it was created by anyone in the OSS community. The general concensus has been to wait for IBM to knock SCO clear out of the ring in just under two weeks. A DDOS at this time would be completely unexpected and anticlimactic. It's more likely a private joke in the distributed spam world, and locating and bringing those idiots to justice would be time well spent.
-HopeOS
I just created and installed a Postfix remedy for this recent deluge, and thought I'd pass it on.
In main.cf, insert this:
body_checks=pcre:/etc/postfix/virus_body_checks
Create a file virus_body_checks containing this:
/^UEsDBAoAAAAAA...OzDKJx\+eAFgAAABYAA/ REJECT Attached zip file appears to contain a virus.
If anyone has an improved solution, let me know, but this seems to work.
Anyone notice the bottom of the Netcraft report (under OS, Web Server and Hosting History for www.sco.com)?
unknown Apache 27-Jan-2004 216.250.128.12 NFT
Linux Apache 12-Dec-2003 216.250.128.12 NFT
Now we know why they were too busy to respond to the judge's discovery order - they were getting their website converted over to another OS (or hiding that the OS was Linux).
Curiously, the netcraft site shows they tried this for a day earlier in December and presumably had problems with the cutover. The full Netcraft report shows an interesting evolution in webservers:
unknown Apache 27-Jan-2004 216.250.128.12 NFT
Linux Apache 12-Dec-2003 216.250.128.12 NFT
unknown Apache 11-Dec-2003 216.250.128.12 NFT
Linux Apache 3-Sep-2003 216.250.128.12 NFT
Linux Apache 21-Aug-2003 216.250.140.112 NFT
Linux Apache/1.3.14 (Unix) mod_ssl/2.7.1 OpenSSL/0.9.6 PHP/4.3.2-RC 17-Jun-2003 216.250.140.112 NFT
Linux Apache/1.3.14 (Unix) mod_ssl/2.7.1 OpenSSL/0.9.6 PHP/4.0.3pl1 20-Nov-2002 216.250.140.112 NFT
Linux Apache/1.3.14 (Unix) mod_ssl/2.7.1 OpenSSL/0.9.6 PHP/4.0.3pl1 14-Aug-2002 216.250.140.125 NFT
SCO UNIX Netscape-FastTrack/2.01 13-Aug-2002 132.147.210.109 Caldera, Inc.
SCO UNIX Netscape-FastTrack/2.01 12-Aug-2002 132.147.210.109 Caldera, Inc.
From SCO to Linux? Linux running as recently as December 2003? Of course, since they own Linux, I guess this is ok...
And you can go back and look at the discussions with many people who all played the tune of "fuck Microsoft". Being a spelling Nazi doesn't prove your point; neither does crying strawman when the case is not warranted. Too many people on /. complain when anything hurts their precious Linux or any OSS project (even if the OSS project [or Linux] violates international laws), but if something harms the company-we-love-to-hate their backs are turned and then the snickering begins.
Moral decisions - I hate 'em. ;->
If I find this thing on my computer do I have to take it off?
Roses are red, violets are blue, most poems rhyme, but this one doesn't...
I just read abot the SCO connection on CNN (busy day today). Interesting symbolism, using Microsoft Windows vulnerabilities to attack a company that's trying to 'close-source' Linux.
-------- In Soviet Russia, "Soviet Russia" sigs hate Slashdot.