Slashdot Mirror


More MyDoom Gloom

StarWreck points out this article in The Atlanta Journal Constitution citing "experts who believe the worm was put out for criminal profit motives by spammers and not by Linux Advocates." Further on that, deadmonk writes "MessageLabs is reporting that the recent Mydoom virus seems to have originated in Russia. A place where nobody gives a wet slap about a court case in the U.S. Personally, I'm looking for a serious apology (or at least a retraction) for the 'alleged' link between this ugly little nasty and Open Source / Linux users." Of course, there could be evil spammers who also like Linux (or don't like SCO), but until someone's caught, or fesses up, it's impossible to say. Read on for some more MyDoom updates, including a new variant (with a new payload), ramifications for Australians, and a forensic analysis of the worm.

fudgefactor7 writes "Hot on the heels of the last virus, Mydoom.b is on the loose. According to Computerworld, this variant has a larger payload and targets Microsoft's Web site for a distributed denial-of-service attack on Feb. 1, instead of The SCO Group Inc. Patch those systems and keep your A-V up to date. Definitions are available currently."

decaying writes "With the amount of virus-laden emails flying about due to the latest virus, Australian ISP Optus have started selectively blocking port 25 outbound. Optus say they are acting in accordance with their "Terms of use", quoting that they reserve the right to restrict access to any TCP/IP port. The only option is to use Optus' SMTP server and nothing else. Community site Whirlpool has an on-going discussion about the issue."

carnun writes "Just another link on MyDoom. Apparently the FBI are also getting in on the act. Interesting to see such a fast response." And to me, the most interesting one: Zeriel writes "After much discussion on a mailing list discussing trojan horses, some people have reached the conclusion that MyDoom doesn't accomplish its stated goal of DDOSing SCO at all! Choice quote from the analysis: "I have the new critter in a test environment where we conducted a preliminary and rudimentary functionality and threat analysis...I have played with the date, etc, but still no activity directed toward www.sco.com." The link also includes disassembly and analysis of the worm code."

11 of 730 comments (clear)

  1. Am I the only one? by CGP314 · · Score: 4, Funny

    place where nobody gives a wet slap

    Anyone care to clarify what a wet slap is?

    --
    In London? Need a Physics Tutor?

    American Weblog in London

  2. Re:McBride interview by haystor · · Score: 5, Funny

    Bah!

    The virus is closed source and runs on Windows. It clearly has nothing to with the GNU/Linux.

    Hehe, insert joke about BSD catching a virus...

    --
    t
  3. Bravo! by Dman33 · · Score: 4, Funny

    Not to mention all of the scared users calling the helpdesk insisting that they are infected.

    "Dude, you are using PINE! You are NOT infected!!!"

  4. The new payload is to DDoS MS by dupper · · Score: 4, Funny
    All right, it's clearly one of us. 'Fess up, J. Random Slashdotter.

    Also, you forgot to make an RIAA variant, dumbass!

  5. Re:Off Track by Jonathan+the+Nerd · · Score: 5, Funny
    How dumb do you have to be to actually think this malware was created by Linux zealots?

    How dumb do you have to be to infuriate the entire Open Source community by claiming you own Linux and trying to license it for $699 per CPU?

    --
    Disclaimer: The opinions expressed are not necessarily my own, as I've not yet had my medication today.
  6. Re:Off Trek by NanoGator · · Score: 4, Funny

    "It's entirely possible that the authors of this virus targeted SCO, simply to make it appear that Linux zealots were responsible..."

    I wouldn't rule out Romulan involvement.

    --
    "Derp de derp."
  7. but there's an open source version of the virus... by commodoresloat · · Score: 4, Funny
    Greetings. You have been infected with GNU/MyDoom, a destructive anti-SCO virus brought to you by members of the open source community. In order to get this virus to infect your system properly, you will need to use wget to download mydoom-config-2.4.6 from one of the usual mirrors. Be careful; this version of the virus is not compatible with versions of mydoom-config prior to 2.4.4. After you have downloaded the config tools and issued the usual incantations (./configure; make; make install), you can configure the virus from any directory simply by typing sudo mydoom-config -ort [your login id] [your current IP address] [full path to your email client] [interval since last kernel rebuild in seconds]. This virus is licensed under the GPL. If you have any questions, be sure to RTFM, the docs are installed at /usr/share/info/mydoom and all your config files are stored at ~/.mydoom.

    p.s. yes, it's an old joke, but still, you know you laughed....

  8. McBride is cunning by Anonymous Coward · · Score: 4, Funny
    Oh and I just realized. The reason why SCO could seem to be so stupid:

    Disgruntled SCO Employee: This company is going down the tubes. If I stay here much longer I'll never find work again! I quit! *slam*

    Darl McBride: Damn! We just lost our last programmer! What are we going to do now?

    Grand Vizier: *rubbing hands together* Well, now I suggest we go to the very salt of the earth...To the spammers!

    McBride: Wha? What the hell are you talking about?

    Mr. Burns: Obviously our only course of action is to utilize the dark side of the force. We must make those young linux whippersnappers look bad by making a virus that seems to target our own servers!

    McBride: Brilliant! We'll make it look like those linux communists are trying to destroy our legitimate business! Make it so!

    Mr. Burns: Eeeexcellent.....

    Thus goes the story I heard from a passing lunatic...

  9. Re:Off Track by pegr · · Score: 5, Funny

    I certainly hope the author wasn't a Linux zealot trying to harm SCO.

    Especially when they're doing such a fine job all by themselves! ;)

  10. I'm betting that Martians are behind this by Snork+Asaurus · · Score: 4, Funny
    Earth has really been pissing Mars off lately:

    1) Earth landed a multi-ship advance scouting party on Mars this month

    2) An earth leader with a track record for aggression speculated in a speech about the resources that might be plundered from Mars

    3) Earth announced that it was preparing a full scale manned invasion of Mars by 2050

    4) SCO sent a letter demanding payment to Martian citizen Marvin, just in case he uses Linux in his Space Modulator

    --
    Sigs are bad for your health.
  11. Re:SCO connection is a red herring by jamesh · · Score: 5, Funny

    The obvious solution then is to demand that sco remove the sco.com domain. It's the only decent thing to do.