More MyDoom Gloom · Slashdot Mirror

Posted by timothy on Wednesday January 28, 2004 @10:05AM from the windows-users-are-mydoomed dept.

StarWreck points out this article in The Atlanta Journal Constitution citing "experts who believe the worm was put out for criminal profit motives by spammers and not by Linux Advocates." Further on that, deadmonk writes "MessageLabs is reporting that the recent Mydoom virus seems to have originated in Russia. A place where nobody gives a wet slap about a court case in the U.S. Personally, I'm looking for a serious apology (or at least a retraction) for the 'alleged' link between this ugly little nasty and Open Source / Linux users." Of course, there could be evil spammers who also like Linux (or don't like SCO), but until someone's caught, or fesses up, it's impossible to say. Read on for some more MyDoom updates, including a new variant (with a new payload), ramifications for Australians, and a forensic analysis of the worm.

fudgefactor7 writes "Hot on the heels of the last virus, Mydoom.b is on the loose. According to Computerworld, this variant has a larger payload and targets Microsoft's Web site for a distributed denial-of-service attack on Feb. 1, instead of The SCO Group Inc. Patch those systems and keep your A-V up to date. Definitions are available currently."

decaying writes "With the amount of virus-laden emails flying about due to the latest virus, Australian ISP Optus have started selectively blocking port 25 outbound. Optus say they are acting in accordance with their "Terms of use", quoting that they reserve the right to restrict access to any TCP/IP port. The only option is to use Optus' SMTP server and nothing else. Community site Whirlpool has an on-going discussion about the issue."

carnun writes "Just another link on MyDoom. Apparently the FBI are also getting in on the act. Interesting to see such a fast response." And to me, the most interesting one: Zeriel writes "After much discussion on a mailing list discussing trojan horses, some people have reached the conclusion that MyDoom doesn't accomplish its stated goal of DDOSing SCO at all! Choice quote from the analysis: "I have the new critter in a test environment where we conducted a preliminary and rudimentary functionality and threat analysis...I have played with the date, etc, but still no activity directed toward www.sco.com." The link also includes disassembly and analysis of the worm code."

4 of 730 comments (clear)

Min score:

Reason:

Sort:

I don't find the fast reactions unbelievable... by Coocha · 2004-01-28 10:12 · Score: 5, Informative

... here at Virginia Tech, the virus has had our pop/smtp servers down since sometime last night. Apparently it infected our financial aid listserv, which caters to 51,000 email addresses, most of them in the vt.edu domain. Not to mention 8000 of the not-so-savvy on-campus undergrads whose systems have been infected. In the 4+ years I've been here, this is the longest downtime for our email system yet, even considering the downtime a couple routine server rebuilds caused. I'm sure other institutions, agencies, and businesses are experiences unheard-of downtimes as well.

--
May the threads progress competently.
If I've said it once . . . by Leroy_Brown242 · 2004-01-28 10:15 · Score: 5, Informative
I've said it a thousand times.
1. Mutt
2. Spamassassin
3. Greylisting
4. Profit!
If it weren't for /., I'd have never noticed.
--
Pretty Pictures!
Stawin-A Trojan by sharp-bang · 2004-01-28 11:00 · Score: 5, Informative

Sophos has intercepted a new trojan called Troj/Stawin-A that installs a keystroke logger, captures data related to financial institutions, and sends it back to a Russian e-mail address.

--
#!
1. Re:Stawin-A Trojan by johnmc · 2004-01-28 11:11 · Score: 5, Informative
  
  Make that Troj/Stawin-A..
  There was a typo in the URL
  
  --
  -- johnmc.