More MyDoom Gloom

StarWreck points out this article in The Atlanta Journal Constitution citing "experts who believe the worm was put out for criminal profit motives by spammers and not by Linux Advocates." Further on that, deadmonk writes "MessageLabs is reporting that the recent Mydoom virus seems to have originated in Russia. A place where nobody gives a wet slap about a court case in the U.S. Personally, I'm looking for a serious apology (or at least a retraction) for the 'alleged' link between this ugly little nasty and Open Source / Linux users." Of course, there could be evil spammers who also like Linux (or don't like SCO), but until someone's caught, or fesses up, it's impossible to say. Read on for some more MyDoom updates, including a new variant (with a new payload), ramifications for Australians, and a forensic analysis of the worm.

fudgefactor7 writes "Hot on the heels of the last virus, Mydoom.b is on the loose. According to Computerworld, this variant has a larger payload and targets Microsoft's Web site for a distributed denial-of-service attack on Feb. 1, instead of The SCO Group Inc. Patch those systems and keep your A-V up to date. Definitions are available currently."

decaying writes "With the amount of virus-laden emails flying about due to the latest virus, Australian ISP Optus have started selectively blocking port 25 outbound. Optus say they are acting in accordance with their "Terms of use", quoting that they reserve the right to restrict access to any TCP/IP port. The only option is to use Optus' SMTP server and nothing else. Community site Whirlpool has an on-going discussion about the issue."

carnun writes "Just another link on MyDoom. Apparently the FBI are also getting in on the act. Interesting to see such a fast response." And to me, the most interesting one: Zeriel writes "After much discussion on a mailing list discussing trojan horses, some people have reached the conclusion that MyDoom doesn't accomplish its stated goal of DDOSing SCO at all! Choice quote from the analysis: "I have the new critter in a test environment where we conducted a preliminary and rudimentary functionality and threat analysis...I have played with the date, etc, but still no activity directed toward www.sco.com." The link also includes disassembly and analysis of the worm code."

Re:In addition, not instead of

[graniteMonkey]

Well that just reinforces my belief that it's actually a conspiracy by Microsoft and SCO to discredit the Open Source Movement(tm), just like everything else that gets Slashdot's attention.

Reality Check

[benna]

OK listen. I hate SCO as much as any of you. This is a clear pump and dump. However, I am getting sick of people saying SCO or someone wanting to discredit the open source community wrote this worm. I can think of A LOT of linux supporters that would have done this in a second if they had thought of it. The chances are, it was a linux supporter. I'm not saying whether I support the people that did this or not. I'm really not sure but I am also getting tired of this "holier than thou" attitude of people who say its not good because it makes open source look bad blah blah blah. I'm beginning to think we must fight fire with fire. We must fight these tacticts of SCO, tactics that may even be illegal under RICO, with tactics that are less than legal. Maybe it is time we start doing things designed to bring down SCO, just as they are trying to bring down linux. The legal process will take years. SCO will probobly do alot more damage in that time than some worm written by a linux supporter. So we must do something. WE MUST FIGHT!