Netcraft Jokes About SCO's Virus Fears

Elektroschock writes: "Through the media SCO Group sent the message that a virus writer that targets its website would be a Linux enthusiast. Netcraft has its own funny remarks in a dogfood article." Some of you might get a cackle out of the third solution.

Bombs away!

[shystershep]

I for one welcome our new "previously unknown Linux Thought Leader" overlord!

Fourth solution is even funnier than the third...

[bc90021]

...and that makes me wonder if the editor only read that far. ;)

"Entire set of infected Windows machines is reached and either comes up running Debian or crashes stone dead trying. No denial of service attack occurs. SCO sends licence fee demands to owners of all the previously infected windows machines. They happily pay up and SCO splits the proceeds with Slashdot readers."

(And yes, I read the whole thing. ;) )

www.sco.com hosted on FreeBSD

[Rosco+P.+Coltrane]

Consequences: SCO Executives buy a small business shared hosting account at Yahoo, noting that it runs on FreeBSD, not Linux, and point www.sco.com at the new account.

Makes sense, Unixware and FreeBSD have much in common, according to Netcraft. Can you guess what they have in common?

Re:www.sco.com hosted on FreeBSD

[Metasquares]

No, but I'm sure Darl's already hard at work.

Hey now....

[BWJones]

From the article: Spend Saturday soaking up the totally awesome graphics on the Stealth bomber flight simulators, and then obliterate most of Utah, sco.com name servers and all, on Sunday morning hours before the DDoS is due to hit Slashdot. SCO Execs still laughing themselves helpless about the /. Effect when the bomb hits.

Hey now, not everybody in Utah is a SCO exec or a polygamyist. I suppose this is the toll that association takes however, even if that association is geographic as opposed to ideological, political or religious. Believe it or not, there are good things to come out of Utah, such as much of the technology responsible for computer graphics, some kickin' genetics research, some of the best skiing in the world, good beer, and last but not least, is the home of computational molecular phenotyping. :-)

Re:Hey now....

[Rosco+P.+Coltrane]

some kickin' genetics research [utah.edu]

No wonder, they have a rather large population with a very coherent DNA to study there :-)

(Yes, I'm half-joking, and no I'm not flaming. Utah folks are nice overall, but it's true that polygamy was practiced there up to 100 years ago mainly to populate Utah as quickly as possible from the small band of initial settlers. Those who've been to Utah know the proportion of white blond-haired blue-eyed people bearing the same last name there is quite staggering. Sweden looks cosmopolitan compared to Utah).

Re:Hey now....

[BillyBlaze]

Seriously, though. According to the recent PBS special on DNA, a breast cancer predisposition gene was found largely thanks to very the complete family records that Mormons keep as a matter of faith.

Re:Hey now....

[iantri]

Scientists have also found the same thing about Newfoundland (though they didn't practice polygamy, they are an island and didn't join Canada until 1949 so have a pretty bland gene pool)..

It's population has been very helpful in researching genetic diseases (of which Newfoundland has a huge problem with, due to lack of variety in the gene pool).

Re:Hey now....

[BWJones]

Exactly why is diversity better?

You seem to be making this a racial issue when it really is not. However, to understand why diversity is oftentimes better, you should read a little biology. Or since this is Slashdot, read about monoculture in computing and discover why we have so many problems with virii and worms. But if you are speaking culturally, lets talk food. Traditional Utah cuisine sucks. Vegetables are overdone, meats are cooked to within an inch of bone dry, there is no alcohol in foods to carry flavors to the olfactory system etc...etc...etc... I myself love a variety of foods and I cannot count on a bunch of white boys to provide them all the time. If you are talking arts, pioneer handicraft can only go so far. If you are talking music, come on now, get real. If you are talking science, progress without diversity of thought and scientific input goes nowhere.

Is there something wrong with having a primarily Mormon state that needs to be "improved" upon?

Apparently from Utah history, the Mormon church wanted to be a part of the United States and thus become a part of the greater union of states. This tells me they wanted other benefits associated with being a state and did not want a Mormon monoculture. (Also, from what I hear, the Mormon church is expanding quite rapidly in other nations around the world in cultures that are not necessarily white.) If you want to be a state and accept federal tax dollars, then you have to be willing to be a part of the greater diversity that has made the United States unique in the modern world.

Or is it that white people are not allowed to have their own place with their own distinct culture?

Sure they can. Nobody is saying that cannot occur. But if you live in the United States of America, there are some things that you need to be aware of: The Constitution of the United States, The Bill of Rights and the Declaration of Independance should be the first three things you read. After that, read up on other aspects of democracy, issues of statehood, and some court cases such as Brown vs. Board.

Would you say that a place like Japan or India needs to be improved with diversity?

You have not been to Japan or India have you?............

You might be surprised at the diversity in those cultures, but more to the point, those countries do not have the same history of law as does the United States. Specifically, we (U.S. citizens) have a little amendment to our Constitution. The 15th to be precise that states "Section 1. The right of citizens of the United States to vote shall not be denied or abridged by the United States or by any state on account of race, color, or previous condition of servitude." And in Section 2. The Congress shall have power to enforce this article by appropriate legislation." This amendment specified a precedent that has carried through to other aspects of our culture besides voting to include issues of discrimination in the work place, in housing etc....

Not necessarily a Linux enthusiast...

[GameGod0]

Maybe the person who wrote the virus is trying to tackle the real virus - SCO's lawsuits.

Seriously, SCO's DOSing every Linux user's stress level...

What Synergy!

[digitalvengeance]

From the article: "SCO Execs point www.sco.com at the loopback address 127.0.0.1, end lawsuits, dismiss lawyers, and invest remaining corporate cash reserves in call options in Dell & Microsoft stock."

Since when do SCO and Verisign share corporate strategy for "net presence management?" Now that's synergy in action!

They don't need a DDoS

[sbennett]

Looking at their uptime stats, a DDoS wouldn't really make much difference.

Point it to...

Why not just put multiple A records on the sco domain, as to spread the load across multiple servers. Besides, there will be enough traffic to take down many, many sites. Here's a short list, in order of importance...

kernel.org (and its mirrors)
groklaw.net
ibm.com
redhat.com
suse.c om
novell.com
sourceforge.net
slashdot.org
lin ux.com
apple.com
sco.org (When we're finished, we'll be all you can see)

Netcraft used to track websites?

I thought Netcraft kept tabs on what webservers were used on the Internet? But now they are a news site taking sides in the SCO vs Linux argument?

What happened?

Netcraft confirms

[Freston+Youseff]

Fact: *Santa Cruz Operations is dying.

Will this virus really make a difference to SCO???

[jazzmanjac]

By looking at the Netcraft Sco Uptime chart it doesn't seem that uptime on their website is a priority. Who goes to sco.com anyway, except for us nerds on a link from slashdot? I imagine most support is done via telephone, as is the case with most other operating systems.

The whole front page of SCO's website is dedictated to the virus. If you were running SCO you wouldn't have this problem, so why is it freatured on their website? Probably just fodder for the next lawsuit is my guess.

J.

Congratulations Mike

[arivanov]

Congratulations to Mike Peterjohn.

Who in btw is a founder and one of the Netcraft executives. So dunno about the dogfood. I wish other company CTOs could post dogfood like that.

You know you're unpopular when

[Space+cowboy]

... the entire world starts to DDOS you, to see if an expected DDOS is taking place yet [huge grin :-] ... A company that monitors uptime starts a deathwatch on your site ... That same company publically ridicules you on their homepage :-)

Simon

Looks like they chose Solution 2

[marsu_k]

PING www.sco.com (216.250.128.12) 56(84) bytes of data.
--- www.sco.com ping statistics ---
34 packets transmitted, 0 received, 100% packet loss, time 33048ms

Re:Fourth solution is even funnier than the third.

[Elektroschock]

Well, the bomb on Utah? Aren't they all Christians in Utah? So I leave it to the Lord to punish SCO. Eternal doom proposed.

Yahoo! small business account?

[GMan00]

At LWE, while tabling for NYC *BSD User Group, someone from SCO approached me.

I asked him his thoughts about SCO's foolish crusade, and he said, "Hey, we would have been out of business in December if they didn't."

So I guess Solution Number 1 may be plausible for fiscal reasons also.

Linux Enthusiasts Rejoice!

[Basehart]

Hopefully people who use Linux won't be denegrated as mere Fans, Fanatics or Enthusiasts for too much longer, as Macintosh users have been for years, now that the big boys are putting out ads backing the "OS that could".

This morning I saw my first Linux ad on TV, sponsored by IBM. The theme, a young child showing up all over the World and a voiceover saying something to the effect of "the child is growing up".

The combination of ads promoting Linux, and the $250,00 bounties offered by those who would prefer it dead and buried, just might finally be opening the public's eyes to what's going on in Lindon and Redmond these days!

SCO Site Search

[CdBee]

Search for: Liars And Thieves *** Sorry, but search returned no results. Try to compose less restrictive search query or check spelling. *** Obviously their search engine is already DDOS'd

Best Solution:

[Eberlin]

Linux geeks reveal that they've secretly controlled satellites in order to build a "Death Star" out of existing space debris. (you think the hubble is busted? Ha! We just borrowed some parts 'cause we needed some lenses and a gyroscope).

This "Death Star" goes Independence Day on SCO Land with pinpoint accuracy -- McBride castrated before being zapped like an ant under a magnifying lens.

Sir Gates and the Knights of the Old Republicans wage war against Geekdom because of this weapon of mass destruction. They device a plan to send a Mac to the death star in order to introduce a virus.

Upon pitching the idea to Steve Jobs, the poor man laughs himself to death, leaving Gates and Ballmer (in their Matrix outfits) to have their tablet PC plugged into the Linux-powered "Laser" via Samba.

The XP Tablet-PC edition spreads like a cancer through the ext3 filesystem resulting in many "I Told You So" comments by Reiser.

Linus, finally sick of all these events, sheds his impartial nature and embraces his dark side. Finally teaches everything he knows to that bleach-blonde IBM Commercial kid and dubs him Darth Tux. Geeks around the world cede their control of the Death Star to Darth Tux, who shoots down both Washingtons and proceeds to carve his face onto Mt. Rushmore.

Darth Tux declared supreme leader, quoted as saying "Choice is good...as long as you choose Linux" Proceeds to create his own distro -- Slim Shady Linux.

Geeks install distro, wave their hands skyward in apathy, and enjoy the new era of computing.

point to slashdot.org? point to groklaw.com!

[MavEtJu]

Fascinating that they (=Netcraft) think that Slashdot is doing more damage to SCO than what Groklaw did.

Not as bad as everyone thinks.

[cperciva]

As I pointed out on freebsd-chat (google link since the FreeBSD archives are broken right now), this DDoS attack could be handled relatively easily.

The attacking machines are easily recognizable: They issue distinctive[ly minimalist] HTTP requests. It is therefore easy to build a list of "evil" source IP addresses.

Given these IP addresses, all you have to do is filter those packets and send them to a LaBrea tarpit. Each connection hangs indefinitely at a very low packet rate: If I did my arithmetic right, the expected half a million machines would only require 85 Mbps of bandwidth.

Now, that's hardly a trivial amount, but it shouldn't be too hard for a company SCO's size to buy that sort of capacity. Defending against this attack might cost $100K, but that's still less than the $250K they've already offered as a bounty for catching the worm author.

Re:Not as bad as everyone thinks.

[anticypher]

The original version of the worm had a bug that didn't perform any DDoS of SCO. After having bugs in the code pointed out to them by the ever willing Open Source Community and the Security Research Community, the authors of the worm have helpfully provided several updates that do actually perform the DDoS against both SCO and M$.

Apparently, the code does not perform a complete TCP handshake before trying again. It doesn't wait around for the first TCP SYN+ACK packet, it sends a TCP SYN packet every second. If, by chance, the SCO address responds with a SYN+ACK packet, then the worm sends the initial GET / HTTP/1.1\r\nHost: www.sco.com\r\n\r\n. Its difficult to tell from the decompiles if it even bothers to close the connection, or just abndons the local TCP stack to deal with closing the connection at some later time. In an internet simulator testbed, not providing SYN+ACK packets back to a worm infected microsoft machine, the TCP stack stops sending unbalanced SYN packets after 63 attempts. As a friend helpfully pointed out, you can increase this number by changing a registry setting in windoze.

I personally don't think the current management of SCO cares about their website, they certainly don't have any revenue producing features that need to be maintained. Most SCO clients rarely go to the SCO site for anything, since most maintenance is done by intermediaries like IBM Services Group, which have their own internal distribution of support and patches.

the AC

From SCO's website...

[kirun]

http://www.sco.com/mydoom/

What long-term steps should I take to protect against future viruses? ...

3. Do not download any documents or programs from any Website that you do not know to be reputable

This is just their way of stopping people finding what GPL stuff they're still giving away, isn't it?

Re:Fourth solution is even funnier than the third.

[Natestradamus]

Mormons, actually. It's like Christ++.

Re:Fourth solution is even funnier than the third.

[QuasiCoLtd]

Object-Oriented Religion?

Will there be a DDOS at all?

[DF5JT]

This just in:

"D'Aloisio Marc observed some things about the DoS attack, and raised some preliminary questions:

-----
Has anyone seen the DOS against SCO actually happen?

I have the new critter in a test environment where we conducted a
preliminary and rudimentary functionality and threat analysis and the
only activity I can get it to perform related to www.sco.com is to
resolve the name. In fact, it seems very unhappy if it cannot resolve
www.sco.com. Once it can, it happily scans local files for anything
that can be construed (very loosely) as a domain and tries to resolve
mail servers based on these. In fact, right now it's trying to resolve
'mx.makewin.rsp'. "Makewin.rsp' is a file referenced in the help files
of my DigitalMars C++ compiler on a test machine, so it's not a very
smart worm. The worm also seems to like to increment the third octet of
the host IP by one and syn to port 25 of that address over and over and
over... I have played with the date, etc, but still no activity directed
toward www.sco.com. It did die after 12 February, but gladly
resurrected when the date was set back prior to that. "

From: http://www.math.org.il/newworm-digest1.txt

The truth in Solution 3...

[Scorpion_1169]

Solution 3 recommends redirecting the traffic to 'somone you don't like.' I'm not sure whether I should admit to this but I think you all will find it interesting.

On Tursday afternoon somone began trying to hack into an MS SQL Server that my company runs. They weren't able to get in, but their brute force method of attemting to access the 'sa' account estentially caused a DoS on the application. We got the guys IP address but his ISP doesn't seem very interested in helping out.

It just so happens that we KNOW that a number of users inside our network have contracted MyDOOM. It also just so happens that we have our own internal DNS servers. Jokingly, we mentioned to our Network Admin that he should redirect all the SCO traffic to this IP. You could see a little glimmer in his eye at the suggestion and he paused for a moment and said that was a very interesting idea and that he might just do that...

Anyway, glad to see that we're not the only ones with the idea.

yeah, they suck.

[twitter]

It must have something to do with their recent change from Linux to BSD. Namely, finding anyone at SCO who has any technical competence outside of extortion at SCO these days. Funny that they don't use their own OS to run their site. It's because Linux and BSD stole it, I suppose. They could get such "insane uptimes" (Steve Balmer's description of 30 and 60 day uptime) from M$ junk.

Re:Fourth solution is even funnier than the third.

[Ian+Wolf]

Oh yeah. Back in the old days they used to have these whacky ideas about inheritance. It wasn't uncommon for children to have many parents.

Re:Fourth solution is even funnier than the third.

[fizban]

So, if Christ is the Highest, wouldn't Christ++ wrap around (2's complement) to the lowest possible, meaning the devil? No wonder SCO is located there...

Of course...

[Jugalator]

Through the media SCO Group sent the message that a virus writer that targets its website would be a Linux enthusiast.

Because the SCO Group has Linux as their target, sinking to lower levels for each attack they do, why should it be news or strange that some Linux user would do so as well? SCO has chosen to fight a dirty battle.

Budweiser drinking SCO executives?

[merc]

Solution 2: Take www.sco.com out of the DNS.

Consequences: Everyone has a quiet weekend. SCO Execs drink Budweiser and watch the Superbowl. Global media considers that the virus author "has won". Anti-virus company Execs do not return journalists' calls on "What was all that fuss?"

The SCO execs are all Mormon I thought, they'll have to settle for a dixie cup of lemonade, that is if they're not at church.