Posted by
CmdrTaco
on from the no-surprise-there dept.
quakeslut writes "It's Feb. 1st everyone... and all of you who have been reading Slashdot know that today MyDoom.A begins it's attack... according to Reuters, SCO has already been hit hard. Stay tuned for Tuesday when MyDoom.B hits Microsoft..."
Yup, must be/.ed. I know I tried it _several_ times and couldn't get through.
Re:obvious
by
Anonymous Coward
·
· Score: 0
My fav:
From CNET Friday: I think people will see some creative thinking on our part, on how we address this, Blake Stowell (of SCO) said in the statement on Friday
From CNET Sunday: Internet traffic began building momentum Saturday evening and by midnight Eastern Time the SCO Web site was flooded with requests beyond its capacity Jeff Carlon,(of SCO) worldwide director of information technology infrastructure at SCO Group, said in the statement.
And on a related note Blake Stowell of SCO also made the statement that "People will see that we are going to very creative in regaurds to how we protect our IP from those communist Linux open source thieves"
Re:obvious
by
Anonymous Coward
·
· Score: 0, Funny
This is really uncool.
Can you envision what it would be like for someone to publish your personal number on a site like this in a way that would guarantee you got tons of calls?
I just called him and warned him that the source of his phone number was/.
Despite my opinion of what they're doing, this is not the right way to change it.
Re:obvious
by
Anonymous Coward
·
· Score: 0
It's a self fufulling prophecy! For now on, I'm going to submit a 'such and such.com' is being ddos'ed article once a week. The first few users will grumble about the post being wrong, but eventually it'll be true!
You know, you did the right thing. And just in case you're joking, I forwarded his info to about 50 people and told everyone to give him a call and tell him his info got posted to slashdot, so if people call him or contact him all of a sudden, that's why.
Why 50 people? Come on man, you know how lazy Slashdotters are. I'll be lucky if 2 people call him.
"Or just sign him up for every catalog you can find.
The only thing necessary for the triumph of evil is for good men to do nothing. --Edmund Burke "
sh*t...so everyone could have ignored hitler;)
Opera has a nice feature... 'reload page every 5 seconds'... damn, still can't get though to SCO's website, maybe if I just let it keep trying to reload over and over till it finaly comes up it will work faster!
ping? PING? That's such a bad idea... They'll block ping... Use Opera (linux client available) and tell it to refresh every 5 seconds say...
Re:obvious
by
Anonymous Coward
·
· Score: 0
I know someone who saved all those little cardboard things the put in magazines while they were in prison. When they got out they filled them out and sent them in for their probation officer.
-- "The natural progress of things is for liberty to yield and government to gain ground." - Thomas Jefferson
Re:obvious
by
Anonymous Coward
·
· Score: 0
Citing Darl's phone number like this is highly irresponsible - it will do more harm than good to the Linux cause.
If you read Groklaw, you will notice that Pamela Jones omits E-mail addresses, street addresses and phone numbers from transcribed documents to prevent them being harvested by bots or otherwise misused. She does not want to compromise her site's integrity.
I told him he could probably guess, and that I wasn't going to state my position on the whole situation because it was irrelevant to the message I was giving him.
Using the -f option will not tell you anything. It sends the packets whether anyone is listening or not.
It does, however, send packets as fast as your system can send them - which wouldn't help their website any:)
Apart from slashdot readers and lawyers who goes to the SCO site these days?
Honestly, my company. We still use SCO OpenServer currently. Product registration is done via the website. While there are other ways to register (via phone and fax I believe), this will be a annoyance. Plus there is the fact that we have close to 700 existing servers out in the field that will need the knowledge base at some point it time.
It's saying that the only thing evil needs in order to triumph is for good guys to sit around going "meh", not that good guys need do nothing in order to defeat evil.
Hmmmm, I wonder, is it possible to slashdot someone's phone?
Not exactly, telephones are a circuit switched networ, unlike the internet's packet switched network. What can be done though is render it impossible for them to get the calls that they want. If you're used to taking a few thousand inbound calls per day and all of a sudden you're taking in 100 times that volume, you can't cope with it.
I used to work for a Satellite TV company, in a call center, whenever the "engineers" would fux0r a whole series of receivers with new software, call volumes would spike through the roof. What happens then is that people don't get to take their breaks/lunches when they want to. 3 or 4 days of that will cause a large number of people to just quit.
Imagine if every slashdotter would call SCO's sales line 4 or 5 times a day for the next week. Not only would Darl be unable to take those incoming calls from reporters who want to write his spin, but they'd miss out on untold sales possibilities. The people answering their phones would start quitting. That would only make the problem worse for them. Longer queues mean more frustrated people who are less likely to purchase your products.
A "telephone slashdotting" would be brilliant strategy to use against SCO.
LK
-- "Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
While that would be fun, especially for those of us in SLC (knocking on his door and asking questions would VERY funny), harrassment isn't allowed. I think since most of us are much better at coding or system administration we should us our skills. If we organized an effort to secure Linux/BSD mail servers to filter this virus (and whatever the Windows virus du jour is) how could anyone complain. They would point and say, Hey these people are making the internet a better place and THEY don't have problems. Maybe I should dump Windows for Unix.
Given that SCO is just messing with DNS to avert problems maybe we could devise a similar virus blocking system. When you update your site's DNS entry it propegates through the other DNS servers. How about a system where once a virus signiture is identified it is propegated to other servers. Then the "internet" would be aware of virus problems, as they start to spread.
And I just put in my contribution.... press F5 about 20 times just to rub it in.
We need to setup an Ad on slashdot, asking slashdoteers to contribute about 10-50 hits to microsoft.com on the eve of them releasing windows 2004 or something. Pretty enjoyable.
-- "Give orange me give eat orange me eat orange give me eat orange give me you."
-Nim Chimpsky
Re:obvious
by
Anonymous Coward
·
· Score: 0
The DNS has been changed and SCO is not really under attack... have a nice day.
Re:obvious
by
Anonymous Coward
·
· Score: 0
Hmmm...
Stowell, Blake & Sheila 59 W 680 South OREM, UT 84058 801-434-7711
Carlon, Jeff 8744 Danish Rd SANDY, UT 84093 801-942-1269
I don't know if these are the same people, but it's a funny coinkydink...
Man Ping: -f Flood ping. Outputs packets as fast as they come back or one
hundred times per second, whichever is more. For every
ECHO_REQUEST sent a period ``.'' is printed, while for every
ECHO_REPLY received a backspace is printed. This provides a
rapid display of how many packets are being dropped. Only the
super-user may use this option. This can be very hard on a net-
work and should be used with caution.
so its sudo ping -f sco.com;-)
Re:obvious
by
Anonymous Coward
·
· Score: 0
In the case of Darl, I can see why this would be scary. There are some real psychos out there, and the number can only increase as the population does. This might be the best argument for the police to favor the rich I have ever heard. Thank you for lending more credence to the police state.
While I think he's an asshole and all, giving out that much personal information is just malicious. (Three lefts make a right.) This is much different than selling someone's personal information on a CD or something (as in spammers.) You are just a database entry for the spammers, they don't single you out with bad intent. In this case, you are certainly inviting some wrongdoing. Ghandi did not beat England using force, it's a fact. Perhaps you are going about this the wrong way.
If they did opt for Netcraft option #5 they did a sloppy job of it:
Server: 64.85.239.11 Address: 64.85.239.11#53
Dosn't look like Localhost to me.
-- I don't actually exist.
Re:obvious
by
Anonymous Coward
·
· Score: 0
So much wanton hatred over some stupid guy from some stupid company that is desperately struggling to breathe and stay afloat. I cannot believe how much energy is wasted hating (SCO, Macs, IBM, MS, air, mars, etc.) things around here. Sometimes it seems that it is simply for the love of hating. Sometimes I actually want some news with my ranting. I guess I'm in the minority.
Not only would Darl be unable to take those incoming calls from reporters who want to write his spin, but they'd miss out on untold sales possibilities.
Wait a second, so you're saying that SCO actually sells something? Man the world really is going to end soon.
I must say,/. readers dissapoint me more and more. Incitement of harrassment is exactly the sort of thing Bruce Perens was trying to get away from.
The response to the mydoom virus and the sco case in general on here and other forums might well have put the advance of Linux back 5 years in terms of it's corporate image.
This should not be a personal battle against one individual (and now by your actions and that of others direct harrassment of his family) it should be a legal and economic battle. Whatever moral high ground the linux community might have about the sco case is effectively undermined by childish actions such as these.
I could see some point in publishing the company address and his corporate number. But publishing his personal contact details is reprehensible. Encouraging harrassment is not big, clever or funny.
Nice idea, but it's not hard to see that unless it's watertight it would be easy for this system to be abused by crackers/spammers/malcontents. The sad fact is that viruses would be ineffective if everyone used a virus checker. For home users there are free options available, and for corporate users the licensing cost is reasonable (esp. compared to the cost of being hit by an attack). The problem is people who are clueless or careless enough not to run with a decent firewall and a virus checker. That is what needs to be combatted.
-- *--BigMan---
Time flies like an arrow.. but personally I prefer a nice glass of wine!
Re:obvious
by
Anonymous Coward
·
· Score: 0
ah its 'ping -ft sco.com' in a MS-Dos (Dos and DoS huh) terminal. Using the enemy to fight the enemy.
You've just queried sco.com with nslookup, which returns a blank entry. The address you need to query is: www.sco.com
nslookup will return the proper entry in the lines following your server info.
Re:obvious
by
Anonymous Coward
·
· Score: 0
You're right. You are...
Re:obvious
by
Anonymous Coward
·
· Score: 0
I completely agree that Darl should get everything coming to him in the courts, but if the Linux community is to maintain the moral high ground then immature and childish actions such as this must *NOT* happen.
Posting his home details in an act of complete irresponsibility. This only helps Darls cause. It doesn't do anything to help us.
Your time would be better spent working on your ABC's since your IQ is obviously not up to the task of producing something meaningful to help us.
They get Friday off for worship, in some countries.
Re:Why today...
by
Pharmboy
·
· Score: 5, Interesting
Sunday isn't even a business day? How much money will they not lose?
There is one basic flaw in your assumption. Granted, for many businesses, this would hold true, but not SCO. Being attacked on Sunday is just as detrimental as being attacked on Wednesday, as it appears they make just as much money when no one is there as they do when the place is fully staffed: nothing.
I am sure they will spin this around and demonstrate how this hurt them terribly, costing them tens, if not hundreds of dollars in potential sales;) Then again, they will blame the Linux community for this, even though its soley from a bunch of owned Windows boxes. This is akin to blaming Smith and Wesson for injuries to the neighbors when you fire your gun in random directions.
-- Tequila: It's not just for breakfast anymore!
Re:Why today...
by
muffen
·
· Score: 3, Interesting
Sunday isn't even a business day? How much money will they not lose?
...are you saying they would loose money if it was a business day?
Well, I guess they have received "linux-fees" from 12 linux users so far... so if the DoS attack keeps the website down for a week, they might loose like USD 600 (or whatever the fee was).
The person who wrote the worm is not very good anyways... only 25% of infected machines will perform the DoS attack (see the virus information page for McAfee and Symantec).
Anyways, they are counting that there's about 1Million infected machines, and if 25% of those do the DoS attack, it's 250 000 machines.. which would still be the largest DDoS attack in history so far.
One thing I don't understand is why the DNS entry hasn't been removed for www.sco.com. I mean, they have no chance in hell of stopping this thing, and keeping the DNS entry intact causes a slowdown on a lot more things than just SCO's webserver.
I guess it's just a matter of time until www.sco.com is pointing to www.slashdot.org:)
Re:Why today...
by
Anonymous Coward
·
· Score: 0
Expect a knock at the door.
Re:Why today...
by
0x54524F4C4C
·
· Score: 1, Informative
No, they work from Saturday to Wednesday. Really weird. This is one of the major problems while trying to do business with muslim counties, one can only count with 3 days per week where both places have people working.
This is akin to blaming Smith and Wesson for injuries to the neighbors when you fire your gun in random directions.
Smith and Wesson may have actually made the gun you used to shoot your neighbors. This is more like blaming Ben & Jerry for your neighbors injuries.
Re:Why today...
by
87C751
·
· Score: 5, Insightful
This is akin to blaming Smith and Wesson for injuries to the neighbors when you fire your gun in random directions.
Nit: It's more akin to blaming Smith & Wesson when mayhem results from you firing your Glock in random directions.
-- Mail? Put "slashdot" in the subject to pass the spam filters.
Re:Why today...
by
Jim+Hall
·
· Score: 2, Interesting
Oh, hi andy. Yes, this is what we refer to as an "off by one" error. The attack is scheduled Feb 1 (Sun) through Feb 12 (Thu). That's off by one. Feb 2-13 would have gotten you two full business weeks.
How much would they sell via their website in an entire week anyway? As often noted, they hardly sell anything at all. It won't affect their litigation activities at all, except to give them more ammunition to slander Linux users with.
One problem with Slashdot geeks is that they think "taking a company's website down" will severely impact them. Maybe for big web retailers, like Amazon, Dell, eBay or online banks; but the vast majority of businesses could lose their web site for weeks without it affecting the bottom line (assuming the email server is unaffected, which it should be). It might be an embarrassment -- but as I said above, SCO will use it to show it's being persecuted by Linux virus terrorists.
Re:Why today...
by
Anonymous Coward
·
· Score: 0
Doesnt even matter , they do all their business at courts
Re:Why today...
by
Anonymous Coward
·
· Score: 0
they probably run linux which is why the DOS worked.
-- Give a man a fish, he'll eat for a day, but teach a man to phish...
Re:Why today...
by
Anonymous Coward
·
· Score: 0
Good point, I didn't think about that when I posted that very poorly thought out troll. I didn't really write it, I had nothing to do with it, just me being an ass.
Re:Why today...
by
Maserati
·
· Score: 2, Informative
Note to moderators, Smith & Wesson doesn't make the Glock, so the parent is the better analogy.
Re:Why today...
by
SpaceLifeForm
·
· Score: 4, Informative
SCO obviously does not care about being forewarned,
and wants to milk this for all they can.
From the article:
"While we expect this attack to continue throughout the next few weeks, we have a series of contingency plans to deal with this problem and we will begin communicating those plans on Monday morning," Jeff Carlon, worldwide director of Information Technology infrastructure, The SCO Group, said in the statement.
NOTE TO SCO: You don't have to communicate any
series of contingency plans to anyone except
your own IT staff (if you have any left).
Any press releases from SCO will be
obvious FUD and will not mean a damn thing.
-- You are being MICROattacked, from various angles, in a SOFT manner.
I'm not American and thus probably totally unaware of the significance of Superbowl, but to me, "Insightful" doesn't sound like something the original poster had in mind.
Re:Why today...
by
Anonymous Coward
·
· Score: 0
Mayhem? maybe where you live, nice upper class area or something.. people pop shots off all the time round my place.. everyday fireworks for me:D
Glock Smith & wesson doesn't make glock. Linus doesn't Make Windows. Neither does he write viruses (Microsoft anti-gpl blathering notwithstanding).
Whomever wrote the virus simply knew that Darl would blame Linux supporters and distract people from the fact that this virus was written designed to turn Microsoft boxes into spam-support units.
-- Free Software: Like love, it grows best when given away.
Re:Why today...
by
gmac63
·
· Score: 2, Interesting
Sunday isn't even a business day? How much money will they not lose?
They won't lose a cent, but the CTO and his staff will be missing the Panthers win today!
--
INSERT INTO comment VALUE('Doh!') WHERE user='you';
SCO wants this thing to hit them so Darl can have an excuse to bankrupt the company and not make it look like he did it. I mean, come on, the company will probably fold in a week or two anyway, all their 'evidence' was as much vaporware as their products. Now Darl has a way to kill the company and not look too bad in the process. I doubt they wrote it themselves or anything, but I think Darl sees the writing on the wall. He's already made his money anyway, what does he care?
> The person who wrote the worm is not very good anyways
Why is it so hard to write good viruses? Don't the virus authors test their software? (I'm serious here. We need a really devistating Windows virus that takes out half the internet so that people realize that Windows needs to go away. I especially liked the one that mailed random files on the user's hard drive to people. Kinda makes your day when your boss mails you kiddie porn and copies of the anarchist's cookbook. He's gone. All thanks to windows(*))
* If you have kiddie porn**, you probably deserve to get caught, though. If you're doing something illegal, however, maybe you should use an encrypted loopback filesystem. Does Windows have that?
** Not that I think the governement should tell you what files you can and can't have. If you're 18 and your 16 year old girlfriend gave you her pr0n pictures, then maybe you aren't a criminal. Anyway, WAY off topic.:)
but the CTO and his staff will be missing the Panthers win today!
so will everyone else, since there's about as much chance of the Panthers winning as me getting hit by a falling meteor just after I've drawn four royal flushes in a row.
I guess it's just a matter of time until www.sco.com is pointing to www.slashdot.org:)
Since the whole 2600 case about fuckford.com proved that you can legally point a domain you own anywhere you want, is this really so far fetched? Maybe Microsoft will point windowsupdate.microsoft.com to linux.org or redhat.com next time a virus specifically attacks their webservers. Is there any kind of legal protection against that happening; someone knowingly changing the DNS entry to make an attack on them hurt their competition?
The person who wrote the worm is not very good anyways... only 25% of infected machines will perform the DoS attack (see the virus information page for McAfee and Symantec).
I don't know that this is a mistake. Another purpose of the virus is to open backdoors on a system so that it can be used as a relay by spammers. Given this, they probably don't really care about SCO.
Re:Why today...
by
Anonymous Coward
·
· Score: 0
Actually thats an interesting idea. Someone should write a worm that targets SCO's email system.
Yes, but why should they attack themselves where it hurts? It's more useful to attack yourself where it benefits yourself!
Re:Why today...
by
Anonymous Coward
·
· Score: 0
I hear they are running short of skilled suicide bombers.
Re:Why today...
by
Anonymous Coward
·
· Score: 0
Strange, it appears to me that the entry has been removed.
root@server:~# host www.sco.com www.sco.com does not exist, try again
root@server:~# host sco.com sco.com A 216.250.128.12
The question is, why does sco.com not work? Isn't MyDoom.A supposed to attack www.sco.com not sco.com? That would explain www.sco.com missing but not explain why sco.com doesn't work.
Re:Why today...
by
Suidae
·
· Score: 2, Insightful
I would expect that deliberately setting a domain that you knew was under attack to point at anyone would make you just as guilty of the attack as whomever set it up to begin with.
Re:Why today...
by
pherris
·
· Score: 4, Interesting
Speaking of FUD... Is there a way to tell if it's actually DoS'd, or if they shut it down themselves??
www.sco.com has been pulled from their dns records. Their whois info shows four dns servers: ns.calderasystems.com, ns2.calderasystems.com, c7ns1.center7.com and nsca.sco.com. IFAIK ns.sco.com, ns1.sco.com and ns2.sco.com use to be their DNSs of record. I ran a quick check of www.sco.com on all seven servers and found it had been removed. Since their is no ip number for that name sco never sees the http request.
I personally would've changed it to lo (127.0.0.1) so at least other dns servers would cache the first request (and serve out copies without checking) thus taking avoiding a lot of those hits to their dns servers everytime MYDOOM makes it's request. Even with their current setup they should avoid most of the force of MYDOOM (unless it attacks a range of active names and/or numbers).
The better solution if they want to keep their web server alive is to channel all requests to another web server with a thin pipe (say a T1) right off a backbone that reads the http client header, discards the MYDOOM requests (also with some real ones) and forwards everyone else to their real http server (say www2.sco.com). This could greatly minimize MYDOOM's damage, changing the a hurricane into a rain shower.
On the other hand doing it their way allows them to more easily cry "poor [sco]", claim this attack completely shut them down, have a record of exactly how many attacks they're getting and claim they lost business (like they had any anyways). This whole attack has "script kiddie" written all over it. If the author lives in the US there's a fair chance they'll catch him, and then he's SOL. In my opinion MYDOOM discredits the gnu/linux community. sco sucks but this isn't the way. An opinion shared by most in our community.
-- "And a voice was screaming: 'Holy Jesus! What are these goddamn animals?'" - HST
Re:Why today...
by
Reziac
·
· Score: 4, Interesting
Thanks for the info, saved in my evergrowing "SCOpera" files:)
I looked at MyDoom's innards, and it struck me as odd, not typical script-kiddie material at all. I got the sense it was the work of someone whose programming work had *not* previously included this sort of thing. So I'm inclined to agree with the speculation that it's primarily a spammer's zombie-generating tool, built by contract with some starving professional coder, and that the SCO and M$ DoS components are red herrings.
As you say, SC0-baiting is great fun, but illegal attacks do nothing for the case against them (tho they seem to be using it to further their own case *against* themselves, judging by the "time travel" element that Groklaw pointed out) and just make us look bad. SCO is perfectly capable of cutting their own throats without "help".
-- ~REZ~
#43301. Who'd fake being me anyway?
Re:Why today...
by
gad_zuki!
·
· Score: 2, Insightful
>The person who wrote the worm is not very good anyways.
Actually the guy/people who wrote this virus are very, very good. While the media and geeks go crazy over "attacks" on sco and microsoft, the authors are quietly collecting email addresses to sell and usernames/passwords from the keystroke logger. They have been very successful in this digital sleight of hand. Right now the current guesses focus on Russian criminals putting this whole thing together.
With SCO, what difference does it make that it is a Sunday? Their business is going down the pooper anyway, so one day is just as bad for them as any other....
Thanks for the info, saved in my evergrowing "SCOpera" files:)
I really think there's a good book in this whole sco thing. Both on the technical front and on the corp. dishonestly angle.
I looked at MyDoom's innards, and it struck me as odd, not typical script-kiddie material at all. I got the sense it was the work of someone whose programming work had *not* previously included this sort of thing. So I'm inclined to agree with the speculation that it's primarily a spammer's zombie-generating tool, built by contract with some starving professional coder, and that the SCO and M$ DoS components are red herrings.
McAfee is saying that mydoom has it's own SMTP server built in which I guess could lead back to a spammer or spamming tool. My thinking is why would a spammer draw some much attention to his "work"? Wouldn't be better to just quietly deploy the virus, do no damage to the host and spew it's trash about the net? Why attack sco or M$ which would "turn up the heat" on the virus' erratication and bring the feds out looking for both a spammer and a "dangerous" hacker?
I suspect a lot of stuff is going to come out if and when Darl goes to a criminal trial for fraud (on the downside, looking at the history of fed's prosecution of fraud crimes there's little chance he'll even get charged).
-- "And a voice was screaming: 'Holy Jesus! What are these goddamn animals?'" - HST
Re:Why today...
by
Anonymous Coward
·
· Score: 0
How the hell this got modded "insightful," I have no idea.
Note also - attacks started on 1st of February from places like Australia and New Zealand. This was Saturday USA time. "It's Feb. 1st everyone..." It's 2nd of Feb in Australia/NZ etc. MyDoom.b has probably already started attacking from here...
Re:Why today...
by
Anonymous Coward
·
· Score: 0
> Sunday isn't even a business day? How much money will they not lose?
I don't know how much they *won't* lose, but to think they won't lose money because it's sunday amused me. That's right, people don't go shopping on a sunday, do they?
Actually, that's a good idea -- I'm sure there IS a book in SCO's antics. I've got over 30mb of SCO files saved (I'll probably never look at them again, but I have that nasty habit of saving anything that was amusing:) and you'd have to work hard NOT to come up with a good 300 pages of juicy corporate soapage even from public information, never mind what a good investigative writer could dig up.
As to MyDoom's oddities, assuming there's anything in the report of a "sorry, world" embedded in the code, could be the spammer's captive coder trojaned the trojan, so as to make it less effective at its intended zombie-creation job *by* calling attention to it. Admittedly that's a stretch, but hey, everything to do with SCO is a stretch:)
One suspects the only way Darl and Co. will get serious fraud prosecution is if the SEC decides to make an example of them. Frankly it's about time some such company got their balls handed to them in a sack, as a lesson to others. But I'm not holding my breath either.:(
-- ~REZ~
#43301. Who'd fake being me anyway?
Re:Why today...
by
Anonymous Coward
·
· Score: 0
How the hell this got modded "insightful," I have no idea Hay Darl how'd you get online? Oh yeah thats right your at home today that's why your virus hit on a sunday isn't it? Kinda cute that next you put out one that targets Microsoft. I'm sooo glad you thought better of the version that DDoSes Slashdot... I mean if your trying to blame Linux the last thing you want to do is discredit that clame.
I would expect that deliberately setting a domain that you knew was under attack to point at anyone would make you just as guilty of the attack as whomever set it up to begin with.
However, setting www.sco.com to point to 127.0.0.1 would have been a master stroke. The only machines that would be affected by the denial of service would have been those infected. *evil grin*
-- --
All That's Evil in the Geek Space...
Allthatsevil.wordpress.com
Tee hee... yeah, M$ won't be able to claim they didn't DOS it to themselves;)
Waitaminnut... didn't M$ originally pilfer proto-DRDOS source? didn't Caldera wind up owning DRDOS? and now SCO and Caldera are one and the same, sortof... So by rights this SHOULD be SCO and M$ DoS'ing each other!!;)
I've got all my machines pinging the heck out of it, and they don't even have the virus.
-- The Political Programmer
Re:I'm Doing My Part
by
borgheron
·
· Score: 4, Insightful
This is not helping. Why would you even want to do this??
Please stop as you're injuring the community you're trying to help.
GJC
-- Gregory Casamento
## Chief Maintainer for GNUstep
Re:I'm Doing My Part
by
real_smiff
·
· Score: 2, Interesting
i think it was a joke, unfortunately, you're right he shouldn't even have cracked the joke, because some journalists reading this will take it seriously (damn, forgot to bookmark an example a few days ago).
--
This is my Sig, this is my Gun. One is for Slashdot and one is for Fun.
The parent comment is a JOKE. It is meant to be an amusing commentary on the general attitude of the open source community (us) towards SCO and its current business model. In no way is it meant to encourage illegal attacks (DDoS) on fradulent businesses (SCO). The above JOKE is just a joke, and an amusing one at that.
Thank you.
-- Sig (appended to the end of comments you post, 120 chars)
Obviously a sarcastic joke. The grandparent comment to this one is therefore real.
--
Am I the only one who heard Roxette to sing "I'm gonna get blitzed for some sex"?
Re:I'm Doing My Part
by
heliocentric
·
· Score: 2, Insightful
not all people understand geek humor
Listen, strange women lying in ponds distributing swords is no basis for a system of government. Supreme executive power derives from a mandate from the masses, not from some farcical aquatic ceremony.
Well you can't expect to wield supreme executive power just 'cause some watery tart threw a sword at you!
I mean, if I went around sayin' I was an emperor just because some moistened bint had lobbed a scimitar at me they'd put me away!
I tried pinging it on Saturday evening, and forgot that the GNU ping keeps pinging by default. Came back from dinner to find I'd sent over 2700 packets with a 100% loss rate.
Re:I'm Doing My Part
by
Anonymous Coward
·
· Score: 0
I tried pinging it on Saturday evening, and forgot that the GNU ping keeps pinging by default.
The ping found on most Linux systems is from BSD, not GNU.
The only ping that stops automatically by default is Windows'.
How stupid do you have to be?
by
Matrix9180
·
· Score: 5, Interesting
SCO had plenty of time to prepare for this. They were well aware it was coming. I personally believe it's a publicity stunt. (which probably wouldn't surprise anybody around here).
-- 120chars for a sig is teh suck
Re:How stupid do you have to be?
by
ardiri
·
· Score: 4, Insightful
> SCO had plenty of time to prepare for this
makes you wonder if they had anything to do with the virus itself? if someone was going to make a blatent attempt at SCO - why not make it a surprise. publicity stunt it may be, all being run on feb 1 (sunday, non business day) - its obviously worked. news all over the world has picked this up.
Re:How stupid do you have to be?
by
SkArcher
·
· Score: 4, Interesting
Analysis shows that all other sites on that router ring are working properly, that the net is no slower than usual and that You can still download SCO Linux from their site.
SCO Linux includes all the SCO disputed IP under the GPL, so download it now and burn to CD - keep it on a shelf and if anyone tries to claim money show that SCO have given you a license to use the code under the GPL.
--
An infinite number of monkeys will eventually come up with the complete works of/.
Re:How stupid do you have to be?
by
mindriot
·
· Score: 4, Interesting
It might well be a publicity stunt; but it's not like they're completely unprepared, at least according to netcraft:
We had expected that SCO might take www.sco.com out of the DNS in the run up to the MyDoom DDoS payload in order to keep the denial of service http traffic off the Internet. So far, though, www.sco.com still resolves and receives http requests, though closing the connection without sending a response.
That said, the sco.com hostmaster is reserving his options, with the TTL set to just 60 seconds at time of writing.
Re:How stupid do you have to be?
by
SkArcher
·
· Score: 4, Informative
An infinite number of monkeys will eventually come up with the complete works of/.
Re:How stupid do you have to be?
by
Matrix9180
·
· Score: 1
What's the login/password?
-- 120chars for a sig is teh suck
Re:How stupid do you have to be?
by
SkArcher
·
· Score: 2, Funny
just press enter, it isn't passworded
--
An infinite number of monkeys will eventually come up with the complete works of/.
Re:How stupid do you have to be?
by
whiteknight31
·
· Score: 1
Its saying Authorization is Required and asking for a password. On the other hand yes it is still working so it looks like they just took there own server down.
Re:How stupid do you have to be?
by
SoTuA
·
· Score: 2, Informative
I left user-pass blank... it works.
Oh the irony... look at the first three packages:
IBMJava2-JAVACOMM_1_4-1.4.1-4.i586.rpm
IBMJava2-JRE_1_4-1.4.1-5.i586.rpm
IBMJava2-SDK_1_4-1.4.1-5.i586.rpm
A bit further down:
SuSEfirewall2-3.1-50.noarch.rpm
SuSEfirewall2-3.1-90.noarch.rpm
Re:How stupid do you have to be?
by
Anonymous Coward
·
· Score: 0
Its getting slower. Should we make charts showing the hourly download speed versus geographic location for downloading their IP?
Re:How stupid do you have to be?
by
Anonymous Coward
·
· Score: 0
Well for all you conspiracy theorists out there -- why not just set up a DDOS attack against a Linux site or even slashdot??
Then place the blame on SCO because of all the SCO bashing that goes on here.
Re:How stupid do you have to be?
by
87C751
·
· Score: 2, Funny
But don't type 'wget -r --accept=.rpm --http-user= --http-pass= http://linuxupdate.sco.com/scolinux/update/RPMS.up dates/', no sir! That just wouldn't be friendly, now would it?
-- Mail? Put "slashdot" in the subject to pass the spam filters.
Re:How stupid do you have to be?
by
MurphyZero
·
· Score: 1
You know, all the comments about Darl got me to thinking. What needs to be done is to get that Joe Isuzu guy. (The guy who did the Isuzu commercials and they kept putting "He's lying" type words on the screen.) Just have Joe Isuzu speak the major comments that Darl has been saying, with the added on screen words similar to the Isuzu commercials.
-- Our founding fathers removed the guys in charge. Be American. Vote incumbents out.
Re:How stupid do you have to be?
by
jc42
·
· Score: 1
... all other sites on that router ring are working properly, that the net is no slower than usual and...
So how do we know that SCO is actually suffering from any sort of attack? It's easy enough to put your server offline. They're running apache, so "apachectl stop" will do the job.
I wonder if I should stop my home server for a day or so, and start hollering loudly that I've been hit by a DOS attack. I wonder who I should accuse of attacking me? Let's see; I'm running KDE at the moment on my linux box, so it must be those evil Gnomes...
-- Those who do study history are doomed to stand helplessly by while everyone else repeats it.
Re:How stupid do you have to be?
by
GSloop
·
· Score: 2, Interesting
So instead of DDOSing the webserver, they'll DDOS their DNS provider.
Still, better than nothing I guess...
Setting it to two, four, or even sixteen minutes wouldn't have caused them to lose much flexability, and since the DDOS "client" dings them every 60 seconds (IIRC) it would have put one half, one fourth or one sixteenth as much load on DNS.
But I guess that's what you get when you got a lawyer running the IT department.
Cheers, Greg
Re:How stupid do you have to be?
by
kindbud
·
· Score: 2, Interesting
Holy Freakin' Cow! Look at this Darl-ism:
O'BRIEN: One final thought. You're talking about the ultimate hall of smoke and mirrors here. What are the chances you could be duped into giving the reward to a culprit?
MCBRIDE: Well, the way it works here, Miles, is to pay the reward out means that that person will be in jail. So I guess conceivably they could turn themselves in, go to jail, sit around with their $250,000 and get out. So I guess maybe that's the way to make money. Since you can't make money with Linux because it's free, maybe that's the new monetization system.
-- Edith Keeler Must Die
Re:How stupid do you have to be?
by
Some+Dumbass...
·
· Score: 1
SCO had plenty of time to prepare for this. They were well aware it was coming. I personally believe it's a publicity stunt. (which probably wouldn't surprise anybody around here).
Actually, taking their website offline makes sense. They don't seem to need their website very badly (as many people have already pointed out). More importantly, keeping it online would cost them money in the form of bandwidth charges, technicians working overtime (to make sure the server stays up) or even just the cost of the electricity. Why pay money to keep a server up when nobody will be able to access it?
Re:How stupid do you have to be?
by
Anonymous Coward
·
· Score: 0
I am pretty sure the virus is written by SCO their IP number is in it.
Well, all we can do is wait till they charge us $699 for running the virus.
Re:How stupid do you have to be?
by
heliocentric
·
· Score: 1
I wonder who I should accuse of attacking me?
Whoever it is, I am sure you can find some intelligence that they have weapons of mass destruction related program activities. That'll give you a two-fer for headline opportunity.
"I'm being DDOS'd by people with weapons of mass destruction related program activities!"
-- Wheeeee
Re:How stupid do you have to be?
by
Reziac
·
· Score: 1
Your link comes up almost instantly, too... tho it did demand a username and password. When did that start?
-- ~REZ~
#43301. Who'd fake being me anyway?
Re:How stupid do you have to be?
by
Anonymous Coward
·
· Score: 0
Apparently the worm shits itself if it can't find www.sco.com, so removing the host from the DNS basically defuses the virus.
Re:How stupid do you have to be?
by
Reziac
·
· Score: 1
I tried that, it didn't get me anywhere. Neither did the obvious "anonymous:guest".
???
-- ~REZ~
#43301. Who'd fake being me anyway?
Re:How stupid do you have to be?
by
Anonymous Coward
·
· Score: 0
Maybe someone should post another story with links to all of them.
Re:How stupid do you have to be?
by
Ironica
·
· Score: 1
Analysis shows that all other sites on that router ring are working properly, that the net is no slower than usual and that You can still download SCO Linux from their site.
That link prompts me for a username and password. Darn! I really wanted to download something from them and add to the traffic!
-- Don't you wish your girlfriend was a geek like me?
Re:How stupid do you have to be?
by
michaelhood
·
· Score: 1
Three +5s in 7 minutes. Btw, this isn't going to help out your meta-moderating situation much.
Re:How stupid do you have to be?
by
Anonymous Coward
·
· Score: 0
I think it is a Microsoft stunt to discredit Linux. MyBoom.B and the reward is just cover up.
Well actually...
by
Chicane-UK
·
· Score: 5, Informative
If you query their DNS servers, you'll see that they have removed the A records to their site.
So the traffic just won't get to them anyway..
-- "Hey! Unless this is a nude love-in, get the hell off my property!!"
So it seems they reacted too late, maybe in 24 to 48 hours they'll OK...
-- May the source be with you!
Re:Well actually...
by
Anonymous Coward
·
· Score: 0
Not quite what you expect from a tech company, eh? Granted, this thing is somewhat bigger than your average script kiddie DDoS, but come on, there's lots of well documented anti-DDoS tactics out there if you bother to look.
Using all of the listed nameservers for www.sco.com as of 3:35 CET, www.sco.com still exists. There's still an A record, there's still an MX, looks like business as usually (excepting the richly deserved DDOS)
-- Beware the psychokinetic mimes!
Re:Well actually...
by
Anonymous Coward
·
· Score: 1, Informative
Um... no they haven't:
> dig @nsca.sco.com sco.com
;; ANSWER SECTION: sco.com. 1M IN A 216.250.128.12
No they have not. Check if your ISP is not doing them a favour and if they are not transparrently proxying DNS. If you wandering why do you need to transparently proxy DNS look up recent discussions on BUGTRAQ about trojans using port 53
-- Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
I read a thread on another site about this and a bunch of people said they had checked over SCO's DNS and said that the A records were removed, seeing as they were expecting a deluge anyway, they might as well do a bit of damage limitation.
-- "Hey! Unless this is a nude love-in, get the hell off my property!!"
Re:Well actually...
by
anticypher
·
· Score: 5, Informative
Not yet. I just checked all 4 of their name servers:
AUTHORITY SECTION: sco.com. 6H IN NS ns.calderasystems.com. sco.com. 6H IN NS ns2.calderasystems.com. sco.com. 6H IN NS nsca.sco.com. sco.com. 6H IN NS c7ns1.center7.com.
and all of them return www.sco.com. 1M IN A 216.250.128.12
So their name servers are still up and running, and pointing to a valid address. Reasonably, they have a 1 minute TTL, which will give them a quick response if they do decide to point it at 127.0.0.1 or 66.35.250.150.
the AC
the slashdot crud filter doesn't like double semi-colons in posts
-- Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
They have reduced the TTL to 60 seconds to make it easier to point it elsewhere if necessary.
Earlier today, the IP number was reachable on port 80 but closed the connection immediately. It didn't look overloaded to me - when that happens, it takes a long time for the connection to be established.
NB the TTL values are just one more reason to use dig rather than nslookup:-)
Could be a problem for weeks. The BIG ISP's do not (or didn't a few years ago) honor TTL's. I used to work for a large ISP. We had tons of problems when we changed a customer's addresses. The AOL's and Earthlink/Mindsprings of the world would force a 7-14 day TTL.
We learned that we had to just deal with it for a week or 2.
The output of that command made me think. What if the next virus DDoS's [A-M].ROOT-SERVERS.NET. Shouldn't be too hard, and could have really bad consequences. Hmm..
If you query their DNS servers, you'll see that they have removed the A records to their site.
Does anyone have the IP address for www.sco.com? I want to create a temporary local zone so my customers will still be able to resolve www.sco.com in case they need to purchase Linux licenses or receive online tech support.
Call me an old crank, but... kids today!
by
Anonymous Coward
·
· Score: 0
all of you who have been reading Slashdot know that today MyDoom.A begins it's attack...
But, evidently, not all of you who have been reading Slashdot know the difference between "its" and "it's".
Could someone explain this to me...
by
Anonymous Coward
·
· Score: 0
Why is SCO suing Microsoft ? It thinks they used some of their code or something ?
Re:Could someone explain this to me...
by
Colonel+Panijk
·
· Score: 1
Why is SCO suing Microsoft ?
Huh? Where did you see that? M$ is one of SCO's biggest sponsors in this whole sordid affair.
every rose has its thorn
by
victorvodka
·
· Score: 3, Insightful
A DDOS like this will have a trivial effect on a company like SCO, whose business model does not depend on its web site. For Microsoft, though, it really might cut into their bottom line and esteem as a company. Let's hope something good comes out of this idiocy.
--
The flag just makes more sense than the constitution. - Judas Gutenberg
Re:every rose has its thorn
by
Anonymous Coward
·
· Score: 1, Insightful
Their business model depends on their lawyers. We should flood their legal representatives with snail mails.
Re:every rose has its thorn
by
rlowe69
·
· Score: 1
Let's hope something good comes out of this idiocy.
I agree. How about an end to baseless lawsuits? How about an end to scripting support in e-mail clients? Those things would be nice.
-- -----
rL
Re:every rose has its thorn
by
Anonymous Coward
·
· Score: 0
Microsoft will not go down. I'd be surprised if you even saw much of a slowdown on Tuesday. Their ISP bill will likely be hefty for awhile though...
Re:every rose has its thorn
by
16K+Ram+Pack
·
· Score: 1
One good thing has come out.... SCO's share price is down (unless it's just a coincidence).
Some Open Source advocates were telling people what a crock of shit SCO were talking, and it did nothing. Someone launches a ddos attack and it takes something off the share price.
Remember, don't make any jokes.. These comments are obviously the voice of the open source community and may be quoted as such in wired.com articles as fact...
The only real joke someone could make would be to say the wired editors are any better than their slashdot counterparts.
Re:No joke
by
Anonymous Coward
·
· Score: 0
and comments here may be made by people working for P.R. companies; astroturfing. Which goes to show you should be wary of the legitamacy of anything written here.
Re:No joke
by
Anonymous Coward
·
· Score: 0
These comments are obviously the voice of the open source community and may be quoted as such in wired.com articles as fact...
or the "so-called" open source community, according to the Reuters article linked in the story
SCO has drawn the ire of the so-called "open source" programming community...
Telling people not to voice their opionions because of fear of what other people might think of you is an asinine way to excersice your right to free speech.
Yes, free speech is something we believe in at slashdot as well. We can and should make jokes. Why? Because we always make jokes about things! I would make a joke right now, but (1) I'm not that funny, and (2) I'm just too shocked that I am being told in a +5 comment not to say something.
Let the media report what they will. The fact is, some part of the community that you posted to can find humour in this. We are for sure a community that finds humour in everything.
Actually, now that I read your comment again, I am not sure you are serious. Perhaps it was just a joke and our mods have modded you insightfull?
There is nothing shocking in the grandparent post. Let's see:
- Stupid joke on slashdot, no shock. - Stupid moderators mod up a stupid joke as "Insightful", no surprise. - Somebody misunderstands stupid joke, makes shocked post saying "no, no, no!", no surprise.
Move along, nothing to see here.
-- Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
Re:No joke
by
Anonymous Coward
·
· Score: 0
No pop, I'm going to be veewy quiet and sit down here, and wait for others to speak. *keeps finger on lips*
Unfortunately, this is really the media's fault. There were several high profile articles that quoted posts modded +5, Funny on Slashdot's original article about MyDoom and cited them as the voice of the Open Source community, taking glee at this new virus. It was essentially cited as evidence that the "nefarious" Open Source community was somehow behind this virus or honestly approved of it. Basically these people don't understand how Slashdot works, that we find humor in even the most macabre topics, and that one person's comment doesn't mean anything more than that one random person thought something. As another poster said, it's like quoting a guy in a bar in LA and saying "people in LA think this...".
Anyway, I know and you know how to spot a troll/humorous post/etc. on Slashdot. And we know that people's opinions go all over the map on many issues discussed on Slashdot. Joe Reporter doesn't get this and there is a real risk of them printing more smear-stories about a community that like-it-or-not you will be perceived as part of by virtue of posting here. It's reasonable for us to try not to make that community look bad - not saying not to speak your mind, but to keep in mind that in a high profile story like this, even though you may be Joe Nobody, your words could be used against you and lots of other people.
Re:No joke
by
Anonymous Coward
·
· Score: 0
Nice excuses, but I see lots of posts here that earnestly support DDOSing SCO. If the shoe fits, wear it, Slashdolt.
I see a lot of posts saying Linux will beat SCO in a court of law, and that a DDOS on SCO's website doesn't really accomplish anything. I see a lot o frustrated people angry at SCO who may take some momentary delight in their predicament but when asked sincerely would recognize that a DDOS isn't going to win Linux new friends or victory in court or in the court of public opinion.
Dude... parent poster is just pointing out that jokes taken out of context are a political liability. There's been more than one occassion where comments from slashdot have been placed in front of a judge to support "the opposition".
-- -1, Too Many Layers Of Abstraction
Re:No joke
by
Anonymous Coward
·
· Score: 0
Awww, I'm so crushed that the rest of the world can't tell its head from its ass and takes Score 5 Slashdot comments as the gospel truth, not to mention the 'heartbeat' of the 'Open Source Community.'
Let them think whatever the fuck they please. Myself, I'm annoyed by this worm, but also truly pleased that such a simple feat of social engineering would infect so many machines. In addition, hiding itself in TASKMON.EXE is simply sublime, as virus checkers are loathe to delete files that are considered 'system critical.'
Besides, truth be told, every single/. poster could condemn this worm and the media would still report the anti-open-source angle, just because SCO is involved.
Here's a thought: If this whole SCO nonsense wasn't happening (and it shouldn't, if there were any sanity checks in the legal system), who would they pin it on if it wasn't the 'Open Source Community'? Misdirection is the key here.
The appropriate response at this point is to belittle wired at every opportunity. They need to be held responsible for their ineptitude. If the community from now on dismisses everything wired does using this example wired will never do it again.
They were incompetend at best and people whould call them on it. At worst they were shills for SCO and people should call them on that too.
--
War is necrophilia.
Re:No joke
by
Anonymous Coward
·
· Score: 0
So basicly the only way Slashdot could have prevented this would be not to post this story at all. Not much of an option..
Re:Slashdotted Reuters?
by
Matrix9180
·
· Score: 1
If you had RTFA (the one ON SLASHDOT, there actually isn't a longer one this time), you would have seen that the variant that targets Microsoft doesn't start it's attack until Monday, and I highly doubt Microsoft is as stupid as SCO and is already prepared for the attack.
-- 120chars for a sig is teh suck
Re:Slashdotted Reuters?
by
whiteknight31
·
· Score: 1
You obviously didn't read the article. The variant targeting Microsoft doesn't trigger its DDoS attack until Tuesday.
Re:Slashdotted Reuters?
by
Vlad_the_Inhaler
·
· Score: 2, Insightful
Did someone write a variant that went for www.reuters.com? Although they claim Sco.com was the only discernible victim on Sunday. There were no other reports of outages or slowdowns elsewhere online due to the worm..
Does anyone remember the article about Distributed Reflection Denial of Service from around 2 years ago? Quotating that one: I imagine that anyone reading this page is already well aware of my feelings regarding the deliberate and unnecessary inclusion of the raw socket API in a mass market consumer desktop PC. I am referring, of course, to the absolute insanity of Microsoft's inclusion -- and subsequent defense of -- the raw socket API in Windows XP.
While pedantic network experts, and Microsoft themselves, correctly argue that there are other ways to produce malicious Internet traffic, there is no easier way than through the use of raw sockets. The best way to earn users' trust is to deserve it. But deliberately incorporating this unnecessary facility into every Windows XP machine -- and essentially enabling it, by design, to become a malicious reflection attack generator -- makes a mockery of Microsoft's recent "Trustworthy Computing" rhetoric. We can always hope, as I fervently do, that Microsoft will recognize that it is not too late, and will remove raw sockets from XP during one of the product's continuous flow of patches and Windows Updates.
Microsoft really have brought this upon themselves. Sorry, but they were warned and deserve all they get. What this is about is: before XP, it was possible to recognise (and block) this sort of traffic at the routers.
Re:Slashdotted Reuters?
by
AndroidCat
·
· Score: 1
So far as I've heard, this has absolutely nothing to do with raw sockets or DRDoS. It just does a simple TCP/IP port 80 request for the webpage--many many times. Please don't add to the FUD.
-- One line blog. I hear that they're called Twitters now.
Damn, found better links just after having posted: This is about XP and this is a referring page which shows how previous attacks could be blocked. M$ were warned and - demonstrating unbelieveable arrogance - ignored all warnings. Even now, a service pack changing this behaviour would probably reduce the effects of this sort of worm.
Re:Slashdotted Reuters?
by
Anonymous Coward
·
· Score: 0
Are you on crack? There is nothing in any of these viruses beyond and above what is offered by Winsock. Steve Gibson is an idiotic attention seeking media whore and is universally derided by the security community, he has been a little quiet since "inventing" syn-cookies;-) This 'raw socket' thing was one of his attempts to generate a little hysteria and has no relevence to current windows viruses.
1, People complain when Microsoft doesn't follow standards, and now people are complaining because they ARE following standards?
2, How are raw sockets connected to a worm that uses HTTP GET request to DoS a website?
What this is about is: before XP, it was possible to recognise (and block) this sort of traffic at the routers.
So you are saying that the HTTP GET requests sent from a non-WinXP machine can be blocked, whereas the ones originating from WinXP machines cannot? One question (which you won't be able to answer as you are wrong, but still)... How??
3, Profit!
Re:Slashdotted Reuters?
by
AndroidCat
·
· Score: 1
While Steve Gibson is usually correct when reporting technical details, his conclusions sometimes come from tin-foil-hat-land. This is one of them.
In any event, this worm attack has absolutely nothing to do with XP and a DRDoS attack. It's just a plain old worm/virus infecting a whole lot of machines and having them all make lots of TCP/IP port 80 requests of "GET / HTTP/1.1\r\nHost: www.sco.com\r\n\r\n" This could have been done on any platform that allows viruses to spread. (Note that MyDoom affects pre-XP versions of Windows.)
A helpful Anonymous Coward provided links to these informativedocuments on the worm.
-- One line blog. I hear that they're called Twitters now.
Re:Slashdotted Reuters?
by
hankaholic
·
· Score: 4, Informative
Did you read the paragraph preceding the one you cite from the article? It reflects my own initial thoughts on reading your post, and doesn't attempt to blame the OS for what really is a network problem:
If ISPs would begin adopting the practice of preventing the escape of fraudulently addressed packets from within their controlled networks, this potent attack, and its many cousins, would die overnight.
This seems much wiser a suggestion than the anti-MS paragraph which you chose to cite. Who better to set actual network policy than those responsible for managing those networks?
Microsoft including a raw socket API is about as evil as Microsoft supporting the creation of outgoing connections to any arbitrary mail servers -- sure, it's open to abuse (DDoS, spam, etc.), but removing the sort of API that traceroute and ping tools would use to perform useful work is not a security fix. It closer to asking Home Depot not to sell hammers because they can be used as weapons.
Further, having MS remove the raw socket API would lead those with cruel intentions to use non-Windows machines exclusively to do their evil deeds. Consider that the mind which concludes that the raw socket API must be removed because of the unpleasant actions of a few people probably isn't far from thinking that operating systems which are engineered in an open and flexible environment can be used for subversion as well. Suddenly those using "subversive" non-MS operating systems which haven't removed raw packet interfaces are a little more suspect in the public eye.
If ISPs would only permit traffic with sane source IP addresses to leave their networks, then the only effect sending such packets out would have would be to waste traffic between the would-be tricksters and their ISP's router(s).
Either this is a troll, or you are given to flights of fancy. Linux not only has raw access to sockets but it has a packet generator for "network testing". Of course that's not generally compiled in, but any geek worth his salt will have it compiled as a module. It's not direct socket access that causes Windows to be a source of vulnerability, it's poor security in general, and stupid windows users.
You could easily replicate this worm's behavior on linux with a shell script that used commonly available programs to do its dirty work. The problem is getting all those Unix users to run it as root.
As for recognize and block this sort of traffic at the routers, it's STILL possible to block the traffic from the worm. You just have to be more creative. Anything that can successfully be sent over the internet can be filtered. However, the propagation of the worm is via email. You can block e-mail traffic at the routers as well, but that gives up a litle too much functionality.
P.S. Quotating? Sigh.
-- "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
LOL! Although I deserved that, sometimes one can actually read something and still miss an important point. Doesn't happen to me often, but *shrug*... Sorry! Please forgive my inattentiveness...:)
Re:Slashdotted Reuters?
by
Kymermosst
·
· Score: 1
The problem is getting all those Unix users to run it as root.
Exactly. I believe the WinXP raw socket API is available to all users, unlike *nix where it is restricted to root.
Besides, even if it is restricted to users with admin priveleges, how many people run their Windows XP machine (especially "Home Edition") with administrator priveleges? A lot, I'd wager.
-- "Alcohol, Tobacco, Firearms, and Explosives" should be a convenience store, not a government agency.
Re:Slashdotted Reuters?
by
Anonymous Coward
·
· Score: 0
Microsoft including a raw socket API is about as evil as Microsoft supporting the creation of outgoing connections to any arbitrary mail servers -- sure, it's open to abuse (DDoS, spam, etc.), but removing the sort of API that traceroute and ping tools would use to perform useful work is not a security fix. It closer to asking Home Depot not to sell hammers because they can be used as weapons.
Not only that, but if the official API was removed it would be all of about one day before someone whips out their NT DDK and write a kernel driver to do the same low level packet shit.
Steve Gibson is such a dipshit.
Removing the raw socket API will do nothing to improve security or curb DDoS mechanism.
Re:Slashdotted Reuters?
by
Anonymous Coward
·
· Score: 0
Steve Gibson may have written a few neat tools for harddisks (of dubious function anyway), but he is a complete IDIOT when it comes to this networking shit.
Removing the raw socket API would do NOTHING. Looking at all the clever BIOS modification and code injection and other stuff that worm and virus writers do, it would be trivially simple to write a kernel driver with the freely available NT DDK to replace the raw socket API. This would happen within 48 hours of Microsoft removing the raw socket support from whatever version of Windows they pull it from.
In fact, I wish they would remove the raw socket API just so that someone would write a replacement in a day and demonstrably prove Steve Gibson to be the fuckwit that he is.
Look on the bright side...
by
CrackedButter
·
· Score: 1
we slashdotters didn't have to read an article and we didn't have to waste time slashdotting sco.com anyway!
The DoS attack will start at 16:09:18 UTC (08:09:18 PST) on February 1, 2004. The worm checks the local system time and date to determine if it should initiate the DoS attack
I'm typing this and the time is currently 14:30UTC.
For those who are interested, it does appear to work in wine, before the news of it reached slashdot, I ran a copy of it in controlled conditions under Wine to see what it would do. It appears to be mainly a spam relay with SCO DOS'ing added as an afterthought.
Re:It shouldn't have happened yet
by
CrackedButter
·
· Score: 3, Insightful
wasn't it mentioned that some clocks gas the incorrect time, magify this over a million plus pc's and this makes a difference. Yes?
Re:It shouldn't have happened yet
by
whiteknight31
·
· Score: 1
Exactly. Some clocks can be misconfigured and if there are a million PC's running the virus then just a fraction of that is necasary to take SCO down. On the other hand an earlyier comment mentioned that it looked like SCO removed the IP addresses of their servers from the DNS.
Re:It shouldn't have happened yet
by
CapeBretoner
·
· Score: 1
The MyDoom attack trigger was set for 1609 GMT Sunday. But with so many computer clocks incorrectly set, the infected machines began firing off data requests at SCO.com hours earlier, Hypponen said. "It will only get worse for SCO as time goes on," he added.
Re:It shouldn't have happened yet
by
Phazer4
·
· Score: 2, Interesting
I think SCO have took their site down themselves as the attack shouldn't have happened yet.
Did you even read the article? Obviously not, or you know that it explained why the attacks are happenening before 1609:
The MyDoom attack trigger was set for 1609 GMT Sunday. But with so many computer clocks incorrectly set, the infected machines began firing off data requests at SCO.com hours earlier, Hypponen said. "It will only get worse for SCO as time goes on," he added.
Thank you, come again.
--
Thank you, come again.
Re:It shouldn't have happened yet
by
muffen
·
· Score: 1
I think SCO have took their site down themselves as the attack shouldn't have happened yet.
Not everyone sets the time on their computers right... I mean, the people getting infected are probably 12 O'clock flashers anyways (all electronic equipment in their house flashes 00:00).
Re:It shouldn't have happened yet
by
MarsCtrl
·
· Score: 1
(from the article)
The MyDoom Internet worm claimed its first scalp Sunday, paralyzing the Web site of American software firm SCO Group (SCOX.O: Quote, Profile, Research) with a massive data blitz.
In a statement issued Sunday morning, the Utah-based company confirmed MyDoom knocked its site, http://www.sco.com, out of commission.
"Internet traffic began building momentum Saturday evening and by midnight Eastern Time the SCO Web site was flooded with requests beyond its capacity," the statement read.
Now, according to the parent post (and here), this virus shouldn't start attacking for another hour. Yet SCO is down. Why?
On one hand, SCO would be perfectly justified in taking their own server down to avoid the costs associated with the attack. But is it really fair, then, to say that the virus knocked their website out of commission, when the virus shouldn't even be attacking anything yet? It doesn't take a great imagination to think of what the media would do with this ("SCO attacks own website").
--
I was going to put a sig here, but I had already submitted the message.
Re:It shouldn't have happened yet
by
ColaMan
·
· Score: 1
Now, according to the parent post (and here), this virus shouldn't start attacking for another hour. Yet SCO is down. Why?
Expand your worldview, man! Some of us live in the future;-)
Where I live (in.au) we're 10 hours ahead of UTC and 20 or so hours ahead of SCO. So theoretically they'd get each timezone coming online and increasing the load over a period of 24 hours.
--
You are in a twisty maze of processor lines, all alike. There is a lot of hype here.
I wish it wouldn't happen. This virus is painting the Linux community as a bunch of petulant adolescents - regardless of who's doing it.
I'm trying to remember who in the Linux community was quoted in the Wall Street Journal as saying "Let's take the high road." We should do just that. We all know that SCO doesn't have a leg to stand on. Let's let them sink themsleves.
--
There is no spoon or sig.
Re:Finally!
by
JustDisGuy
·
· Score: 2, Insightful
SCO may be making spurious claims to IP they don't actually own, but the moron that coded this deserves nothing less than the utter disdain of proponents of the Open Source movement.
-- Hanlon's Razor: Never attribute to malice that which is adequately explained by stupidity.
-- "Never attribute to malice that which is adequately explained by stupidity." - Hanlon's Razor
What I want to know is how many people infected their computers on purpose and how man just didin't remove the virus after they found it? Most prople won't do a criminal act will but ignoring somebody elses?
-- "A good friend will bail you out of jail. A true friend will be sitting next to you saying, 'damn....that was fun!'"
Course it's not funny they will just say "The terrorist group "Linux Community" has claimed responsibility for the attacks" and declare us part of the axis of weasel like they did the other day on CNN.
Re:Server
by
Anonymous Coward
·
· Score: 0
Course it's not funny they will just say "The terrorist group "Linux Community" has claimed responsibility for the attacks" and declare us part of the axis of weasel like they did the other day on CNN.
I hope the weasel anti-defamation league stuffs a rabid wolverine down your pants.
Looks like they changed it from OpenBSD to something unknown... and now it's down... pfft, they should have left OpenBSD on and used PF (properly I might add too), to stop this from happening to them. Oh well, who needs/wants SCO? I sure as hell don't!
Helps SCO and Microsoft
by
Mysteray
·
· Score: 4, Insightful
Does anyone believe that this will do anything except help SCO? It associates their enemies (IBM, Linux), with worm/virus creators and spammers. If this sort of thing keeps up, the US Legislative and Executive branches will actively take the side of SCO and MS against Linux and it's "hackers".
What do they need a website for anyway? Their only business is lawsuits and press releases.
Re:Helps SCO and Microsoft
by
tasinet
·
· Score: 0, Flamebait
no no no i dont think so....
it just makes clear that they are a hated lot.
Worms like this are the power of the people, and I for one salute the guy who wrote this:
a] attacks ugly mfckrs like sco and mcr$ft
b] terminates at 1 march so it doesn't linger forever.
c] payload is only in the form of [1] bandwidth consumption and [2] restricting certain websites.
I mean, come on, it coulda burned their motherboards up instead..
Why do you think that? The suggestion that this virus was written by a Linux advocate or by IBM was nothing more than a suggestion. It could just as well have been written by SCO or Microsoft.
Until the creator of the virus has been arrested and it turns out he is a Linux advocate, I do not assume he is. A spammer, that could be true. Spammers have distributed viruses before.
Re:Helps SCO and Microsoft
by
dreamchaser
·
· Score: 4, Insightful
YOU might not assume those things, but Joe Public will. It's all about perception. And if they catch the perp and he DOES turn out to be a linux zealot, it will taint the whole community.
Just because YOU have some sense and intelligence doesn't mean the press or the public does.
Re:Helps SCO and Microsoft
by
Anonymous Coward
·
· Score: 0
Plus a spam relay and key logger. I hate SCO as much as the next guy, but I didn't appreciate having to explain about misdirected bounce messages evey five minutes last week. Not to mention the sales guy's laptop which picked up a copy while he was on the road for 3 days.
Re:Helps SCO and Microsoft
by
Anonymous Coward
·
· Score: 0
who gives a fuck about joe doe?
let him keep his aol/xp account who cares what he thinks about linux anyway
Re:Helps SCO and Microsoft
by
dreamchaser
·
· Score: 2, Insightful
Ah, and that is exactly the attitude that is holding Linux and OSS in general back.
Public perception DOES matter, dimwit. Unless you want Linux to forever be a niche OS on the desktop that is. Maybe you do, and you're entitled to that opinion.
Virus experts think that the primary purpose of this virus is to turn infected PC's into spam gateways. Now the spammers realise that if people start to associate spam with viruses, then that's going to hurt sales of penis enlargement pills.
So they come up with this clever idea. Make the virus DOS Microsoft and SCO and then the press will report the DOS attack, diverting attention away from the spammers and onto the Linux community.
Clever, huh?
HH --
Re:Helps SCO and Microsoft
by
Mysteray
·
· Score: 1
So they come up with this clever idea. Make the virus DOS Microsoft and SCO and then the press will report the DOS attack, diverting attention away from the spammers and onto the Linux community.
Clever, huh?
Professor: By Jupiter, Gilligan! It's a plan so crazy, it just has to work!
Of all the theories floating around, I think I like your explanation the best. It may have one weakness though: you have to believe that spammers actually care enough to want to divert attention away from themselves.
What's the difference?
by
moehoward
·
· Score: 0, Redundant
What's the difference between writing a virus that targets sco.com and posting a link to sco.com in a slashdot story?
Anyone? Bueller?
-- "If you want to improve, be content to be thought foolish and stupid." - Epictetus
Re:What's the difference?
by
Octagon+Most
·
· Score: 1
"What's the difference between writing a virus that targets sco.com and posting a link to sco.com in a slashdot story?"
Out of curiosity I tried to load the page the moment I saw this story posted (before any comments were up in fact). No dice. That's a little quick to be the Slashdot effect. And I doubt they took themselves offline preemptively. So something's happening. I have no desire to be part of the problem though so I'll leave them alone.
Re:What's the difference?
by
sbennett
·
· Score: 5, Funny
What's the difference between writing a virus that targets sco.com and posting a link to sco.com in a slashdot story?
Simple. The virus is less effective.
Re:What's the difference?
by
salesgeek
·
· Score: 1
"What's the difference between writing a virus that targets sco.com and posting a link to sco.com in a slashdot story?"
One generates trafic that the marketing department can spin as interested potential buyers. The second generates trafic that the marketing department can spin as thiefs and competitors.
The worst news this month!
by
Anonymous Coward
·
· Score: 0
LOLZ!
SCO move to BSD
by
Oen_Seneg
·
· Score: 3, Informative
OpenBSD journal was commenting on how SCO moved their servers to OBSD: http://www.deadly.org/article.php3?sid=20040131082 431 Not even the might of OpenBSD web servers can stand up to a mass of infected windows boxen - watch out Microsoft, they're coming your way soon!
Re:SCO move to BSD
by
whiteknight31
·
· Score: 2, Informative
Check out the bottom of this page: http://uptime.netcraft.com/up/graph/?host=sco.com
It looks like they for the most part run Linux. Also they apperantly run apache to:)
You know, it seems ironic to me that MS is about to be attacked by its own software. They made the poor design decisions and let people open executable files directly, and now they (may) have to deal with the consequences.
what other decent web server would they run besides apache? just wondering...
-- 120chars for a sig is teh suck
Re:SCO move to BSD
by
Anonymous Coward
·
· Score: 0
Actually it is pretty obvious to anyone with even an ounce of network understanding that defeating a bandwidth based DDoS is not within the scope of possibility for an operating system or node hardware. This isn't a shortcoming of OpenBSD, Linux, or any other operating system: it won't stop your driveway from filling with snow either and you don't expect that it could do you? You can't stop someone from sending you packets and eating up your bandwidth; the best you can do is keep yourself from crashing under the load.
Re:SCO move to BSD
by
minkwe
·
· Score: 0, Flamebait
According to this article They made a big mistake.
"
OpenBSD 3.4 was a real stinker in these tests. The installation routine sucks, the disk performance sucks, the kernel was unstable, and in the network scalability department it was even outperformed by it's father, NetBSD... If you are using OpenBSD, you should move away now.
"
-- "Fighting terrorists with millitary might is like killing a mosquitor on your Dad's forehead with a rifle."
So where's the evidence that SCO is suffering from an attack of some sort? All I seem to see is that their machine isn't responding, and this has happened several times in the past week. How do we know that they haven't just turned off their server for the day?
What am I missing here?
-- Those who do study history are doomed to stand helplessly by while everyone else repeats it.
Re:Netcraft stats
by
Anonymous Coward
·
· Score: 0
Why do the netcraft stats show that SCO is running Linux as the OS for their webserver? Whatever happened to their SCO OS....
MyDoom? What's that?
by
Octagon+Most
·
· Score: 0, Troll
"all of you who have been reading Slashdot know that today MyDoom.A begins it's attack"
Actually I have been reading Slashdot and I have little idea what MyDoom does. Switching to a Mac has allowed me the pleasure of remaining virus/worm ignorant. It feels great. Of course I'll be pissed if I can't access my favorite websites (of which Microsoft.com and SCO.com are not two).
sco's t-1 wouldn't have handled it anyways..
by
Anonymous Coward
·
· Score: 0
pretty soon they're going to have to find a new backbone with all this publicity.
Whoop-dee-doo!
by
Anonymous Coward
·
· Score: 0
Great, can't wait to see M$ being hit:) Next I'm gonna sue the hacker for copying our code!
I checked on the way to bed.. they were gone already.
-- ---- Booth was a patriot ----
slashdot is the problem
by
Anonymous Coward
·
· Score: 0
If we had slashdotted them hard enough and often enough, then SCO would have been able to handle the traffic. So it is our fault for not giving them a high enough baseline to make the DOS attack look like noise.
Re:slashdot is the problem
by
Slave1007
·
· Score: 1
Or is it our problem this time? MyDoom.B + Slashdot simply put SCO out this time.
SCO tried to prepare for MyDoom.B, but they forgot Slashdot.:)
hmm.. i just loaded the page.. hmm...
WTF? Is it DOSed or not?
does it really matter what people think
by
relrelrel
·
· Score: 1
about the linux community? it doesn't make our case over SCO any less powerful, and obvious. We're innocent, until SCO proves otherwise, we all know they can't/won't do that, so whereas we may look to be the bad guys NOW, the linux community will continue, whereas SCO is on a deadline, and they're going to come off worse than anyone.
-- ---
any post that takes longer than 20 seconds to write, isn't worth writing
I wish it wouldn't happen. This virus is painting the Linux community as a bunch of petulant adolescents - regardless of who's doing it.
Yeah! Like that is sooo untrue. Next they are going to be saying that the Linux community is a bunch of overweight hippies who never get any exercise and live off a diet of potatoe chips and caffine. There is not the slightest evidence to back those claims.
Besides the guy can not be an OSS guy, other wise he would not have only released his code on the closed proprietary Windows platform.
--
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Funny, when I go to SCO's site...
by
Glock27
·
· Score: 4, Funny
all I get is "Document contains no data".
Just like the IBM lawsuit...;-)
I don't advocate virus attacks to further the OSS community's aims...all Linux software authors and organizations ought to be suing SCO instead. That kind of attack will cost them real money and time, and won't generate any sympathy from anyone (who's sane anyhow).
-- Galileo: "The Earth revolves around the Sun!"
Score: -1 100% Flamebait
Re:Funny, when I go to SCO's site...
by
Anonymous Coward
·
· Score: 0
Oh thats obviously a good idea - sue and countersue and counter-counter sue! Yes THIS is the world I want to live in! IANALBATLTIWIW (I am not a lawyer but at times like this I wish was)
Re:Funny, when I go to SCO's site...
by
Anonymous Coward
·
· Score: 0
So I guess SCOs web page now lists all the "stolen" code.
Re:Funny, when I go to SCO's site...
by
Anonymous Coward
·
· Score: 0
Re:Funny, when I go to SCO's site...
by
drinkypoo
·
· Score: 1
I don't advocate them either - That's why I suggest a new article with a link to SCO (by IP if necessary) on slashdot every day, telling people that there is something wonderful on SCO's site (like linux sources, which incidentally are now passworded, I guess someone over there caught onto the fact that people were using any spare bandwidth they had available to download linux sources from SCO to drive up their bandwidth costs) and then tell them all to keep clicking, because they're sure to get through eventually. This is the best DDOS I can think of...
-- "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Re:Funny, when I go to SCO's site...
by
Reziac
·
· Score: 1
OT: What browser are you using exactly? I had cause to research that "document contains no data" thing a while back, and seems it's a browser bug that requires a matching server bug to manifest. Netware 4.1x actually had a patch to address the issue. You don't normally see it with linux/apache servers; it's more often a Solaris problem.
Tho wrt SCO's lawsuit, the message does seem eerily prophetic:)
It seems my ISP has added a DNS entry to their name servers for www.sco.com pointing to 127.0.0.1. It does have a low TTL (primary: 107?, secondary: 300), but I wonder how long they'll continue this?
Someone at some point might actually want to visit www.sco.com... nah, probably not.;-)
z
-- What would an EWOULDBLOCK block, if an EWOULDBLOCK could block would? -- me
Although I certainly don't approve of these malicious virii, I can't help but think that Microsoft is partially responsible for the attacks on itself. Maybe this will be a wake up call to them that security on Windows sucks ass. It's getting downright dangerous to be using Microsoft products these days, and even if Microsoft doesn't agree, their customers, and their shareholders, might.
lthough I certainly don't approve of these malicious virii, I can't help but think that Microsoft is partially responsible for the attacks on itself. Maybe this will be a wake up call to them that security on Windows sucks ass.
In related news: Due to an overwhelming number of trojans DoS attacking various sites, Microsoft has decided that only Internet Explorer is allowed to make outgoing HTTP GET requests on port 80.
Microsoft is also offline
by
Anonymous Coward
·
· Score: 0
It has been on and off and on and off all night long. And today is not February 3rd. Sounds strange.
M$ might not be hit so hard..
by
Anonymous Coward
·
· Score: 4, Interesting
According to heise.de(in English) MyDoom.B is not nearly as widespread as the A-version. According to the article the A-version just had a good start, because it was distributed through an IRC-Botnet. So we will probably not see microsoft.com going down.
Allowing it to install for the DDoS capability would be debateable, depending on what side of the SCO argument you may be on, but personally I wouldn't want the back door trojan that also installs on your machine at the same time....
I have a 15 year old son and the best advice I have given him concerning our home computer is similar to the old anti-drug commercials...'Just say No' when asked to install something. Has worked wonders. If he has a question about something, he asks me or phones me....wish most other clueless ID10T users would follow same advices....world would be a better place...
-- You're messin' with my Zen Thing, man.....
How did this virus spread so easily?
by
galaga79
·
· Score: 4, Interesting
What I don't get is how this virus spread so far, considering how hard it must to be get infected by it. You'd have to go out of your way to get infected since the spreads its self as zip compressed attachment.
I can understand how past viri have spread so quickly taking advantages of exploits in Outlook and Windows RPC etc, but this doesn't seem to use any exploits what so ever.
Is it just a lot of stupid users or I am missing something?
Re:How did this virus spread so easily?
by
lordkimbot
·
· Score: 3, Funny
You've never worked with 'my' end users. Why worry when you can just beat the 'ITguy' dog about it.
-- sig mind freed
Re:How did this virus spread so easily?
by
Amorpheus_MMS
·
· Score: 1
Perhaps social engineering beats exploits afterall.
Re:How did this virus spread so easily?
by
unborn
·
· Score: 4, Insightful
An infection where the user knowledgeably accepts a substance ( even if considered harmless at the moment of acceptance ) should be called "a poison", not "a virus".
If you are given a drink that will kill you, but you drink it without knowing - that's a poison. If someone sneezes a few feets away and an airplane passes by you at the same exact moment of the other person sneezing and you can't hear the sneeze, and you get infected - then it's a virus.
Hence, opening an executable is subjecting yourself to the possibility of poisoning. Reading your email while a flaw is exploited in your email client is a virus.
Re:How did this virus spread so easily?
by
Lumpy
·
· Score: 4, Informative
a lot of stupid users? yes and no. For the past 4 versions of Windows Microsoft has refused to remove a huge security hole called file extension hiding. They knew it was a gigantic hole when they added it, and many MANY times industry experts have pleaded to them to remove it. Microsoft refuses.
Microsoft did not spread the virus but they created the tools to ensure it's spread by the non-technical.
and people ask about the "cost" of linux, how about the extreme cost of continuing to use Microsoft products...
-- Do not look at laser with remaining good eye.
Re:How did this virus spread so easily?
by
gdav
·
· Score: 5, Funny
The users that I support would double-click on a landmine to see what it did.
Re:How did this virus spread so easily?
by
plugger
·
· Score: 1
I saw the alert last weekend, and sent a global email warning everyone about it first thing on Monday. Two people (out of 15) clicked on the attachment on Tuesday, thankfully it was stopped by our antivirus software.
Part of the problem is that the mail appears to come from their regular contacts, so they think it must be safe. Another problem is that they are busy doing their own jobs, virus alerts just get forgotten in the rush.
Re:How did this virus spread so easily?
by
prandal
·
· Score: 2, Insightful
Re:How did this virus spread so easily?
by
gmuslera
·
· Score: 1
I think part of the sucess was the bounce effect. The virus is not only sent to you, but also it is sent to other address in your name, and the other address most (?) times is a fake one, with a for-try user and an existing domain. That message probably will bounce as the remote user don't exist, and will bounce to you.
People could be suspicious about virus that sent someones else, but, what about files that supposedly sent yourself?
The worst thing on this is that we see just the tip of the iceberg. Other kind of virus are spreading more now as internet as email addresses are very more distributed (received several "old" ones this last days) as more scams, and, of course, spam.
Re:How did this virus spread so easily?
by
Anonymous Coward
·
· Score: 0
This is a tricky beast. A lot of the infected emails come in with subject lines of "Mail Undeliverable" or the like. So, the average user might open the attached file, thinking it was an email that could be delivered. Of course, that user wants to know _which_ email.
Re:How did this virus spread so easily?
by
Anonymous Coward
·
· Score: 1, Interesting
Ignorance abounds around here.
This app hid itself as a variety of different names, a variety of extensions. Even if it was.zip, the OS ignored the.zip and 'knew' it was an application. These were NOT.zip.exe's or any such tricks. Even on machines NOT set to hide extensions, the.zip runs as an application.
Combined with the classic 'error' masking, and it's just a recipie for disaster. People honestly wonder why there's an email in their box that looks like they sent it and had it bounce back. Combined with the logic that a.zip file is a 'safe' one to double click, and we have the conditions used to perpetuate the virus.
At my work, one of the most computer savvy users there got wormed. Just because he wanted to see what was inside the.zip. Or it might have been a.txt (even SAFER in his mind). His machine didn't hide extensions. I know this.
Of course, the funny part is that most of the people at the same office (the less computer savvy ones) all deleted it because it was an attachment, and noone trusts attachments anymore. There's a level of LOL to that, but that's for another post.
Pure social engineering. This has always been the key to malicious computer use. Why do you think the virus that acted as a 'Windows Update' worked so damn well?
Re:How did this virus spread so easily?
by
drinkypoo
·
· Score: 3, Insightful
Never underestimate the power of human stupidity. I spent a whole working day doing nothing but cleaning this virus (with stinger) in the process of which I found a couple other worms as well. You ask people, why did you even look at that attachment? What made you think it was a good idea to run it? And half of them say, I didn't open an attachment! Well, bollocks to you, obviously they're clicking things without realizing what they're clicking. People need more computer training, plain and simple. I wonder if the situation would be analogous to driver training. Germany has much much driver training than the USA and consequently they can have highways where you can drive as fast as you can manage without doing anything stupid (besides drive really fast in the first place.) Of course, there, if you get caught without your reflective triangle on the autobahn, kiss your license good bye; Same if you're hogging the left lane and someone flashes their brights at you, and you don't get over.
I wonder if more computer training would reduce the number of "accidents" like this that we have here. It seems even most persons who use the computer as a key part of their job every day have no idea what the hell they're doing. I'm not expecting them to know (much about) how it works, just to sort of get an idea of what's a good idea, and what isn't.
-- "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Re:How did this virus spread so easily?
by
glesga_kiss
·
· Score: 5, Insightful
For the past 4 versions of Windows Microsoft has refused to remove a huge security hole called file extension hiding.
Bollocks. The people commonly infected with viruses wouldn't even know what a file extension was, let alone the difference between an exe and a txt file.
"The one with the W is a word file, the portrait is a graphic file etc". Give a file "virus.exe" the same icon graphic as a word file, and most users wouldn't know the difference.
On the other hand, if you don't hide the extension, then each of us here would be constantly dealing with dumb users who have renamed "Document1.doc" to "Report" (no extension). For 99% of users, hiding extensions is a good idea.
Re:How did this virus spread so easily?
by
misterspo
·
· Score: 1
you greatly underestimate the stupidity of users.
I once had a boss fire up an attachment "because it was from a friend"
I believe it was IloveYou. it erased all images on our webserver...because the fucktard insisted I link his system directly to the web server directory as a samba share..he wanted access to change any file at any time on a whim.
but..he told me to set it up that way,and wouldn't take no for an answer, so he got to pay me to clean up after his mess. thank god for automated backups.
he DID lose a day's productivity, as I had to shut down the entire network, thus shutting down the entire office.
I think if SCO wants to point the finger, they should point the finger at microsoft.
Re:How did this virus spread so easily?
by
afree87
·
· Score: 1
Unlike other Trojans, this one was pretty hard to figure out; it looked just like a text e-mail that hadn't been processed correctly or contained special characters. I don't blame the end users for this one.
I blame Microsoft. Yeah, everyone blames Microsoft, but I have a case-- if they hadn't hidden the file extensions, it would have been much easier to figure out that MyDoom was a Trojan.
Re:How did this virus spread so easily?
by
Anonymous Coward
·
· Score: 0
each of us here would be constantly dealing with dumb users who have renamed "Document1.doc" to "Report" (no extension).
If the people in your company are so dumb that they don't realise what the message "WARNING! If you change a filename extension, the file may become unusable. Are you sure you want to change it?" means, then maybe you should just kill them all and do the human race a favour.
Re:How did this virus spread so easily?
by
stm2
·
· Score: 1
At first I asked myself the same question. But now I understand: The virus looks like a pretty standard bounced message, and people just want to see which message didn't make it thorought. I think it use an "exploit", if you could call an exploit to use double extension (.scr.zip).
Re:How did this virus spread so easily?
by
Tom
·
· Score: 1
On the other hand, if you don't hide the extension, then each of us here would be constantly dealing with dumb users who have renamed "Document1.doc" to "Report" (no extension).
And that would be a problem exactly why?
Oh, you mean, winDOS is still relying on file extensions? Man, I had thought we have something like the 21st century by now.
Re:How did this virus spread so easily?
by
Anonymous Coward
·
· Score: 0
Easily fixed. Fire up Regedit and search for "NeverShowExt" and delete all these keys. It won't help though, because clueless users will always be clueless losers.
Re:How did this virus spread so easily?
by
You're+All+Wrong
·
· Score: 1
If you let it in, and then during the night a dozen armed soldiers climb out in order to do harm, then it's a _trojan_.
YAW.
--
Your head of state is a corrupt weasel, I hope you're happy.
Re:How did this virus spread so easily?
by
Sigma+7
·
· Score: 1
Give a file "virus.exe" the same icon graphic as a word file, and most users wouldn't know the difference.
That's not exactly true. If they see something labelled "virus", they would enter a panicky state and proceed to disinfect the computer and monitor with Lysol, and rinse using soapy hot water.
But still, executable attachment problem will need to be fixed in one way or another. The most obvious is to prevent msoffice files from containg VBScript, and to prevent e-mail clients from directly opening those files (e.g. must be saved to desktop first.)
Re:How did this virus spread so easily?
by
Phil+Wherry
·
· Score: 4, Interesting
What I find particularly fascinating about all of this is the fact that this is being treated primarily as a user education issue. While it's true that a savvy user can dodge this attack completely by simply not opening the attachment in question, one might still rightly ask, "Why is it that users have to be security-savvy in order to effectively use their computers?" Many of the security problems that we see are, in fact, caused by architectural flaws.
The lack of distinction between executable files and data is the first problem. Windows differentiates between data files and programs through file naming convention; the mere construction of a filename is sufficient to get the operating system to attempt to run it if the user should happen to click on it within the GUI.
Other operating systems don't do this. Unix systems have an attribute separate from the filename that indicates that the file is executable code. This attribute (a permission bit, actually) must be set in order for the code to execute in response to a click from within the GUI (or, for that matter, in response to actions in the command-line interface). Had this worm been effective on a Unix system, it would have required that the user save the attachment as a file, modify the executable permissions for the file, then invoke the application. Most other non-Unix systems with which I've worked are similar; you have to either explicitly communicate to the operating system "run this file as a program" or somehow bless the file in order to turn it into an application.
Once the application is running, we discover the next major architectural flaw: it's possible for most users of Windows to modify the behavior of the operating system itself without realizing it. Most modern operating systems require a user to be in some sort of a privileged mode in order to install applications or otherwise change the behavior of the system. The "su" command (or, better yet, the "sudo" command) in Unix allows one to assume "superuser" privileges for this purpose. In Windows, you have to be logged in as a user with administrative rights to the computer, but there's no simple way to assume and release privileges for the purpose of installing an application. So most users (outside the most restrictive of corporate environments) use their Windows environments from a login with full administrative privileges. This is the equivalent of running one's Unix environment while logged in as "root," a practice regarded as reckless and incompetent. Unfortunately, it's very hard to get work done in Windows any other way.
As a result, malware like the MyDoom worm can take advantage of these administrative privileges in order to make itself harder to remove. It's quite common for such applications to add themselves to the list of things that run when the computer is started up. One variant of the MyDoom worm even goes so far as to damage a network configuration file in order to make it difficult for antivirus software to download updated signature files. These attacks work only because the worm is easily able to gain administrative rights to the computer. There's certainly plenty of mischief that can be perpetrated as an ordinary user, but it's quite a bit easier to prevent when the OS is off-limits. And, when bad things do happen, it's vastly easier to clean up the damage when the integrity of the operating system itself isn't in question.
So, the next time you hear the claim that a security problem is caused by a user acting stupid, consider this: is it really the case that the user is stupid, or is the real stupidity the set of architectural decisions that enable the user to make mistakes?
Re:How did this virus spread so easily?
by
kalidasa
·
· Score: 2, Insightful
So explain to me why I've had this conversation several times with my users:
Well, of course I opened it. It says it's a JPG, and you can't get a virus from a JPG.
I don't understand - I thought you couldn't get a virus from a text file?
It's just a web page, it can't possibly be a virus.
Answer: a little knowledge is a dangerous thing. Especially if you're dealing with people who have file extensions turned on at work, but off at home, or vice versa.
Re:How did this virus spread so easily?
by
warm+sushi
·
· Score: 1
Maybe you need an OS that doesnt rely on file extensions to identify file types.
Re:How did this virus spread so easily?
by
line.at.infinity
·
· Score: 1
Bollocks. The people commonly infected with viruses wouldn't even know what a file extension was, let alone the difference between an exe and a txt file.
Of course they wouldn't know, because the file extensions are hidden. More reason to stop hiding file extensions so they can know what they are.
On the other hand, if you don't hide the extension, then each of us here would be constantly dealing with dumb users who have renamed "Document1.doc" to "Report" (no extension). For 99% of users, hiding extensions is a good idea.
The amount of dumb users who would do that never amounted to more than 1%. Windows gives warnings if you try to change a file's extension anyway.
Re:How did this virus spread so easily?
by
nathanh
·
· Score: 1
An infection where the user knowledgeably accepts a substance ( even if considered harmless at the moment of acceptance ) should be called "a poison", not "a virus".
It's already called a trojan, which I think is a much better name than a poison.
Re:How did this virus spread so easily?
by
colmore
·
· Score: 1
Thanks in large part to the web ("would you like us to remember this password?") using a computer has become an exercise in clicking a thousand identical little-grey boxes. People SHOULD read those things, just like they should read EULAs and the 12 pages of text they're handed when going in to get their teath cleaned or to buy a VCR, but since this is the real world and people have shit to do, it doesn't happen.
-- In Capitalist America, bank robs you!
Re:How did this virus spread so easily?
by
GMFTatsujin
·
· Score: 1
I think we can fairly, in part, assign the stupidity attribute based on the user's capacity to learn and retain what the dangerous action is, regardless of environment.
In other words, there's not a lot of one-trial learning rats out there. They keep putting their hands on the hot stove. They keep sticking the forks in the electric socket. They keep driving the cars after the oil light comes on.
We can't remove the risky parts that the user can't seem to avoid, because then nothing gets done at all. We can turn off the stove, kill the power, and remove the car engine, and keep the user completely safe... and useless.
Instead, how about acknowleging that some times dangerous things are possible, and that, having done the dangerous thing once and gotten burned by it, the user should learn to NOT DO THE DANGEROUS THING ANYMORE. One trial learning rat.
Me, I'm all for bringing portable hotplates to the workstations when I have to clean up a virus call. If it is determined that somebody opened an attachment when they should have known better, it's five seconds at 400 degrees.
Re:How did this virus spread so easily?
by
24-bit+Voxel
·
· Score: 1
I always thought to myself that the ATTENTION: FOLLOWING VIRUS ALERT XXXX IS BLAH BLAH BLAH... emails were a bit spamlike in the way the title looked. Consequently, I never read them.
But I've never infected a machine either. Well, actually that's not true, I visited some Russian porn site once that was magnificently constructed. Opera still doesn't open at all anymore (even after Regclean and reinstall).
Re:How did this virus spread so easily?
by
Spoing
·
· Score: 1
Instead, how about acknowleging that some times dangerous things are possible, and that, having done the dangerous thing once and gotten burned by it, the user should learn to NOT DO THE DANGEROUS THING ANYMORE.
Either way, Phil Wherry was right; "The lack of distinction between executable files and data is the first problem. Windows differentiates between data files and programs through file naming convention; the mere construction of a filename is sufficient to get the operating system to attempt to run it if the user should happen to click on it within the GUI."
If the environment encourages casual mistakes or even hides the danger signs from view -- for experts and nubies alike -- that is a serious issue. Microsoft needs to fix this design defect; no excuses.
-- A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
Re:How did this virus spread so easily?
by
Anonymous Coward
·
· Score: 0
Well that depends - have they flagged it yet?
Re:How did this virus spread so easily?
by
character+sequence
·
· Score: 1
In Windows, you have to be logged in as a user with administrative rights to the computer, but there's no simple way to assume and release privileges for the purpose of installing an application.
Actually, there has been a way to execute programs as another user since Windows 2000 at least. Just shift-right-click on an executable and select "Run as", then enter the relevant login info. If you want "su" like functionality, just start a command shell as "Administrator".
A lot of people bag MS Windows on technical grounds, but most of the problems are at the application layer, in my opinion. The actual NT kernel took a lot of ideas (not to mention people) from DEC/VMS. I'm talking about things like ACLs and fine-grained, separately assignable user privileges. Unix just gives you root, non-root and group permissions on files.
So most users (outside the most restrictive of corporate environments) use their Windows environments from a login with full administrative privileges. This is the equivalent of running one's Unix environment while logged in as "root," a practice regarded as reckless and incompetent.
Yeah. I'ts not due to an inherent limitation in the operating system, though.
-- Karma: Nonnegative
Re:How did this virus spread so easily?
by
Anonymous Coward
·
· Score: 0
You'd have to go out of your way to get infected since the spreads its self as zip compressed attachment.
No, it doesn't. No matter what extension it has -- be it.txt,.scr, or.zip -- it is still recognized by the OS as an executable application thanks to the magic of MIME types. For example, the following was cut-and-pasted from an email I recieved of the MyDoom trojan:
The mail reader doesn't look at the three-letter extension to figure out what kind of attachment it is, it looks at the "content-type" tag and is told it is an executable "application/octet-stream" encoded similar to UUEncoding (C-T-E: base64).
No going out of one's way is needed as it spreads itself as an executable no matter what the file name and extension may be.
Re:How did this virus spread so easily?
by
Anonymous Coward
·
· Score: 0
The above posters are all incorrect. The trojan doesn't rely on file extensions as it doesn't try to hide its extension. Instead it uses MIME types to classify itself as an executable no matter what extension it may have. See my other post explaining how it works.
Re:How did this virus spread so easily?
by
Anonymous Coward
·
· Score: 0
We do, but they don't.
They are still in 1756.
Re:How did this virus spread so easily?
by
plugger
·
· Score: 1
I agree that those type of emails are spamlike when people start forwarding them to everyone in their address book. Perhaps I should have used better language, I sent a company wide email warning people of the risk. I'm a small time admin for a small firm, 20 employees, so they know me and hopefully listen to my advice.
SCO is Slashdotted...
by
sridev
·
· Score: 1, Funny
Even if SCO recovers from the virus, it'll get Slashdotted soon!!
DDoS attack time table + analysis of DoS in Mydoom
by
Anonymous Coward
·
· Score: 5, Informative
There was a story posted "Refuting tall-tales and stories about the Mydoom worms" which can be found at: http://www.math.org.il/mydoom-facts.txt
It contains the Time Table for the attack along with reverse engineering analysis of the DoS component in Mydoom.
You might also want to check: http://www.math.org.il/newworm-digest1.txt
Which contains an analysis and reverse engineering bits for Mydoom.A>
Re:Finally!
by
Anonymous Coward
·
· Score: 5, Insightful
This virus is painting the Linux community as a bunch of petulant adolescents - regardless of who's doing it.
No, it's not. The media (and SCO, et al for obvious reasons) is painting the F/OSS community as adolescents
Re:Finally!
by
Anonymous Coward
·
· Score: 0, Funny
Yeah! Like that is sooo untrue. Next they are going to be saying that the Linux community is a bunch of overweight hippies who never get any exercise and live off a diet of potatoe chips and caffine. There is not the slightest evidence to back those claims.
Funny, i thought the linux community DOES consist of a bunch of overweight hippies who never get any excercise and live off a diet of potato chips and caffiene.
yes, something smells here.
by
twitter
·
· Score: 1
From SCO:
"While we expect this attack to continue throughout the next few weeks, we have a series of contingency plans to deal with this problem and we will begin communicating those plans on Monday morning," Jeff Carlon, worldwide director of Information Technology infrastructure, The SCO Group, said in the statement.
Why wait till Monday to announce what you are going to do? Any normal company would have named it's contingency plan in advance and have executed it before the attack. You tested it in Wine, I'm sure that even SCO lawyers could have tested a Windoze machine by changing the clock. They should know what the virus is going to do to them and how to block it. Nothing from SCO ever makes sense.
Well, what do you expect from a company that cease and dissist extortion letters without telling you how you have infringed? Par for the SCO deal, they are sucking this for all that it's worth.
Chances are that they or Microsoft wrote the damn virus. No one else really cares.
Why would a "normal" company publicize in advance how they were going to combat the attack? Wouldn't that just give the virus writers a chance to modify their strategy? It would be like John Fox publishing his playbook right before the Super Bowl.
Some day, if you ever grow up, you are going to look back at the constant stream of arrogant-yet-ignorant nonsense you constantly spew on Slashdot and be mortally embarrassed.
Moderators: Please note that "twitter" is a known fanatical psycophant whose obnoxious offtopic rants are legend here on Slashdot. It doesn't matter what the topic is, he'll find a way to scrape in some pointless Microsoft bashing. While nobody expects us to love Microsoft in any way, his particularly tepid style of calling anyone he replies to "troll" or "liar" because he happens to disagree with whatever they're saying is well documented and should not be rewarded. If anything, twitter is the type of person that should not be part of the open source/free software community. He is an anathema to all that is good about free software.
I'm posting this so that you (the moderator) have some context to consider twitter and not mod him up whenever he posts his filler preformatted rants about installing Knoppix or whatever that unfortunately get him karma every single time and allow him to continue posting his trademark toxic crap (read on) day in and day out. You may consider this a troll - I consider it community service. And I ain't kidding.
If you're a/. subscriber, I invite you to look through some of his posting history. I guarantee that you'll be hard pressed to find someone that is more "out there" than twitter. You'll also probably notice he's got quite an AC following. Don't just read his posts, make sure you go through the replies.
For example, in this recent post twitter not only calls the OP a troll but attempts to "tell it like it is" while making some vague argument about "GNU". Yes, if you're confused, you're not alone. The reply (modded +4) proceeds to simply destroy his bogus argument. You will notice he did not reply. This is what some people call "drive-by advocacy". A sort of I'll just leave you with my thoughts here and move on to the next flamebait kind of deal. In fact, he almost never replies because he knows that his fanatical arguments simply do not hold up to any sort of discussion. It's not that he's chosen the wrong cause - he's just going at it in a completely wrong way.
More? Just read though this post and the subsequent replies. I guess this stands on its own.
FUD, FUD, FUD, FUD, offtopic FUD, and more FUD. This guy is like the Monty Python SPAM skit, but with FUD and more FUD instead of canned meat. Amazed
Re:MyDoom? What's that?
by
Octagon+Most
·
· Score: 1
Ok, I guess I'm a Troll. My point was that we don't all live in perpetual fear of being unwitting pawns in a zombie DDoS attack. Since I don't run Outlook under Windows I don't pay much attention to the media hype over these worms. I'm assuming it is more interesting to the Slashdot crowd because of the SCO angle. That said it does affect me if I can't get my email or view sites I want, but I am not otherwise personally concerned.
Is it Down or is it 'down'?
by
OverlordQ
·
· Score: 3, Interesting
www.sco.com has address 216.250.128.12
traceroute to 216.250.128.12 (216.250.128.12), 30 hops max, 38 byte packets
1 66.182.216.1 (66.182.216.1) 44.788 ms 45.293 ms 45.307 ms
2 iah-edge-13.inet.qwest.net (63.149.189.73) 51.143 ms 54.774 ms 51.355 ms
3 iah-core-02.inet.qwest.net (205.171.31.142) 54.766 ms 51.816 ms 56.265 ms
4 dal-core-01.inet.qwest.net (205.171.8.125) 56.562 ms 56.563 ms 58.236 ms
5 dal-core-02.inet.qwest.net (205.171.25.130) 58.450 ms 54.056 ms 58.734 ms
6 dap-brdr-01.inet.qwest.net (205.171.225.2) 231.204 ms 99.812 ms 92.647 ms
7 p3-2.IR1.Dallas2-TX.us.xo.net (206.111.5.13) 59.997 ms 61.537 ms 77.399 ms
8 p5-2-0-3.RAR1.Dallas-TX.us.xo.net (65.106.4.197) 55.789 ms 60.882 ms 57.735 ms
9 p0-0-0-1.RAR2.Dallas-TX.us.xo.net (65.106.1.42) 57.992 ms 63.093 ms 58.382 ms 10 p1-0-0.RAR2.Denver-CO.us.xo.net (65.106.0.41) 89.096 ms 93.724 ms 93.356 ms 11 p0-0-0-2.RAR1.Denver-CO.us.xo.net (65.106.1.81) 89.825 ms 84.570 ms 85.701 ms 12 p4-0-0.MAR1.SaltLake-UT.us.xo.net (65.106.6.74) 109.317 ms 98.882 ms 314.447 ms 13 p0-0.CHR1.SaltLake-UT.us.xo.net (207.88.83.42) 104.638 ms 99.345 ms 104.216 ms 14 205.158.14.114.ptr.us.xo.net (205.158.14.114) 100.682 ms 105.112 ms 101.775 ms 15 * * *
linuxupdate.sco.com has address 216.250.128.241
traceroute to 216.250.128.241 (216.250.128.241), 30 hops max, 38 byte packets
1 66.182.216.1 (66.182.216.1) 48.151 ms 89.228 ms 47.732 ms
2 iah-edge-13.inet.qwest.net (63.149.189.73) 51.187 ms 49.542 ms 52.654 ms
3 iah-core-02.inet.qwest.net (205.171.31.142) 53.441 ms 101.028 ms 53.714 ms
4 dal-core-01.inet.qwest.net (205.171.8.125) 319.413 ms 57.257 ms 59.600 ms
5 dal-core-02.inet.qwest.net (205.171.25.130) 57.595 ms 55.800 ms 57.578 ms
6 dap-brdr-01.inet.qwest.net (205.171.225.2) 61.077 ms 56.746 ms 59.109 ms
7 p3-2.IR1.Dallas2-TX.us.xo.net (206.111.5.13) 59.587 ms 54.717 ms 59.362 ms
8 p5-2-0-3.RAR1.Dallas-TX.us.xo.net (65.106.4.197) 60.098 ms 61.397 ms 58.609 ms
9 p0-0-0-1.RAR2.Dallas-TX.us.xo.net (65.106.1.42) 67.524 ms 59.960 ms 71.663 ms 10 p1-0-0.RAR2.Denver-CO.us.xo.net (65.106.0.41) 93.370 ms 113.441 ms 92.632 ms 11 p0-0-0-2.RAR1.Denver-CO.us.xo.net (65.106.1.81) 89.880 ms 85.503 ms 85.974 ms 12 p4-0-0.MAR1.SaltLake-UT.us.xo.net (65.106.6.74) 98.055 ms 97.907 ms 98.232 ms 13 p0-0.CHR1.SaltLake-UT.us.xo.net (207.88.83.42) 99.287 ms 96.170 ms 99.050 ms 14 205.158.14.114.ptr.us.xo.net (205.158.14.114) 101.741 ms 104.765 ms 100.452 ms 15 c7pub-216-250-136-254.center7.com (216.250.136.254) 106.771 ms 100.281 ms 105.686 ms 16 linuxupdate.sco.com (216.250.128.241) 106.443 ms 107.751 ms 105.682 ms
-- Your hair look like poop, Bob! - Wanker.
Re:Is it Down or is it 'down'?
by
Anonymous Coward
·
· Score: 0
Can you please explain to us what this means? I'm too stupid to understand this post.
Re:Is it Down or is it 'down'?
by
Megane
·
· Score: 4, Informative
(thanks for the tip of trying linuxupdate.sco.com)
traceroute to www.sco.com (216.250.128.12), 30 hops max, 40 byte packets
. ..
4 bb1-p5-2.rcsntx.sbcglobal.net (151.164.243.13) 20.902 ms 22.986 ms 20.92 ms
5 bb2-p6-0.rcsntx.swbell.net (151.164.191.122) 20.957 ms 20.977 ms 20.878 ms
6 ex1-p11-0.eqdltx.sbcglobal.net (151.164.191.229) 24.012 ms 22.046 ms 20.96 ms
7 asn2828-xo-eqdltx.sbcglobal.net (151.164.248.14) 23.907 ms 23.2 ms 23.912 ms
8 p5-2-0-3.rar1.dallas-tx.us.xo.net (65.106.4.197) 23.96 ms 22.868 ms 23.999 ms
9 p0-0-0-1.rar2.dallas-tx.us.xo.net (65.106.1.42) 24.063 ms 22.648 ms 23.905 ms
10 p1-0-0.rar2.denver-co.us.xo.net (65.106.0.41) 38.954 ms 37.252 ms 47.928 ms
11 p0-0-0-2.rar1.denver-co.us.xo.net (65.106.1.81) 38.88 ms 37.841 ms 38.944 ms
12 p4-0-0.mar1.saltlake-ut.us.xo.net (65.106.6.74) 50.949 ms 49.296 ms 50.948 ms
13 p0-0.chr1.saltlake-ut.us.xo.net (207.88.83.42) 50.886 ms 49.851 ms 50.774 ms
14 205.158.14.114.ptr.us.xo.net (205.158.14.114) 53.912 ms 52.526 ms 51.004 ms
15 * * *
traceroute to linuxupdate.sco.com (216.250.128.241), 30 hops max, 40 byte packets
. ..
4 bb1-p5-2.rcsntx.sbcglobal.net (151.164.243.13) 20.947 ms 20.046 ms 20.905 ms
5 bb2-p6-0.rcsntx.swbell.net (151.164.191.122) 20.919 ms 29.145 ms 20.855 ms
6 ex1-p11-0.eqdltx.sbcglobal.net (151.164.191.229) 20.951 ms 22.991 ms 23.963 ms
7 asn2828-xo-eqdltx.sbcglobal.net (151.164.248.14) 23.945 ms 22.989 ms 23.894 ms
8 p5-1-0-3.rar1.dallas-tx.us.xo.net (65.106.4.193) 23.955 ms 25.426 ms 24.013 ms
9 p0-0-0-1.rar2.dallas-tx.us.xo.net (65.106.1.42) 26.979 ms 62.002 ms 27.099 ms
10 p1-0-0.rar2.denver-co.us.xo.net (65.106.0.41) 38.821 ms 37.981 ms 38.89 ms
11 p0-0-0-2.rar1.denver-co.us.xo.net (65.106.1.81) 38.789 ms 38.094 ms 38.888 ms
12 p4-0-0.mar1.saltlake-ut.us.xo.net (65.106.6.74) 51.054 ms 50.024 ms 50.811 ms
13 p0-0.chr1.saltlake-ut.us.xo.net (207.88.83.42) 51.001 ms 49.886 ms 50.934 ms
14 205.158.14.114.ptr.us.xo.net (205.158.14.114) 53.903 ms 53.136 ms 53.841 ms
15 c7pub-216-250-136-254.center7.com (216.250.136.254) 50.937 ms 51.759 ms 50.787 ms
16 linuxupdate.sco.com (216.250.128.241) 51.004 ms 52.438 ms 50.988 ms
traceroute to ftp.calderasystems.com (216.250.128.13), 30 hops max, 40 byte packets
. ..
4 bb1-p5-2.rcsntx.sbcglobal.net (151.164.243.13) 20.892 ms 20.06 ms 23.887 ms
5 bb2-p6-0.rcsntx.swbell.net (151.164.191.122) 21.051 ms 19.935 ms 21.034 ms
6 ex1-p11-0.eqdltx.sbcglobal.net (151.164.191.229) 23.82 ms 23.095 ms 23.868 ms
7 asn2828-xo-eqdltx.sbcglobal.net (151.164.248.14) 23.987 ms 23.063 ms 20.829 ms
8 p5-2-0-3.rar1.dallas-tx.us.xo.net (65.106.4.197) 23.989 ms 22.84 ms 23.934 ms
9 p0-0-0-1.rar2.dallas-tx.us.xo.net (65.106.1.42) 24.086 ms 25.935 ms 23.877 ms
10 p1-0-0.rar2.denver-co.us.xo.net (65.106.0.41) 38.916 ms 38.112 ms 38.925 ms
11 p0-0-0-2.rar1.denver-co.us.xo.net (65.106.1.81) 38.603 ms 38.096 ms 38.94 ms
12 p4-0-0.mar1.saltlake-ut.us.xo.net (65.106.6.74) 50.947 ms 49.871 ms 50.914 ms
13 p0-0.chr1.saltlake-ut.us.xo.net (207.88.83.42) 50.944 ms 49.782 ms 51.008 ms
14 205.158.14.114.ptr.us.xo.net (205.158.14.114) 50.836 ms 53.072 ms 53.935 ms
15 * * *
So either they're being merely slashdotted or they "accidentally on purpose" kicked www.sco.com's router power plug out of the wall. According to ARIN, they're all on the same/20 network, so they're probably not on a different final link from XO. They're certainly not being DoS'ed for bandwidth.
What I want to know is how many people infected their computers on purpose and how man just didin't remove the virus after they found it? Most prople won't do a criminal act will but ignoring somebody elses?
Actually, as a private computer techie, I've been removing MyDoom from my client's computers for the past couple of days. It really is amazing how fast it's spread...
As a Linux geek I must admit to a small snicker at SCO's misfortune here, but it is definately not the right way to go about solving the SCO problem. All publicity is *NOT* good publicity, and the last thing we need is the world to think "Linux == Geeks spreading virii". I've been taking pains to point out the spam connection with the MyDoom virus, and I think that's the angle we should persue here. I can only hope that the next looser who DOSes SCO gives us as easy an "its not us" angle.
-- "Mission Accomplished" -- George W. Bush May 1, 2003
Re:The real reason
by
Anonymous Coward
·
· Score: 0
litigious bastards, and point it towards caldera.com, not sco.com (caldera.com isn't blocked from the results by google, but sco is)
I was wondering...
by
Anonymous Coward
·
· Score: 0
If a SCO web site falls in a forest, and nobody is paying attention, does Darl make a sound?
Does this seem a little too convenient?
by
commonloon
·
· Score: 0
SCO going down down down quicker than their lawyers can file a lawsuit. The press lamenting about how SCO "has drawn the ire of the so-called 'open source' programming community."
This is a pretty rudimentary DoS as far as I know (correct me if I'm wrong). Complex, no:
GET / HTTP/1.1\r\nHost: www.sco.com\r\n\r\n"
What is really causing the problem here is our old friend Microsoft and it inability to keep viruses off its hard drive, and the fact that even with all the press a large number of infected machines haven't been fixed yet.
Bugtraq has had a lot of stuff on this of course:
http://www.math.org.il/newworm-digest1.txt.
Has anyone asked the question of: with all of its intellectual power and original ideas, why hasn't sco put in place a server farm (http://www.squid-cache.org perhaps) and some nice load balancers (across multiple pipes) to serve up their damned homepage?!
Re:Finally!
by
drooling-dog
·
· Score: 2, Insightful
I wish it wouldn't happen. This virus is painting the Linux community as a bunch of petulant adolescents - regardless of who's doing it.
I've been concerned about exactly the same thing. Regardless of where the virus really came from, the fact that SCO and MS were targeted may well have an impact on coming legal and public relations struggles that are important to the Open Source community. Don't think for a minute that this isn't understood completely by strategists at those two companies (as well as others that are threatened by the OS model). There is a lot at stake.
SCO running Apache?
by
salmonz
·
· Score: 2, Insightful
I just visited sco.com to see if I can get through, but apparently the Apache default page is coming up.
Why is SCO using free software when they claim teh GPL is void and invalid?
Re:SCO running Apache?
by
Anonymous Coward
·
· Score: 0
I believe that would be your computers copy of apache sending a default page.
www.sco.com has the IP adresse of 127.0.0.1 on my network now, it might very well be the same on yours now, so the Apache-page is probably just the default page of your own local webserver. Try it out...
$ host www.sco.com
www.sco.com A 127.0.0.1
Re:SCO running Apache?
by
Anonymous Coward
·
· Score: 0
Apache isn't licensed under the GPL. It's the BSD license (or similar) but BSD haters still use Apache yet flame the BSD license. How funny. Same with X.
Its not the BSD license either its the apache license.
-- "It is not how things are in the world that is mystical, but that it exists."
-Ludwig Wittgenstein
Quantity has a quality all its own.
by
herrvinny
·
· Score: 1
"Quantity has a quality all its own." - Joseph Stalin
For those of you who don't understand the historical context, Stalin was saying that even though the Russian soldier might be the inferior to the German soldier quality-wise, there were far more Russian soldiers than Germans. In this case:
infected Windows boxes == Russian soldiers OpenBSD == German soldiers.
Guess who's gonna win?
Re:Quantity has a quality all its own.
by
Artifakt
·
· Score: 1
Let's remember that Stalin's philosophy led to a lot of draws and Pyrric victories. You can call the battle of Stalingrad a win for the USSR, but many would rather call it a bloody mess.
If that analogy holds:
infected windows boxes === 15 year old new Soviet Army Draftees, face down in the bloody snow. Open BSD === German Tanks (on fire) melting the bloody snow to bloody slush.
-- Who is John Cabal?
Re:Quantity has a quality all its own.
by
Shakrai
·
· Score: 1
Let's remember that Stalin's philosophy led to a lot of draws and Pyrric victories. You can call the battle of Stalingrad a win for the USSR, but many would rather call it a bloody mess.
Yeah the new estimates for Stalingrad are about a million KIAs (that's killed-in-action not casulities overall) -- for one stinking lousy city! Any other (sane) leader would have pulled out and let the Germans have the city and lived to fight another day. Is a city worth a million lives?
Hell, keep going -- Battle of Kursk -- Germans took about 50,000 casualties -- the Russians absorbed almost 250,000 or five times as many and it's still considered a "victory" for the Red Army.
Ever seen Enemy at the Gates? The opening scene where they give a rifle to one Russian solider and five bullets to another. The one with the bullets is instructed to follow the one with the rifle and wait for him to get killed -- at which point he will pick up the rifle and resume shooting. If the Russian soliders attempted to retreat they would typically be shot by NKVD units. All of that stuff happened. Stalin was a big of a mass murderer (if not more so) then Hitler.
The Germans lost on the Eastern Front due to Hitler's idiotic micromanagement of his army. Despite all that the Russians only won by drowning the Germans in a sea of Slavic blood. Why use tactics and mobility when you have millions of peasants to toss into the fire?
-- I want peace on earth and goodwill toward man. We are the United States Government! We don't do that sort of thing.
What they didn't include in the article
by
marsu_k
·
· Score: 5, Insightful
Curiously, this article seems to imply that there was a political agenda behind DDoSing SCO - but to quote Mikko Hypponen of F-secure a bit more:
"It's also possible the attack against SCO is just a smokescreen to misdirect attention away from the backdoor component in the virus - which is most likely included in order to facilitate sending of spam email messages."
Similiar, albeit longer, quote from him asserting that indeed spammers were behind this worm was in the local newspaper on Friday, but it's in Finnish and I'm too lazy to translate it. But the above quote can be found here.
Re:What they didn't include in the article
by
theCat
·
· Score: 2, Insightful
There is general agreement that this is the work of spammers/scammers and not, say, the GNU/Linux community. But there have been eleventy-hundred identical virus/worms/exploits emailed around for months/years/eons now, and they didn't bother adding a DDoS subroutine to attack SCO, or Microsoft, or anyone else except the anti-spam outfits (may they RIP).
So why all the sudden the "oh-we-need-a-smoke-screen" noise?
It is not a smoke screen. It's a fscking plot and it's well timed.
The spammers DO care how this whole SCO things turns out, as they care what happens to Windows on the desktop. Keeping the SCO plot up and running keeps Linux off the desktop (perhaps forever if the US court system really is as lame as it seems lately) and they really really need to keep Linux off the desktop and the pressure off Microsoft to change their product. They need Windows to be dominant, unchanged, wide open, and devoid of competition. Otherwise the spammers at least have to rewrite all their nice tools, and at worst they lose a ton of existing zombies and can't replace them; wave bye-bye to one most excellent business model if that happens.
Interesting how the dominant monoculture is playing a central role, isn't it? And Bill tells us Microsoft will end spam in three years, when clearly Microsoft products are the major portal for Internet spam and probably Internet crime. Will Microsoft ever guess how badly they've been played for fools? Or perhaps more alarming...do they even care?
-- =^..^= all your rodent are belong to us
Re:What they didn't include in the article
by
Spoing
·
· Score: 1
"It's also possible the attack against SCO is just a smokescreen to misdirect attention away from the backdoor component in the virus - which is most likely included in order to facilitate sending of spam email messages."
That would make sense. I've gotten the virus on email accounts that only received spam -- no legit mail -- over the past few years, plus bogus accounts I've not seen in use before. (I have a domain name that only I use.)
-- A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
Re:What they didn't include in the article
by
Progman3K
·
· Score: 1
"It's also possible the attack against SCO is just a smokescreen to misdirect attention away from the backdoor component in the virus - which is most likely included in order to facilitate sending of spam email messages."
If we look at the statistics over the past year, we can see that in truth, viruses are COMISSIONED by spammers as part of their economic survival.
And the more they can camouflage that fact, the longer they can continue to make money.
This has NOTHING to do with an operating system holy war, but everything to do with dollars and cents.
Organized spammers obviously are funding people to write viruses that will turn unprotected machines into part of their advertising network.
The first few viruses like "I Love You" and "Melissa" were just proofs of concepts.
And of course, the minute a discovery is made, someone greedy tries to turn it into a money-maker for themselves.
Want the spam problem to end? It would if only there were money in it to make it stop.
As it is, the money being spent tips the scales in favor of the spammers and NOTHING that will amount to anything will ever be done about it unless that simple fact changes.
In other words, spammers have more money to make protecting their "investment" than anyone else can collect doing otherwise.
Very simple, really.
Like everything, regretably, this is just an issue of dollars and cents.
Today SCO as a smokescreen, tomorrow Microsoft, the week after anybody else the spammers can use as a cover...
-- I don't know the meaning of the word 'don't' - J
"I wish it wouldn't happen. This virus is painting the Linux community as a bunch of petulant adolescents"
In case anyone still thinks this virus is related to linux people, let's put it as bluntly as we can:
Spammers have created yet another virus to send their emails, not caring about the cost to you, your computer, the law, or the internet in general
If you believed the spammer lies about how you've opted in to something, or how this is their freedom of speech, or how you can just press delete, then this should be the evidence you need: spammers are prepared to take down the entire internet for their own personal gain.
If anybody has bought anything advertised by email, or is considering doing so, or knows anybody who buys from email advertisements, then please be aware: you are supporting the criminals who are deliberately and maliciously attacking your computer, and the computers of your friends. Their programs are constantly bombarding your computer, where any mistake you make could lead to your computer becoming unusable by you, and being used to send illegal emails in vast quantities to the computers of others.
If any newspaper editor is reading this, and thinks "it's attacking SCO, it must be programmed by a Linux advocate", wake up and smell the misdirection. The DDOS in this virus was added as an afterthought. "Virus creation wizard step 6: you are nearly finished creating your virus. now type the name of a website you want it to attack"
Yes, it's a classic trick, and it's worked for thousands of years. I'ts worked for politicians and armies. It's worked for the con-artist and the cult leader. What is this trick? Miss-direction. If you think that this virus has anything at all to do with the open source community or SCO then your not keeping your eye on the ball sparky!
1. This virus makes a machine an open relay. Considering recent legislation and other anti-spam techniques I smell spammer bovine feces here.
3. The open source community is coming up with various anti-spam measures. Don't you think the spammers would love painting their enemy as petulant child - as they have proven themselves to be?
MyDOOM isn't the open source community pissing on on SCO, it's spammers pissing on all of us.
True, wish I had mod points for ya. As it is, I saved a copy of your post for future reference in case I run across somebody who believes all the FUD.
Just IMHO, the single best way to combat this is if Linux user(s) were to catch the author and claim the bounty. That might make a good "distributed.net" type project.
Also, the spammers want to divert attention away from themselves in order to avoid people associating 'spammer' with 'virus writer', which could seriously damage their revenues.
What would seriously damange their "revenue" is to force their model not to work. If you launched a DOS attack against the hijacked machines then the spamvertizers website and DNS would be down. The end user whose machine was hijacked wouldn't be able to surf the net, alerting them to the fact that there is INDEED a problem. The broadband provider would get a CLUE that there is indeed a problem on their network.
Perhaps this would cause RR to change their stock answer, which is "This spamvertized site doens't apear to be on our network/Please send firewall logs with time stamp if a host on our network is attacking you". Nitwits. Rotating DNS changes constantly, same with the web sites. Usually 5 IP's at a time. Almost alawsy at least 1 rr IP in there.
Of course this is illegal.....then again so is spreading viruses and illegally hosting your website on an infected system.
-- "Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
Re:Classic Trick
by
Anonymous Coward
·
· Score: 0
I'ts worked for [...] armies. [...] What is this trick? Miss-Direction
Shame they didn't use that trick in Iraq.
"OK, now I want you to hit the terrorists, but miss the civilians. Oh, and miss our guys, too."
null routing to sco?
by
fcs-error
·
· Score: 3, Informative
From a list that I am on, there was consideration that routes to SCO may be dropped due to the expected traffic to SCO. The plans were to null route the traffic at the edge of individual AS's.
Yes, I think that would make sense. If all the ISPs in the world drop traffic to SCOs AS, that would work. And, erm, sometime, when it's all quiet, if they remember, they can put the routes back.
well the virs isnt funny as they will blame linux users for it but then again they blame linux users for everything even there failing busness. but thats sco for you but last i rember isnt it m$ that kills small busness and new oses humm lol. but its still funny to see them doesed for real this time lol we all knoe there last 5 million clames of being dosed where fake.
It's not really a bad thing
by
smartin
·
· Score: 3, Insightful
I know some people think this virus makes the linux community look bad, but that's not really the case. It's just another windows virus in a long line of windows viruses, written somewhere by some asshole for whatever reason they see fit. Even if it turns out that the writter is a Linux fanatic, you can't hold the whole community responsibe for the actions of one individual. Personally i think it's a good thing because it does serve three useful functions (no i did not write it:)).
It forces somes asshole companies of the net for a while.
It raises awareness of the whole SCO fiasco and I'm not seeing much in the way if sympathy for them in the press.
It shows once again that windows is a virus ridden insecure platform.
Whats not to like.
-- The difference between Canada and the USA is that in Canada healthcare is a right and gun ownership is a privilege.
Re:It's not really a bad thing
by
iphayd
·
· Score: 1
WOOHOO, I think we have our witch! I call the $250k from Microsoft. It's smartin I tell you.
I wonder, does smartin weigh as much as a duck?
Re:It's not really a bad thing
by
smartin
·
· Score: 1
Split it with me and i will go peacefully:)
-- The difference between Canada and the USA is that in Canada healthcare is a right and gun ownership is a privilege.
Re:It's not really a bad thing
by
craznar
·
· Score: 1
It shows once again that windows is a virus ridden insecure platform.
Hating to put the cat amoung the pigeons, but saying that Blattella germanica spreads disease more than the Hippocampus is not really a measure of how virus prone they are.
If Linux ran on 90% of the desktops in the world, can you imagine how badly it would be installed and used?
SCO website just a symbol...
by
bangular
·
· Score: 5, Insightful
Realistically, who the hell even goes to the SCO website. They've got so few new potential customers anyway (I would put the number at zero). Current UnixWare users doubtfully visit their website very much anyway.
Their website being down is more of a symbol. A symbol to them of "Look at what they are doing to us". It's obviously not very important to them anyway seeing as how in the past they've taken it down for hours to days at a time for "server upgrades". If it were that critical to them, they wouldn't have had downtime. But it was cheaper to take it down and do what they needed to do to spend the money to keep it up during upgrades.
Anyway, SCO can eat apple sauce out of my ass with a spoon.
Re:SCO website just a symbol...
by
Ed+Thomson
·
· Score: 1
Don't give the goatse guys ideas
Re:SCO website just a symbol...
by
Anonymous Coward
·
· Score: 0
I'll say. They would have DOSed SCO's lawyers' site if they were actually intending to piss SCO off.
Re:SCO website just a symbol...
by
x3ro
·
· Score: 1
Anyway, SCO can eat apple sauce out of my ass with a spoon.
I personally wouldn't let anyone near my arse with a spoon or any other piece of cutlery -- especially not SCO.
I think a lot of folks have mixed feelings on this on.
-- "It is a greater offense to steal men's labor, than their clothes"
NTP or Drift
by
Anonymous Coward
·
· Score: 0
Not everyone runs Network Time Protocol, and RTC XTALs generally suck in computers. Suprisingly, even expensive hardware like Sun has a reputation for keeping poor time. And cheap PC hardware isn't going to be accurate to a couple of PPM on its own. Tardis reports that my ABit KT7 drifts.223 seconds/day. Think about all those PC owners who don't even know how to set their clock, let alone correct it frequently.
Anyway, there are probably enough machines running in sync so the fireworks should be impressive at 1609Z.
Re:Finally!
by
Anonymous Coward
·
· Score: 1, Informative
If any newspaper is interested in the list of people most likely to benefit from the actions of this virus, and most likely to have been involved in writing it, there is a list available here
So how long before the Virus gets intside MS and attack all there servers internally. I would of thought anyway that if all the virus are using the same packet type/port that the upstreams could just filter out those types of packets
Re:Microsoft boxes
by
Anonymous Coward
·
· Score: 0
According to an +5 comment posted on a story (I think it was the "Portrait of the MAC developers at Microsoft" they use Sun machines for their internal email. According to a Mr Coward, Anonymous - that says he is a Sun Employee. This was because of that Exchange couldn't handle the load at Microsoft.
I WANT TO "SWITCH" BACK!
by
andrewleung
·
· Score: 4, Funny
i want to be part of DDOS attack!
dammit! why are mac users always left out of the fun?! >_
Re:I WANT TO "SWITCH" BACK!
by
Anonymous Coward
·
· Score: 0
No problem, just run Virtual PC on your Mac, In fact, you could run two copies and DDOS twice as much as the regular Windows users!
Re:I WANT TO "SWITCH" BACK!
by
Anonymous Coward
·
· Score: 0
Then again by the time virtual PC boots up, the DoS will be over.
It's not DoS! SCO is just /.'ed
by
crazy+blade
·
· Score: 1
I mean, as soon as I saw the entry, I eagerly visited their site to see if it's reachable. How many/.ers are doing the same?
-- To err is human, but to forgive is beyond the scope of the Operating System...
I generally turn of extension-hiding on my Windows box at home, but I doubt that my kids and/or wife would notice the difference between abcdef.txt.exe and abcdef.txt so it's likely to get clicked on anyway. Fortunately, none of them get all that much email.
Besides being more dangerous it's annoying. Like I don't want to know what type of file I'm using (or have to Right-Click properties to find out). Also, it's occasionally handy to be able to rename something with a.txt extension to open it quickly in Notepad. I suppose it's no different than Linux, though, which does not rely on extensions.:/
Offtopic, how to pronounce? Sko or ess see oh?
by
Anonymous Coward
·
· Score: 0
So, this is for all those book learners who take potshots at those who try to communicate it verbally...
I call it sko,as in sco servers, sco unix, from way back. Is the SCO Group, now the Ess See Oh Group?
Re:Finally!
by
CrackedButter
·
· Score: 0, Redundant
Out of curiousity I'm compelled to ask just what in Microsoft's business model requires their website to stay up. This certainly won't interfere with their sales of software through OEM's, nor with their sales of Office and the like which I don't think you can even buy on their website.
I can see that it might cut into the public perception of MS as a company - but is their website really a major factor in their business?
Re:MS Business Model
by
victorvodka
·
· Score: 4, Funny
well, a DDOS attack on MSN wouldn't look so good. all those subscribers in redneckistan with suddenly no homepage to click on. "Ethel Sue! The Inter-o-net ain't workin'" "Billy John, I done told you we should have went and got ourselves that there newfangled Verimazon Dee Ass El!"
--
The flag just makes more sense than the constitution. - Judas Gutenberg
heheheheee... we have a new name for the flyover zone!
(apologies to those of half-decent intelligence and education who got stuck in the Midwestern United States by some cosmic folly...)
-- Don't you wish your girlfriend was a geek like me?
The virus is spread by UNIX
by
Anonymous Coward
·
· Score: 4, Interesting
Some guy on winnetmag obviously thinks they should be offline, they must have brought it upon themselves, as he seems to think the virus is the fault of UNIX. he says that "A new email virus called MyDoom is spreading rapidly across the Internet through UNIX mail servers, bringing with it a dangerous attachment that, when opened, can give attackers access to users' computers through an electronic backdoor."
sheesh where do they get these people
Re:The virus is spread by UNIX
by
1010011010
·
· Score: 1
Paul Thurrott badly wants to be a priest in the church of microsoft. He's a total fanboy -- why would he not try to blame a microsoft-specific virus that targets only windows on unix?
-- Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
Re:The virus is spread by UNIX
by
Anonymous Coward
·
· Score: 0
Well, when you think about it, he's partly right. Since most mailservers are running under *nix/nux, this is the most common way the virus can spread. What isn't stated so clearly is that only Microsoft Outlook clients running on Windows computers are vulnerable to it. And, once a system is infected, it becomes an SMTP server on its own and doesn't need a Unix mail server to spread from the infected meachine to others.
And they get these people from Microsoft. Thurrott is a Windows expert at Winnt mag and is a frequent speaker at Microsoft technical conferences.
Re:The virus is spread by UNIX
by
Progman
·
· Score: 1
That is incorrect, not "only Microsoft Outlook clients" are vulnerable--it's Windows that's vulnerable. Whichever email client is used doesn't matter, infection comes with running the attachement.
Re:The virus is spread by UNIX
by
Blkdeath
·
· Score: 1
he says that "A new email virus called MyDoom is spreading rapidly across the Internet through UNIX mail servers, bringing with it a dangerous attachment that, when opened, can give attackers access to users' computers through an electronic backdoor."
Re:The virus is spread by UNIX
by
Bigman
·
· Score: 1
Well, to be fair the virus is being spread by email servers, and every time email is is mentioned a chorus goes up from the OSS cheerleaders about how 90% of servers are OSS (Sendmail, POP3, fetchmail, chuckmail whatever.) It's probably true that most of these mails come thru a unix mail server... I guess that the hole in his argument is that a Windows mailserver would do any different.
-- *--BigMan---
Time flies like an arrow.. but personally I prefer a nice glass of wine!
Re:The virus is spread by UNIX
by
rfroberg
·
· Score: 1
Someone ought to tell the author he's wrong:
thurrott@winnetmag.com:)
-- Gentlemen, you can't fight in here! This is the War Room.
Re:The virus is spread by UNIX
by
Anonymous Coward
·
· Score: 0
It isn't really any flaw in Windows either. If you can get stupid users to execute arbitrary email attachments, you can do anything on their systems (well, anything they have permission to do).
Interestingly, MS Exchange is pretty good at blocking these worms. I got a fair number of MyDoom spams on my home mail account, which uses standard mail servers on UNIX-like OSes, but not a single one at work (where my company uses MS Exchange servers and requires MS Outlook clients).
Strange as it sounds, if the Internet mail infrastructure were running MS Exchange instead of sendmail and its UNIX offshoots, these worms/viruses would probably be a thing of the past.
Re:The virus is spread by UNIX
by
Anonymous Coward
·
· Score: 0
More importantly....if the average end-user weren't a complete and utter dipwad..:)
(flames? damn right! It's frickin' COLD here in Indiana!!:-D)
DL
Terrible Reuters Article
by
Snowspinner
·
· Score: 2, Interesting
I'm not sure which quote from the article I think is worse - referring to it as the "so-called 'open source' movement, or refering to infected computers as an "army of zombie PCs."
Either way, wow. What a terrible article.
Anyway, it should be easy to distance the open source community from this virus - it's not as though the writer of it released the source or anything, or put it out under the GPL.
Though there would be something dryly amusing if he had.
I checked last night at about 10PM EST and it was gone. I suppose there could of been enough people to the east of me to take it down but perhaps they took it down themselves.
And just to make sure it stays down a bit longer, throw one of those links in to the post:thumbs up:
Law and order are more important than any disagreement over copyright. People who willfully violate copyrights by circulating warez & Mp3's against the copyright owners' express permissions, spammers, and crackers creating malware, none of them are of any use to the open source community.
Open source is about respect for copyright, our choice of the terms of the copyright (ie. GPL) is the disagreement with those companies, and we have an legal disagreement about some ownership issues. That does not give anyone the right to behave in a criminal fashion.
The source of MyDoom may be unclear, but much clearer is that it is a stunning PR win for SCO, and to a somewhat lesser degree, Microsoft. The anti-linux publicity from having their site knocked down is many orders of magnitude better than any publicity or business generated by having it stay up. So, far from doom and gloom, this is entirely to SCO and Microsoft's benefit.
I hope that MyDoom is not the work of Linux zealots. But if it is, and if any of the responsible parties read this, you should know that it is not appreciated. This juvenile act of revenge, far from damaging SCO and Microsoft, has instead handed them their greatest victory so far.
With friends like that, who needs enemies?
At one point they did, but they put it back
by
bangular
·
· Score: 1
Sometime last night they did change it actually. And then in the middle of the night (3AM EST or somewhere about) they added it again. So for a few hours it was gone. But for whatever reason brought it back.
Of course, deliberately allowing the DDOS attack to work has the convenient side effect of denying access to all of the damaging evidence on their website revealed in yesterday's groklaw article. Maybe that's why they have decided not to take the simple steps necessary to prevent the attack.
The cynic in me wonders if when the website comes back up, SCO is going to claim that "certain web pages" were destroyed by the attack.
Is the internet telescope (also here) observing any DOS related activity? I've googled for information and not found anything that displays current (updated on the order of minutes/hours rather than days) data.
just doing my part
by
warpSpeed
·
· Score: 0, Flamebait
while [ 1 = 1 ]
do
lynx --dump http://www.sco.com/ 2>&1 >/dev/null
done &
Nobody ever said virus writers were smart...
by
compwiz
·
· Score: 1
Stay tuned for Tuesday when MyDoom.B hits Microsoft...
Umm yeah. One problem with that - Microsoft sucked it up and went to Akamai after the last virus killed their website (even though it caused their website to appear to be running Linux for a while), so now trying to DoS microsoft.com would just be a total waste of time.
If anybody has bought anything advertised by email, or is considering doing so, or knows anybody who buys from email advertisements, then please be aware: you are supporting the criminals who are deliberately and maliciously attacking your computer, and the computers of your friends.
Take a breath, sport. There are legitimate email advertisements. That's why Computer Geeks gets some of my money, and why the whole damn spam debate is so hard to clearly delineate. When you want to go off on criminal spammers, use a little more linguistic precision. </rant>
-- Mail? Put "slashdot" in the subject to pass the spam filters.
Re:Use a narrower brush!
by
Winkhorst
·
· Score: 1
"When you want to go off on criminal spammers, use a little more linguistic precision."
Speaking of linguistic precision, could it be that the guys who continually bombard me with ads for stuff that will enlarge my p3n1s have just confused SCO with a bunch of big dicks?
-- "Is this Winkhorst a nova criminal?" "No just a technical sergeant wanted for interrogation."
Yes, there may infact be legitimate email advertisements. However, for every legit ad recieved, there happen to be at least 99,999,999,999 pieces of worthless, unwanted trash (ie spam!) that go out over the network.
Personally, I don't see that as being a fair trade-off, and as such, I ignore ANY advertisement sent to me inbox, legit or not.
Re:Use a narrower brush!
by
Anonymous Coward
·
· Score: 0
You are a fucking dweeb!
</rant mode>
i've seen
by
Anonymous Coward
·
· Score: 0
it was a week or so before matrix reloaded came out. some guy posts an insightful comment, but near the bottom of the post; he interjects 'trinity dies in the matrix' somewhere. i thought it was quite entertaining:)
Virus Writer Here
by
Anonymous Coward
·
· Score: 1, Funny
Hi, Virus writer here. I just want to apologize to SCO. What I really meant to do was DDOS the Society For Creative Anachronism. Stupid typos! Sorry.
Offline.... but why
by
triptolemeus
·
· Score: 2, Informative
The virus was going to hit at 16:something hour. I checked the SCO website this night at 1:30 (CET) and then it was already offline. No reply no more
My guess is they took it offline themselves. Or they applied one of the tricks from yesterdays netcraft post.
-- The site where: "I'm right, as long as you ignore the things that prove me wrong", became a valid method of debate.
Isn't there a better solution?
by
pr0c
·
· Score: 1
I'm not wizz at internal networking stuffs but it seams to me like any attack that requires flooding of any kind would be extremely simple to block. Is it that hard to monitor the same IP hitting you a X rate? If not then block it! This should be a standard piece of software on all servers... am I missing something here? Or is this something like UDP which is 'connectionless' so you couldn't block any particular IP(s)? (I thought TCP no UDP was used in http).
Re:Isn't there a better solution?
by
BuckaBooBob
·
· Score: 2, Informative
Depending on the Business and the Size of their Pipe to the internet these DDOS attacks can Flood the pipe will over its capasity so You don't even have time to see the packets and drop the ones that meet your criteria to be suspicious and likey to be MyDoom.
Ok Now say that your pipe is big enough to handle all the incomming packets... You will need enough additional hardware to examine all the packets and reject the ones you define in your criteria to be suspicious of MyDoom.
Blocking at the router level has a few Issues. #1 Being the more rules you add to filter packets the worse the router preforms its Packet routing.. #2 There are only very simplistic set of rules available to use to block packets.. Such as Block from ip Range, Block all traffic on port, Ect... Nothing advanced as Block all Traffic that hits this address over this time period ect.. Only Simplistic rules...
Only highend firewalls have advanced complex rules that you could use to do this type of filtering you talk about... and again your hit with the costs of hardware to handle the load and a pipe large enough to handle all the traffic.
Look how often sites get feel the effects of/. and thats not an attack persay.. Its a low number of people using vaild connection protocols in a manner it was suposed to be used when compared to the number of vulnerable windows machine out there using "Dammaging" Connection methods and protocols/Formats designed to Deny Service to would be Web Clients.
-- Who needs WiFi when we can have Packet Over Sheep!
http://datacomm.org/PoS-InternetDraft.txt
SCO should sue Microsoft
by
Anonymous Coward
·
· Score: 0
Isn't the reason for this virus is the lack of security measure in Windows?
I love the idea that some people who are stupid enough to become infected with MyDoom are also apparently stupid enough to not know how to set their clocks correctly.
In fact, the highest road to take here would be to offer to extend (without embracing, thank you) a hand to SCO and MS in helping them "brace for the storm". Maybe too late for SCO, but perhaps MS?
Then, when the FUD flies later, the Open Source community could show some sort of a documented effort to actually reach out and help them, "united together" against the spamming scum that came up with this virus.
At least it could give us some nice anti-FUD publicity to go along with all the rest...
-- -- You are in a maze of little, twisty passages, all different... --
"
Title: SCO Says Worm Hasn't Hit Yet; ISPs Are Blocking Them...Right. That's the Ticket.
Author: PJ
Date: Sunday, February 01 2004 @ 02:02 AM EST
The latest from Lindon is that Blake Stowell said on Saturday that MyDoom hadn't hit them yet. The reason they were not reachable was because ISPs have been blocking them. Huh? What about all those interviews? They told the world for days and the SEC in an official filing that MyDoom had hit them already.
Somebody must have finally told SCO that MyDoom was timed for today.Woops.
So now the story is that it's ISPs that are blocking their site, and of course no one in the media remembers what Darl and Co. said just a day or two ago, so of course there are no followup questions. They just print whatever SCO tells them: "US software maker SCO, target of the Mydoom computer virus, said Internet access providers had hobbled its website, fearing infection by what may be the fastest-growing worm ever. "'There are Internet service providers around the world who are blocking access to SCO,' company spokesman Blake Stowell said, adding it was because they believe they !"
OK everybody, lets start jumping to conclusions!
-- C|N>K
computer giberish
by
Anonymous Coward
·
· Score: 0
what luck! a customer opened the email attachment (maybe he was on a sabotage mission from "the other shop") in my shop but all it displayed was the computer giberish in the zip file...
strange, he didn't complain and left rather fast after that...
I think anyone with half a brain realizes that this isn't the "Linux Community" that does these things, but a small rogue group of people. Since SCO is the big moron of the day, they get the DoS. If not, it would have been Microsoft, probably.
I've talked to a lot of people about this, and none of them think any less of Linux or OSS because of it. It doesn't change the fact that much OSS is high quality software.
-- - It's not the Macs I hate. It's Digg users. -
Towlie says...
by
Anonymous Coward
·
· Score: 0
Don't forget to click that PayPal link! Being Slashdotted on a daily basis isn't free, ya know! Just think if even half the readers here who follow the SCO fiasco paid just $10.
*cue Sally Struthers*
MyDOOM linked to Russian sources
by
b-lou
·
· Score: 1
Didn't notice this anywhere else in the thread, tho i certainly might have missed it (saw it while visiting ddj.com):
How can you absolutely be sure that this virus was created by spammers? It could have been someone how uses linux and is pissed at SCO, or it could have been some Windows user who hates linux and sco. Maybe it was even some crazy mac user who hates, windows, linux, and sco and decided to punish them all in one swift blow. The point is, that you will never have any idea who actually created this virus. It could have been anybody on earth, associated with any operating system and any ideal. So, lets stop speculating about who created it and find ways to make things like this go away (ie: fix windows).
-- SIGFAULT
What annoys me about the Reuters article...
by
pauljlucas
·
· Score: 1
... is that they never mention that the virus infects only computers running Windows. The media fail to mention this most of the time. If they did, perhaps people would either put more pressure on Microsoft to secure their software or stop using Windows altogether.
There are many people out there who think computer viruses are just part of computing and that there's little to be done about it. It's similar to the many people who think crashing is also just a part of computing. Take the same people and put them on a computer running either Mac OS X or Linux and, after a few days, you get an an astonished statement back: "It doesn't crash!"
The media should rake Microsoft over the coals every time this happens. Bill Gates should personally tried to be reached every time for comment/inverview on CNN. The problem is the media doesn't know any better.
-- If you reply, do so only to what I explicitly wrote. If I didn't write it, don't assume or infer it.
Re:What annoys me about the Reuters article...
by
benna
·
· Score: 1
Let me start by saying I HATE microsoft and the security of their software IS pathetic. However, this virus spreads by stupid users that open viral email attachments. It has nothing to do with any flaws in windows. The same virus could have worked with linux except that linux users are smarter than windows users.
-- "It is not how things are in the world that is mystical, but that it exists."
-Ludwig Wittgenstein
Re:What annoys me about the Reuters article...
by
pauljlucas
·
· Score: 1
. However, this virus spreads by stupid users that open viral email attachments. It has nothing to do with any flaws in windows. The same virus could have worked with linux except that linux users are smarter than windows users.
Uhm, no. You need to do a chmod +x on any file before it will execute.
-- If you reply, do so only to what I explicitly wrote. If I didn't write it, don't assume or infer it.
Re:What annoys me about the Reuters article...
by
benna
·
· Score: 1
Yes but thats just another step in linux to execute a file. Its equivalent in windows is just double clicking. But if a user intended to open a file (as windows users that open execute virus attachments do) they would just chmod +x before they run. Its not like the windows user is opening by accident. They do it on purpose...wrongly thinking it is from the email admin.
-- "It is not how things are in the world that is mystical, but that it exists."
-Ludwig Wittgenstein
Re:What annoys me about the Reuters article...
by
pauljlucas
·
· Score: 1
... if a user intended to open a file... they would just chmod +x before they run.
If a *nix user knows about chmod +x, s/he isn't dumb enough to run something s/he received in e-mail.
I was taking about the non-geek computer user (who could be using Linux just to do e-mail and web), or, more believably, a machine running Mac OS X. You can't just run a file you get in e-mail under Mac OS X either.
-- If you reply, do so only to what I explicitly wrote. If I didn't write it, don't assume or infer it.
Re:What annoys me about the Reuters article...
by
Anonymous Coward
·
· Score: 0
Yeah, but they can send a compressed file that contains a program, no? Just like in Linux. Send a tgz.
Spider Man 2 coming out Sunday, Feb 01 this winter.
Lord of Rings 4 coming out Tuesday, Feb 03 this winter.
FANS CAN'T WAIT TO SEE.
Re:why
by
Anonymous Coward
·
· Score: 0
ZOUNDS! We can't have any fags flamming around here! Maybe we should burn them instead!
Re:Finally!
by
Anonymous Coward
·
· Score: 0
What bullshit. Just make up a fucking target, call it "evidence", and viola! Better than actually finding out, ain't it? Make it sound really true by having the text stand out, that always works.
The saddest part is that this crap gets modded "insightful". Says far more about the slashdot crowd than any rumors about their part in this whole issue.
How many let the virus through to attack SCO?
by
Space_Soldier
·
· Score: 0
I wonder how many people who knew about this virus let it through in order to attack SCO/Microsoft. I haven't had a virus in years, I don't know why I even have an antivirus/firewall, you can look at the processes list and netstat to see if any process has opened a suspicious port. Anyway BitDefender hasn't said anything about MyDoom. BitDefender is the other good Romanian antivirus/firewall (BitDefender Pro has a firewall too) which hasn't been bought by Microsoft, which took RAV's business. I remember that they were giving BitDefender with 60% off for those who bought RAV when that happened last year. It is cheap, fast, and less bloated than Norton, McAffe and other crap, and has a linux version too.
Linux Doublethink, or Who's Big Brother Now?
by
gfecyk
·
· Score: 1
"Even if it turns out that the writter is a Linux fanatic, you can't hold the whole community responsibe for the actions of one individual."
"It shows once again that windows is a virus ridden insecure platform."
Maybe you can't hold a whole community responsible for something, but you can sure hold another community responsible for it.
So there are hundreds of thousands of computers infected with this virus. I believe that the attack is designed to expire in a couple of weeks, but what if it didn't?
I suspect that many of these users don't even know they're infected. They're not running AV software (or it's not updated). All they see is that their internet connection is kinda slow.
These computers will likely remain infected forever, and apparently with a back door installed to use them for future attacks.
Do the major ISPs have any programs in place for limiting this effect? I'd really love for hundreds of thousands of users to be getting phone calls right now saying, "Hi, you appear to be DDOSing SCO. We're turning off your account and it won't be turned on again until you're virus free."
I also read somewhere that the backdoor is listening on some particular port. Perhaps ISPs should start scanning connections to see who's listening on that port and threaten to cut off service unless you can demonstrate you're not infected. I'm sure there would be unfortunate incidents, since I don't know who else is using that port, but it seems like an important first step towards preventing a potentially serious internet meltdown in upcoming months.
the US Legislative and Executive branches are Fucked! why are you even considerring them?! they are allready merely puppets of corporations like Microsoft. it doesn't matter what you, or anyone else does, the damage has been done...all we have to do is wait for the effects. mabye if there wasn't control structures in place and these very same interests willing to screw over linux as we speak your voice would be meaningful, but this is not the case, and it's only a matter of time before 'associates with worm/virus writers/spammers' is equivilent or lesser than what 'linux user' means for a person.
you are trying to justify something by claiming an unstable vicious and no one should care what they could potentially think about anything -- it is not they that do the thinking, and it is not they who we need to worry about offending. follow the money.
-- GENERATION 26: The first time you see this, copy it into your sig on any forum and add 1 to the generation.
"What bullshit. Just make up a fucking target, all it "evidence", and viola! Better than actually finding out, ain't it?"
Newspapers are already publishing their accusations, based on much slimmer evidence than that, that Free Software programmers were beind this virus.
Nope, it's not evidence, and we don't know who wrote the virus. We do know, however, that its primary purpose is to enable the sending of bulk email. We do know that this type of virus became popular after spammers became unable to purchase their own internet connectivity. We do know that this type of virus conveniently bypasses the IP-address based spamfilters that had been working so well to stop spam. We do know that the first instance of this type of virus was designed to attack anti-spam groups, which it did very successfully. We don't know exactly who wrote which virus, but we can make some guesses. It's possible that the usefulness of this type of virus for doing exactly what the spammers want to do may just be an inintended side-effect. It's possible that someone spent many hours perfecting their distributed spam-sending virus by accident, for a different purpose, or to give spammers a bad name (now that's a redundant idea if ever I heard one). But whatever their intentions, their creation is now being used to deliver bulk email.
When someone writes a virus, and that virus is designed to send spam, why should we not conclude that the virus-writer is a spammer? The best you could say about them is that they might only be an unintentional accessory to spammers
this is the part where I bite my tongue...
by
misterspo
·
· Score: 1
and pretend I'm not happy, right?
I find this particularly disturbing
by
huh69
·
· Score: 1, Flamebait
All this does is make the open-source community look like a bunch of whinebabies. People with techincal superiority, using that power against SCO instead of waiting to see how things turn out in court.
It doesn't matter that 99.9% of the open-source community is not malicious like this. The.1% of the people are the ones that are doing the talking when doing something like this. All this does is hurt the cause that Linus, the OSI, the FSF, and all the linux geeks have been working so hard to defend.
I don't condone what Darl and SCO are trying to do, but I don't condone people doing this sort of thing either. "Hackers" (as opposed to "crackers") everywhere look bad when this happens, and ultimately confirm the malicious intent that most peope believe "hackers" to have.
This is a sad day for Linux and opensource if you ask me:(.
Re:I find this particularly disturbing
by
cpuenvy
·
· Score: 0, Flamebait
People with techincal superiority, using that power against SCO instead of waiting to see how things turn out in court.
What the hell are you talking about? You obviously get your information from the same place SCO gets theirs, since your accusations are based on mindless drivel. The fact is, my disturbed little friend, that nobody knows who is responsible. If you happen to know who is, claim the "reward", or shut up.
I do agree with you in one aspect of your FUD, it is a sad day for Linux and opensource. Knowing that mindless assholes like yourself make us all look bad... That part of your statement holds true.
Remember, it is FUD like you just spread in your post that started all this bullshit in the first place. People like you just feed the fire.
In my opinion, my community has been on the defensive for too long now, fending off the fools from SCO. At this point, I find it amusing that someone used flaws in Microsoft and it's users, to make these bastards lose the ability to conduct whatever pitiful business it does these days. So to SCO, HAHAHAHA! Who really cares? Everyone is laughing at SCO today, including me.
I think you owe us all an apology.
-- DISCLAIMER:
I don't believe what I write, and neither should you.
Amazing... you're about the 200th poster on this story but the first to notice that glaring typo. That was the first thing I noticed...
It's pretty pathetic really... I mean, I know that your average joe may have no idea who SCO is (or what linux is), but a major news outlet like Reuters should have caught that.
And speaking of news outlets, why are all of them covering myDoom like it's got a mind of its own... "spreading and taking over unsuspecting peoples' computers"? They should put a 48pt. headline at the top of every article saying YOU WON'T GET THE VIRUS IF YOU DON'T OPEN ANY ATTACHMENTS... SO DON'T!!! Every damn report I read on this says, "update your virus defs, buy more av software!" and maybe, at the bottom says don't open any attachments. I just don't get it. Why don't people know by now not to open the damn attachments?!?
traceroute to www.sco.com (216.250.128.12), 30 hops max, 38 byte packets
4 CDRRIACPH00CA01-AT1-0-1.mcleodusa.net (64.198.101.69) 18.068 ms 8.879 ms 9.771 ms
5 64-198-101-193.ip.mcleodusa.net (64.198.101.193) 32.402 ms 23.430 ms 22.699 ms
6 so-3-1.hsa1.Chicago1.Level3.net (64.154.65.65) 22.376 ms 23.189 ms 31.829 ms
7 unknown.Level3.net (64.159.1.225) 22.754 ms 23.325 ms 22.785 ms
8 so-7-0-0.edge1.Chicago1.Level3.net (209.244.8.14) 22.958 ms 22.558 ms 22.114 ms
9 xo-level3-oc12.Chicago1.Level3.net (209.0.225.14) 21.979 ms 23.040 ms 22.435 ms
10 p5-0-0.RAR1.Chicago-IL.us.xo.net (65.106.6.133) 22.390 ms 24.080 ms *
11 p6-0-0.RAR2.Denver-CO.us.xo.net (65.106.0.25) 47.023 ms 45.820 ms 46.428 ms
12 p0-0-0-2.RAR1.Denver-CO.us.xo.net (65.106.1.81) 54.374 ms 48.400 ms 46.745 ms
13 p4-0-0.MAR1.SaltLake-UT.us.xo.net (65.106.6.74) 57.846 ms 60.157 ms 57.974 ms
14 p0-0.CHR1.SaltLake-UT.us.xo.net (207.88.83.42) 58.014 ms 58.561 ms 58.608 ms
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
SCO, meet MyDoom
why are you paying attention to said reporter? we know he's a slanderous moron who doesn't understand the story? we know that they lie daily to Joe Nobody and that for it Joe has a worldview that is so full of shit that i can smell it wherever i go...and worse, that nobody out there cares.
why is this an issue? we *know* that if slashdot is something important or if slashdot is something with lots of activity that it will be used as a tool in some sort of reinforcement of some reporter/media exec's delusions...why is this worth considerring actions/value against?
-- GENERATION 26: The first time you see this, copy it into your sig on any forum and add 1 to the generation.
For the record, I really try to give users the benefits of the doubt when it comes to technology. But there comes a point when - you just throw your hands up. You know it - we've all been there.
We're an Exchange/Outlook shop (but in the past 2.5 years have only had ONE machine infected with anything). If you've used Outlook, you know that when you create a new meeting request or appointment, you can easily adjust the time on the calendar form or on the appointment form itself.
Our new conference call scheduling system uses standard Outlook forms and sends email message out to participants. The other day, I got a call from an irate user telling me that her people had been telling her for weeks that 1/2 hour is simply too short for their calls. She was mad that we hadn't fixed this glaring problem yet. I calmly told her that she just needs to adjust the start and end times of the appointment...
I guess it woldn't frustrate me so much if we didn't get multiple similar calls eveyr single day from the same user!
Limbaugh DOS'ed the Capitol Hill Switchboard
by
Anonymous Coward
·
· Score: 0
Rush Limbaugh once gave out the Capitol Hill switchboard number on the air and had it promply shut down under the load of calls. He hasn't done it since.
Re:Limbaugh DOS'ed the Capitol Hill Switchboard
by
Lord+Kano
·
· Score: 1
I believe that one time Rush also gave out Rosie O'Donnell's fax number on the air.
Pretty much with the same results.
LK
-- "Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
Re:Limbaugh DOS'ed the Capitol Hill Switchboard
by
Anonymous Coward
·
· Score: 0
Maybe I'm mixing that up with something else, but I think that was made up to discredit Rush. However, that might have been a different time someone accused him of something similar.
Re:Limbaugh DOS'ed the Capitol Hill Switchboard
by
Anonymous Coward
·
· Score: 0
It does a better job discrediting democracy. Speaks volumes about the fact that people want to communicate with thier elected leaders. If they are given the opportunity they take it, and in mass numbers.
Re:Limbaugh DOS'ed the Capitol Hill Switchboard
by
Felinoid
·
· Score: 1
Well it is kinda hard to tell. I think of it as a preview of the worst FUD can do and I'm thankful Microsoft isn't any better at it than they are at security... The bad news is they are getting better at both.
On the other hand Limbaugh fell for it and he has enough experence in computers and lies to see through it.
"Heck, we can't use the companies that offer mirroring services - they're all running linux! Quick! Go buy 10000 Windows Server 2003 boxen, we need to setup some mirrors!"
"While we expect this attack to continue throughout the next few weeks, we have a series of contingency plans to deal with this problem and we will begin communicating those plans on Monday morning," Jeff Carlon, worldwide director of Information Technology infrastructure, The SCO Group, said in the statement.
Why wait until Monday?...unless they were in denial that is was going to happen. Seems to be a trend at SCO
But why does Feb 1st seem so familiar. Didn't something disastrous happen at this time last year?
I'll give you a hint. It starts with a "C" and ends with an "olumbia"...
Yes, it's the one year anniversary of the Columbia tragedy already. And here we are on Slashdot, talking about SCO being the "victim" of yet another DDOS, which was probably of their own making in an effort to paint the Linux community as a band of evil hackers and SCO the poor, innocent company under siege. Newsworthy indeed!
So basically, here's the year 2003 in review:
- A piece of foam impacting the RCC on the space shuttle's wing can destroy it.
- A software company can pump their stock by pretending to own Linux.
Guess we've learned a lot!
--
"To confine our attention to terrestrial matters would be to limit the human spirit." -Stephen Hawking
Interface design, not training
by
endoboy
·
· Score: 1
the users aren't the problem.
A system designed in such a way that an average user can accidentally break it is fundamentally flawed, and flawed in such a way that no amount of training will eliminate the problem.
Blaming the user is the last refuge of a bad designer.
Re:Interface design, not training
by
drinkypoo
·
· Score: 1
Any system can be used this way. We could be locking systems down so that users can't do diddly squat and it would prevent this problem. This is the way Unix achieves "security", by giving users very minimal rights. However if we were going to do this then we might as well use a model in which all users have only terminals and all applications run on servers. It defeats the purpose of having workstations. Or at least, that's the rationale. Personally I would choose to restrict user rights considerably.
Nonetheless human stupidity can break Linux, MacOS, or Windows. Does that mean all of those operating systems are useless?
-- "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Ignore the man behind the curtain
by
PetoskeyGuy
·
· Score: 3, Informative
Forget about the DDOS attacks. It's a distraction. The bigger problem is that the DDOS may be able to be changed on command to any other site on the internet.
This is a spam zombie virus. We need to work securing our comprimised systems and keeping them from joining the spam network and obeying the commands. If anyone has any real information about how this virus works as a relay and how to stop it at the network level please post it.
So far I've found the following links. Blocking port 3127 at the router seems like it could help a lot. Any other (real) solutions would be appreciated.
Actually, as a private computer techie, I've been removing MyDoom from my client's computers for the past couple of days. It really is amazing how fast it's spread...
You know, I've been hearing this everywhere, but I've yet to see one instance of MyDoom at our business. I guess we got lucky that it didn't infect any of the thousands of Windows boxes we have. Well, I take that back, I think there were two cases of people bringing in laptops from home and it popped up for a couple minutes, but as for workstations? None. The virus scanning picked them all out probably.
The last time SCO had a DDOS, did they figure out who did it? Is it possible that it was a test of the Mydoom payload?
www A 127.0.0.1
by
Stephen+Samuel
·
· Score: 4, Insightful
Given that they knew this was coming, and knew that they didn't have the bandwidth/CPU to handle the masssive overload, why didn't SCO Just set the A record for their website to 127.0.0.1 for a couple of days?? Either that or 192.168.42.42... With the former, a virus infected machine would simply attack itself. With the later, it would try to contact a well known address which would allow sysadmins to find any infected machine (and remove the virus) by simply looking for references to the address.
-- Free Software: Like love, it grows best when given away.
Got his wife on the answering machine
by
boy_afraid
·
· Score: 3, Funny
(801)424-2006
I just called his home and it sounds like his wife on the answering machine. It said something like, "Hello, you've reach the McBrides. We're not home at the moment, please leave a message and we'll get back to to you", or something to that effect.
I left a message:
"Sorry to say, but, you've been Slashdotted. Have a good Sunday."
and then I hung up.
Tee-hee-hee! Let's all/. his home phone! (I know this is cruel, but it's fun)
Re:Got his wife on the answering machine
by
Anonymous Coward
·
· Score: 0
Hey, boy_afraid-- Do you feel like a man now?
You've called his home and scared his family.
I'll bet you hit women, also.
Re:Got his wife on the answering machine
by
Anonymous Coward
·
· Score: 0
I can't wait to see you try and explain that "slashdotted" comment to the judge. Why suuuuure it just has to do with computers.
Re:Got his wife on the answering machine
by
DarthTaco
·
· Score: 3, Funny
Hello, you've reach the McBrides.
you should leave a message saying that you'd like to speak to her McHusband.
Re:Got his wife on the answering machine
by
boy_afraid
·
· Score: 1
You've got me thinking that it might have been a mistake. I hope they don't have Caller ID across state lines?
Re:Got his wife on the answering machine
by
Anonymous Coward
·
· Score: 0
Oh, yeah, there's caller ID across state lines. Start putting together your lawyer fees now.
Re:Got his wife on the answering machine
by
Afrosheen
·
· Score: 1
Are you kidding? ANI has been in effect for at least a decade nationwide. Caller ID has worked for out of state as well as some out of country calls for a long long time.
I guess you don't get many phone calls.:(
Re:Got his wife on the answering machine
by
Anonymous Coward
·
· Score: 0
Now that you have practically guaranteed that your number is logged, enjoy it as much as possible!! Go out and have a coke! Eat a cookie!
parent not to be taken seriously
by
Anonymous Coward
·
· Score: 1
as someone pointed out to my moron self, my troll in the parent post is akin to joking about a bomb in an airport in the current security environment.
sorry, shouldn't have posted that, maybe i was still drunk from last night. i didn't write it, i had nothing to do with it, and I apologize to everyone.
Ignoramous equally disturbing
by
bstadil
·
· Score: 3, Insightful
Before you spout more junk maybe you want to avail yourselves of some information.
The virus is written in Russia as a mail relay vehichle. They are just using the SCO issues as a foil, and indeed it worked on you. There even is an apology inside the virus from the author stating that he is just doing his "job"
While I'm on the blame Microsoft kick, I'd also like to point out that MS didn't put a bounty on the DOOM-A, which affected a much larger number of their customers... They only have a bounty on doom-B which is affecting far fewer customers, but inconveniencing Redmond.
-- Free Software: Like love, it grows best when given away.
Given that sco seems to have taken no real action to prevent this happening, even though the date and time of the attack were known, there may be an obvious explanation behind the attack.
That is, that SCO did it to itself in order to make itself look like a victim. This attack lets McBride paint SCO as the victim of "terrorists" (a term he actually used in a CNN interview), while letting linux backers look like the bad guys, which is something that the Utah Hustler has been trying to do all along.
--
My sig is too lon
Addy for condolescence cards?
by
Anonymous Coward
·
· Score: 0
I was thinking of sending Darl an electronic condolescence card. And maybe cards to some of the other poor SCO chiefs, and maybe some of their lawyers-- it really is a shame what has happened to them over the last year. I understand that some of them used to be such nice boys and girls.
So does anybody know the email addresses?
Re:Addy for condolescence cards?
by
c1ay
·
· Score: 0
Funny, i thought the linux community DOES consist of a bunch of overweight hippies who never get any excercise and live off a diet of potato chips and caffiene.
At any rate the moderators today don't seem to be able to tell the difference between sarcasm and a flame.
Its all that caffiene that does it.
Whoever wrote the virus is like one those EarthFirst! loonies who go arround spiking trees with steel pins to kill anyone who tries to chop down the tree with a chainsaw. Its just a person on a personal ego trip who does not care what their actions do to the reputation of the movement.
--
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
I Feel Bad For Him...
by
Greyfox
·
· Score: 4, Funny
I think we should all send him a present! For example, these guys will ship a big ol' batch of live crickets. For $58, we could ship ol' Darl 5000 crickets and I know that would cheer him up!
--
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Re:I Feel Bad For Him...
by
madmancarman
·
· Score: 3, Funny
For example, these guys will ship a big ol' batch of live crickets. For $58, we could ship ol' Darl 5000 crickets and I know that would cheer him up!
I'm in for $5. It's better than paying $699 later.
-- First they ignore you, then they laugh at you, then they fight you, then you win. -- Gandhi
Re:I Feel Bad For Him...
by
RealityMogul
·
· Score: 1
I'd prefer to send a live penguin, dressed in prison stripes.
Re:I Feel Bad For Him...
by
Anonymous Coward
·
· Score: 1, Funny
No! No! No! To the Chinese crickets bring good luck! What are you thinking? LOL!
Re:I Feel Bad For Him...
by
gcaseye6677
·
· Score: 1
Sometimes area farmers with manure that they are trying to get rid of will put up a sign saying 'free manure, delivery included'. If anyone in the Linden area sees a sign like this, they should call and tell the farmer they are Darl and to send over a truckload and dump it right on the driveway, in front of the garage.
Re:I Feel Bad For Him...
by
Anonymous Coward
·
· Score: 0
Just turn the damn things loose in the yard, and in a few minutes, the birds will eat them up.
All right, I've placed an order for this special, shipped directly to Darl's address:
Hatchling Special 1: 50 Mini Superworms, 50 Mini Mealworms, one vial of fruit flies (about the size of pin head crickets) Worms and flies are packed in food for long life with instructions. $13.95 Priority Mail Shipping included!
-
You can pay with PayPal, so you don't have to worry about giving your credit card number to a weird company selling roaches and "Confused Flour Beetles".
Hey, this small package was only $13.95, no shipping! They're out of roaches though.:(
-- All Hail Discordia. Hail Eris. Fnord.
it's pronounced 'litigious bastards'
by
Mister+G
·
· Score: 1
You give SCO too much credit....
by
lysium
·
· Score: 1
makes you wonder if they had anything to do with the virus itself?
I do not wonder, because quite frankly, no one at that company is smart enough to pull it off. Just look at the quality of their current scheme, and then compare it to the logistics of planning, deploying, and concealing something like a virus in today's paranoid atmosphere.
At most, SCO will pretend to be hurt by he virus more than it really is, much like a basketball player who writhes on the floor in hopes of a foul call.
========
-- Together, we will drive the rats from the tundra.
Re:You give SCO too much credit....
by
the_mad_poster
·
· Score: 1
Would that be the paranoid atmostphere in which millions of morons happily clicked open unknown, executable attachments leaving us with the current situation?
-- Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
Searching for A record for www.sco.com at l.root-servers.net: Got referral to I.GTLD-SERVERS.NET. [took 95 ms] Searching for A record for www.sco.com at I.GTLD-SERVERS.NET.: Got referral to c7ns1.center7.com. [took 152 ms] Searching for A record for www.sco.com at c7ns1.center7.com.: Reports that no A records exist. [took 100 ms]
Answer: No A records exist for www.sco.com. [Neg TTL=1800 seconds]
Details: c7ns1.center7.com. (an authoritative nameserver for sco.com.) says that there are no A records for www.sco.com. The E-mail address in charge of the sco.com. zone is: hostmaster@caldera.com.
Re:removed it from the DNS
by
MuParadigm
·
· Score: 1
Yeah, they removed the A records for www.sco.com, but the records for sco.com are still there with the same address.
I just tried to go to sco.com, it redirected me to my own localhost server! wtf? I haven't set that up (redirects, etc.) , how does this happen?
Re:What the hell?
by
dave1212
·
· Score: 2, Informative
Seeing a few other comments saying that they're seeing the Apache default install page, but I think they're actually seeing their own localhost, not set up yet.
What would have been cool in this instance would be to direct www.sco.com to some network that could try to handle the traffic and perform an audit estimating how many computers are actually infected. Basically an "official idiot count" of people on the net who execute unknown file attachments.
One assumes that every source of the worm propagating e-mail exposes the IP address of a compromised computer. I'm surprised someone hasn't written a script through the back door to either wipe out the virus or pop-up some, "Hey you're a moron" message. Obviously that wouldn't be any more legal than the worm itself, but it begs the question if "infections" on the Internet may eventually be treated like real-world outbreaks which force higher authorities to administer treatment.
This is very bad
by
Anonymous Coward
·
· Score: 1, Funny
This is very bad. These guys are professional slip-and-fall lawsuit artists, and what a slip-and-fall artist does is to go "waaah!!! I am the victim!!! pay me!!!"
I wonder how much Kazaa has to do with this
by
RodeoBoy
·
· Score: 2, Interesting
In my experience I see more viruses on machines that also have some sort of P2P or Aim software installed. This virus was putting a copy in the users Kazaa share. There is huge issues with this stuff, but the media continues just to talk about email.
Lawyer think...
by
LinuxGeek
·
· Score: 3, Insightful
Yeah, I read that and knew that couldn't be the mindset of a technology company. It must be true that SCO has completed the transition into a litigious entity. I mean, who is going to buy or trust OS software from people that had 5 days notice of this event and couldn't think of a single thing to do to protect their site?
Registrar: DOTSTER
Domain Name: SCO.COM
Created on: 03-SEP-87
Expires on: 02-SEP-04
Last Updated on: 22-JAN-03
Take note that the last change of their domain record was a year ago last sunday,. No one even bothered to do something as simple as change www.sco.com to a place holder on another subnet and then use their massive free publicity to announce their alternate name for the duration of the virus DDOS attack.
When the response boils down to nothing more than a promise to make more announcements, well, I think they are sacrificing what is left of their technical reputation.
--
Kindness is the language which the deaf can hear and the blind can see. - Mark Twain
Re:Lawyer think...
by
LinuxGeek
·
· Score: 4, Informative
Correction to make on my previous post. I had already done a dig and nslookup, but on sco.com and not www.sco.com.
[root]# host www.sco.com Host www.sco.com not found: 3(NXDOMAIN)
SCO has updated their dns servers and axed the record for www.sco.com. NXDOMAIN means no such domain. Wonder why SCO didn't announce that they themselves took www.sco.com completely offline.
Hopefully the media will know about this when SCO complains about the DDOS attack. Now I know why the rest of their services are fairly intact and responding.
--
Kindness is the language which the deaf can hear and the blind can see. - Mark Twain
You would only need to update the registry if you wanted to change the owners of the domain, the contacts of the domain or the name servers of the domain.
Changing anything else doesn't require changing the domain entry, only the Name Service records.
Re:Lawyer think...
by
Anonymous Coward
·
· Score: 0
oh hey, lots of people are going to be watching that domain come September 2nd... it would be fairly amusing if they forget to reregister it and someone snaps it up and redirects it to tubgirl or something else fairly appropriate.
SCO has updated their dns servers and axed the record for www.sco.com. NXDOMAIN means no such domain. Wonder why SCO didn't announce that they themselves took www.sco.com completely offline.
Hopefully the media will know about this when SCO complains about the DDOS attack. Now I know why the rest of their services are fairly intact and responding.
Well, I don't see what's wrong here (unless SCO wrote the virus). It makes a lot more sense to take your name out of DNS than to have your servers being hammered all day.
In fact, it's probably helping out everybody on the Internet because if everybody infected with MyDooom can't resolve sco.com they can't attack SCO.com, which would slow down the entire Internet.
I don't understand what you're complaining about.
PS. I'm not pro-SCO.
-- I remember when legal used to mean lawful, now it means some kind of loophole. - Leo Kessler
Re:Lawyer think...
by
LinuxGeek
·
· Score: 4, Insightful
My point is that sevaeral SCO folks ( and Darl specifically) are blaming the actual traffic flood, even todays PR release.
LINDON, Utah, Feb. 1/PRNewswire-FirstCall/ -- The SCO Group, Inc. (Nasdaq: SCOX), the owner of the UNIX(R) operating system and a leading provider of UNIX-based solutions, has confirmed that a large scale, Denial of Service attack has started that has made the company's Web site, www.sco.com, completely unavailable. Internet traffic began building momentum on Saturday evening and by midnight Eastern Time the SCO Web site was flooded with requests beyond its capacity. The company expects these attacks to continue through Feb. 12.
SCO has made their website completely unavailable by removing the www.sco.com name record, not a flood of packets. They have mentioned nothing about packet filtering at the router level or any alternative method of keeping their main site online. When the attacks start flooding Microsoft, do you think they will just take their main site down or look at a solution that keeps them up?
I'm only pointing out that SCO is not being honest about the reason for their web sites complete unavailablity. They could still be online with several alternative options that they aren't exploring and want to act like they have no choice in the matter. It looks like they are taking the 'poor me' attitude when things could have been made much better with a little effort.
Maybe their site isn't as important to the operation of their new business model. It may be an even bigger asset to them as a publicity tool while it is down ( due to their lack of name record). When I see them admit that they took it down themselves, then they will have a bit more credibility. With no name record, thus no actual attack on their site, they can't know when the attack would have ended or how severe the flood would have been. They can't really track the attack via DNS lookup operations because that can't give an accurate picture of the potential flood, only the number of participating machines.
They've removed the means to gather statistics about the attack and devise means to counter a defense. The opposite of what I would expect of Microsoft, IBM, Symantec, RedHat, Slashdot or thousands of other sites on the internet.
--
Kindness is the language which the deaf can hear and the blind can see. - Mark Twain
Ah, okay. Well, it *is* possible that the nameservers weren't changed until after there site was knocked out. But I see now that your point is that SCO.com hasn't mentioned that they took themselves out of DNS and may be trying to hide this fact.
I'll guess we'll see today or tomorrow if they bring this up.
-- I remember when legal used to mean lawful, now it means some kind of loophole. - Leo Kessler
Much as I hate to say it, it's a pretty smart move on their part. Mydoom.A digs for www.sco.com every 60 seconds, so doing a DNS chan ge like the whitehouse did a couple years back won't let them avoid a DOS. The downside to it is, from their point of view, they don't have any evidence of the DOS a la firewall logs, etc when it comes time to prosecute the author of the worm.
Myself, I say screw 'em. If a company takes actions that get an unfavorable from a lot of people online, one should expect compromise attempts and DOS attacks. Considering also that they knew this was coming, I don't have too much sympathy for them.
--
Yes, my only tool is a hammer. And you're starting to look like a nail.
Re:Lawyer think...
by
Anonymous Coward
·
· Score: 0
instead of removeing the record, why not change it to 127.0.0.1 with a 1 week timeout
Re:Lawyer think...
by
Anonymous Coward
·
· Score: 0
Hopefully the media will know about this when SCO complains about the DDOS attack. Now I know why the rest of their services are fairly intact and responding.
"SCO has updated their dns servers and axed the record for www.sco.com. NXDOMAIN means no such domain. Wonder why SCO didn't announce that they themselves took www.sco.com completely offline."
Quick! Somebody buy the www.sco.com domain!!
Re:Lawyer think...
by
zem_11
·
· Score: 2, Informative
As I recall, wasn't their last supposed ddos rather questionable as well? I recall being able to access ftp.sco.com (one ip away) and investor.sco.com was up with their complete website.
That time there was at least some data to suggest that an attack had taken place, but this time I really have to wonder. After all, in the lab the worm ONLY resolved www.sco.com, no attack was made regardless of the date. By pulling the dns records they elimnate all data regarding how big the attack is, or if it even took place.
It all stinks if you ask me, and I really have begun to doubt there is an attack at all.
This link works. Yeah, FUD indeed; we will probably see plenty of it today.
--
Kindness is the language which the deaf can hear and the blind can see. - Mark Twain
Re:Lawyer think...
by
Anonymous Coward
·
· Score: 0
Problem is, that although www.sco.com has been removed, you would have to buy it from the owner of the sco.com domain, which is still online, and owned by SQO.
This virus is very hard to catch - people actually have to dobule click on the attachments, so how the hell does it manage to spread against those odds?
If you believe US government is so irrational that it would actively take sides in civil lawsuits because of a few viruses, how can you hope to fight SCO in legal ways?
I do think (news site and their own) front page publicity on how much SCO is hated has its benefits. Darl himself will not be deterred, but rank-and-file SCO employes and even lawyers must be sending resumes as we speak. Would you want to work for a company that was so hated? Nobody tries to DDOS the place where I work...
Also, if you were asked to pay $699x1000 for each of your Linux boxes, this kind of news might encourage you to wait and see.
What we need is to show Darl, in legal ways, how much he is hated in real life rather than just on Internet. If his residential community asks him to move out, restaurants refuse to serve him, hotels refuse his reservations, people spit on the ground and cross the street where he walks, he might just reconsider weather he wants this kind of life.
If you believe US government is so irrational that it would actively take sides in civil lawsuits because of a few viruses,
how can you hope to fight SCO in legal ways?
I don't necessarily believe that the government would "actively take sides" in the lawsuits. And I'm certainly glad that I don't personally have to fight SCO in legal ways. I think it's great that they decided to pick on IBM. Not that I dislike IBM, but I have a great deal of confidence in their legal team. Given the sheer economic value represented by GPL'ed software, such a fight was probably inevitable anyway. IBM defending the GPL in court against those who appear to be (in my opinion) a bunch of buffoons, seems to be to be the best possible scenario.
An association between Free Software and viruses/worms/spam in the public perception would certainly be detrimental, however you look at it. I am concerned that it could cause Congress or the administraion to be more sympathetic to commercial software companies that might claim they needed laws or executive orders to defeat "cyberterrorism".
For example, a law could be passed requiring some form of mandatory warranty protection for software programs. I could see the public buying into that one. Or mandatory DRM, or "anti-spam" legislation. Without specific exceptions for Free Software (which might be difficult to define), it could make life very difficult for free software developers in the US.
It will get hit more from people from Slashdot trying to see if the site is up or not.
Triumph of the computer illiterate.
by
Winkhorst
·
· Score: 1
"But with so many computer clocks incorrectly set, the infected machines began firing off data requests at SCO.com hours earlier...."
This says something fundamental about the folks whose computers are being used for this attack. And it does not bode well for any user-based attempt to solve ANY computer problem. There are just too many folks out there whose VCRs continuously flash 12:00!
-- "Is this Winkhorst a nova criminal?" "No just a technical sergeant wanted for interrogation."
This doesn't help me at all...
by
futureslug
·
· Score: 0, Offtopic
Being an Apple Consultant, this virus doesn't give me any more work to do. Maybe I should have been a Windows guy instead...
Guess it isn't a problem in Russia...
by
PenguinRadio
·
· Score: 1
"Russia usually does better fighting e-mail viruses than the United States because systems administrators are generally more competent here and install protection quicker"
Though that was a funny quote from this story about the fact the virus was traced back to Russia.
I think it's just some sort of slashdotting, all the linux geeks running traceroute, ping and whatnot, having invited all their friends to their house wanting to watch as it happens - "hey is sco coming down?" "not yet, lets check if I can still download sco linux":-)
I find the article dangerously misleading, saying things like "The MyDoom.B variant, which is also programmed to attack SCO". This reporter guy totally ignores that it can be very well smokescreen tactics used by spammers to discredit the spam-fighting Free Software-Community. Instead he writes like a SCO marketing drone.
I am awaiting the continuing FUD from the bastards at SCO, blaming us Linux users, when in fact, the attack is solely coming from an army of owned Windows boxes.
Grab your umbrellas, it will be raining FUD by coffee break tomorrow.
-- DISCLAIMER:
I don't believe what I write, and neither should you.
According to the Reuter's graphic attached to the article, it's actually SGO not SCO. Did the poster even read _all_ the article?:p
-- [alk]
Microsoft won't get hit.
by
Anonymous Coward
·
· Score: 1, Insightful
MSFT already changed their DNS entries. (do a host www.microsoft.com) Akamai's caching service will handle all the requests. They already used this technique before. Check netcraft for more details.
They brought it on themselves...
by
KC7GR
·
· Score: 1
While I don't agree with DDoS, or other criminal-type computer activities, it's awfully hard for me to shed a tear for either SCO or Micro$platt.
Phrases like "You Reap What You Sow," and "What Goes Around, Comes Around" keep coming to mind (or is that 'What SCO's Around...)?
In short: Darl "Darth" McBride and Billy-boy brought this all on themselves by behaving as they have. Maybe, if they were both a lot less arrogant and self-righteous, they wouldn't be in trouble now.
--
Bruce Lane, KC7GR,
Blue Feather Technologies
Re:LinuxWorld has two articles now on SCO vs MyDoo
by
Anonymous Coward
·
· Score: 0
in that second one the Groklaw gang are shown to be as sharp as ever - worth reading
Check this out
by
Anonymous Coward
·
· Score: 0
"Paul Thurrott's Internet Nexus, and honest look at Mac OS X, Linux and other Windows Alternatives."
http://www.internet-nexus.com/
Yeah, "fair and balanced," Paul Thurrott! Who do you think you're fooling? Paul Thurrott's Mom? Paul Thurrott's Bill Gates? I'll have to take Paul Thurrott's printout of Paul Thurrott's musing to Paul Thurrott's bathroom with me
Re:Check this out
by
Anonymous Coward
·
· Score: 0
Paul's a "misologist," ya know. He really hates non-Microsoft stuff, although he tries to play himself off as "reasonable." I don't know why he's such an MS-Zealot, but he is. He's on a Jihad for Clippy, or something.
What about Version B?
by
randomErr
·
· Score: 2, Interesting
Is version as wide spread as version A? What, if anything, is Microsoft doing to prepare for the coming DOS attack?
-- You say things that offend me and I can deal with it. Can you?
Re:What about Version B?
by
Zoolander
·
· Score: 1
Will they take themselves out of DNS?
That would be a hoot!
-- Meep.
For the humour impaired moderator...
by
Anonymous Coward
·
· Score: 0
...that was humour.
They wanted to be DDOSed
by
GNUALMAFUERTE
·
· Score: 0
If yoy know you are going to be hit, you just drop your apache, install a lightweight webserver, replace your homepage for just static content, with no cgi, no scripts, and put a message saying that services that rely on dinamic content won't be available until next week. Then you set conection limits in an per IP address basics, it's fucking easy, you can even do it with PortSentry, 5 minutes to set it up.
So, it's more than obvious that:
1) They wanted to play the victim's role 2) They are running Unixware, and all you need to ddos 'em is a few 386 with 14.400 ISA modems.;)
-- WTF am I doing replying to an AC at 5 A.M on a Friday night?
Linux "community"? Oh come on, you can't even get two Slashdot users to agree on the same thing. There must be two different distros for each user. About the only thing that "unites" us as a community is our massive hatred of SCO. Oh wait.
Nevermind
--
No, Thursday's out. How about never - is never good for you?
My god how stupid can you be?
by
spitzak
·
· Score: 1
Give a file "virus.exe" the same icon graphic as a word file, and most users wouldn't know the difference.
And showing the wrong icon is not a bug? Get a clue: that's part of the whole "hiding the extension" bug! You could "unhide" the extensions by drawing the correct icon for the extension. It's part of the bug!!!
On the other hand, if you don't hide the extension, then each of us here would be constantly dealing with dumb users who have renamed "Document1.doc" to "Report" (no extension). For 99% of users, hiding extensions is a good idea.
Please explain why "hiding the extensions" has anything to do with "stop the user from changing the extensions"
Re:My god how stupid can you be?
by
Dahan
·
· Score: 1
And showing the wrong icon is not a bug? Get a clue: that's part of the whole "hiding the extension" bug! You could "unhide" the extensions by drawing the correct icon for the extension.
Well, I'm not wondering how stupid you can be--I already know: very stupid. EXE files have whatever icon the EXE file author puts in there. If some worm writer puts the Word Document icon into their EXE, the Word doc icon would be the correct icon to display.
Re:My god how stupid can you be?
by
spitzak
·
· Score: 1
And you are saying this behavior is not a bug or security problem?
This requires the program to actually LOOK INTO THE.EXE to find the icon! This means they KNOW the program is exectuable, so they are actively trying to assist it in fooling the user!
How about the mail or browser programs display some EXE icon. If the user copies it to the desktop then the icon can be changed to what is imbedded in the program. They should also refuse to run it or copy it to the desktop without a big warning message, but the fact that there is no warning cannot really be considered a bug.
Better yet, it should show the EXE icon even if it goes on the desktop. You have to run it and it has to do something to the registry for the actual icon to appear. The icon does not appear for "documents" until the registry is messed with so I can't see this being too much of a problem for any real program.
I am absolutely amazed that people like you can be so blinded by your use of Windows that the concept of "don't display the icon imbedded in the.exe" is apparently inconcievable to you! So I will reiterate that you are pretty stupid. Think for a change!
We /.'d Reuters
by
Anonymous Coward
·
· Score: 0
Wow... Reuters is/.'d... kinda surprising considering that they are one of the larger news orgs... Ya think they'd have more bandwidth...
Oh well, I suppose they could always use/. as a mirror for their more important stories... Maybe it could become a side business that makes Taco some $$$
I suppose it really is not a useful part of the discussion, but if you glance at the graph included with the article, it clearly says "...the website for software firm SGO..."
I just thought it was kid of silly... ust goes to show you, it's easy to miss proofreading a graph, and an important lesson for college students everywhere: Check your graphics!
It's not "loose", fucker... it's LOSE
by
Anonymous Coward
·
· Score: 0
lose v. lost, (lost, lst) losing, loses v. tr. To be unsuccessful in retaining possession of; mislay: He's always losing his car keys.
To be deprived of (something one has had): lost her art collection in the fire; lost her job.
To be left alone or desolate because of the death of: lost his wife.
To be unable to keep alive: a doctor who has lost very few patients.
To be unable to keep control or allegiance of: lost his temper at the meeting; is losing supporters by changing his mind.
To fail to win; fail in: lost the game; lost the court case.
To fail to use or take advantage of: Don't lose a chance to improve your position.
To fail to hear, see, or understand: We lost the plane in the fog. I lost her when she started speaking about thermodynamics.
To let (oneself) become unable to find the way.
To remove (oneself), as from everyday reality into a fantasy world.
To rid oneself of: lost five pounds.
To consume aimlessly; waste: lost a week in idle occupations.
To wander from or become ignorant of: lose one's way.
To elude or outdistance: lost their pursuers.
To be outdistanced by: chased the thieves but lost them.
To become slow by (a specified amount of time). Used of a timepiece.
To cause or result in the loss of: Failure to reply to the advertisement lost her the job.
To cause to be destroyed. Usually used in the passive: Both planes were lost in the crash.
To cause to be damned.
Re:It's not "loose", fucker... it's LOSE
by
RedWizzard
·
· Score: 1
What's sad is that it was correctly spelt in the quote from the earlier post. It was right there in front of him and he still couldn't spell it right.
Now finally, there is a store that deserves to charge for handling on top of shipping.
....what the?
by
Anonymous Coward
·
· Score: 0
"SCO has drawn the ire of the so-called "open source" programming community"
*sputters incoherently*
_so-called_ open-source?!?!??
Oooooooh, that just gets right on my wick that does....
More news
by
Anonymous Coward
·
· Score: 0
From netcraft
SCO have done the public spirited thing and taken www.sco.com out of the DNS. This means that there will be no more http traffic travelling across the internet from the infected machines to www.sco.com. Plausibly, the hostmaster's plan was set the TTL to 60 seconds to give himself the flexibility of having changes propogate promptly, and then see what the http traffic was like before making a decision to remove the site from the DNS. He has now decided that he has seen enough. SCO may also have been the subject of pressure from ISPs to put a stop to the http traffic.
It's about time.
Can you blame Paul Thurrott?
by
Anonymous Coward
·
· Score: 1, Insightful
The guy has invested his CAREER as a Microsoft marketing shrill. Maybe they require this kind of service from him, so he stays in favor and gets free CD's. Maybe this is the only level he can compete at, so he considers trickery and manipulation to be fair tools for a journalist.
We have a WINDOWS virus spreading over the net. You'd think he would just SHUT UP about UNIX for one day...
Stuff you write on the Internet lasts FOREVER. I don't even wish this on him, but someday he'll be interviewing for work and he will be asked about this. When presented with a question if he knew UNIX mail servers to be implicated in this massive DDOS... I don't see how either a "yes" or "no" answer could yielding a favorable impression.
It's one thing to be wrong, but to twist words in an information-related profession is just plain *damning*! If he was afraid of UNIX taking over before, he better worry more because now his future is compromised. Perhaps Paul should re-consider his career, and work for Fox News.
stop visiting sco.com!
by
Capt.+Beyond
·
· Score: 1
SCO is confusing the/. effect for a DDOS. Stop visiting sco.com!! They are using the/. effect for their own FUD purposes. And the media is simply eatting up anything SCO says as fact.
-- --
"Perceptions create reality. By changing your perceptions you change your reality."
it will do more harm than good to the Linux cause.
Why? Can you prove that an Open Source or Linux developer/distriibutor/end-user posted those details?
And if so, can you please explain how does this affect lawsuits/countersuits against/by IBM/Redhat, et al?
How does this affect the development/distribution/adoption of Linux?
Just wanting to know your reasoning, that is.
Re:www A 127.0.0.1
by
Anonymous Coward
·
· Score: 0
A great idea, but for SCO wouldn't that be too smart and too conducive to dealing with things in a productive manner.
FAKE attack?
by
SparkMan
·
· Score: 3, Interesting
Not sure what's going on here but:
C:\>ping www.sco.com Unknown host www.sco.com.
C:\>ping www2.sco.com
Pinging www2.sco.com [216.250.128.33] with 32 bytes of data:
Reply from 216.250.128.33: bytes=32 time=71ms TTL=49 Reply from 216.250.128.33: bytes=32 time=69ms TTL=49 Reply from 216.250.128.33: bytes=32 time=69ms TTL=49 Reply from 216.250.128.33: bytes=32 time=68ms TTL=49
Ping statistics for 216.250.128.33:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds:
Minimum = 68ms, Maximum = 71ms, Average = 69ms
The first ping, the "Unknown host" failure, is NOT a DoS failure. It means their www.sco.com DNS record has been removed from the public database so that nobody can lookup the IP address anymore. You can try to ping (or load the web page) all you want but your computer is doing nothing because it doesn't know what IP address to go for.
The second ping, the success, works great. If www2.sco.com is on the same physical connection that www.sco.com normally is on, then this demonstrates that their network connection is not currently encountering any significant attack.
Anyone with a brain wouldn't attribute the actions of a few to a whole group.
I know my opinion is popular, but that's exactly the reason why we can just lay back, relax, and have a good laugh while this worm does it's thing.
-- We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
SCO isn't down because of MyDoom
by
geekee
·
· Score: 1
It's just the/. effect from the main post.
-- Vote for Pedro
But wait!!! I can prove it's not the virus.
by
dtfinch
·
· Score: 5, Informative
www.sco.com no longer resolves. They removed it from their name server yesterday. Only sco.com without the www resolves to an ip address. The attack should be almost completely averted by now because of this, but sco.com is still down.
The only possible cause I see for them to still be offline is if they took it offline themselves, or there's been another attack that they've failed to mention to the press, but it's unlikely that they'd turn down any opportunity to slam us if that were the case. Check it yourselves. The worm specifically attacks the domain www.sco.com, which no longer exists, and the dns entry expired yesterday. All that worm traffic should be going to oblivion by now, because Windows doesn't reuse expired dns records when requery attempts fail.
Why does everyone hate SCO?
by
marinebane
·
· Score: 1
can someone explain to me why everyone hates SCO? i want to hate them too, but i dont know the reason...
Re:Why does everyone hate SCO?
by
Anonymous Coward
·
· Score: 1, Funny
OK, I'll bite.
Seeing that you got to/. with no assistance and even managed to make a post, I'd say you might be salvagable. Now, when you're on/., look to the left and you'll see a column of words which have no meaning to you. Now use your mouse (you know, the thing you've been using as both a microphone and a foot pedal unsuccessfully for the past 4 months) to move that arrow-looking thingie over the word "Topics" in the "Stories" subcategory. Now press the left button on your mouse. No, your OTHER LEFT!!! OK, now you'll have to wait while the internet "loads" onto your computer. Now use the mouse doohickey to move the arrow thing-a-ma-bob over the word "Caldera", press the left mouse button again. Then the internet will "reload" onto your computer. You'll see a bunch of "links" (don't know why they're called that because all they do is LINK you somewhere else). Take your time and LEFT-CLICK on each of the links, RTFA and use a little common sense. Before you know it, not only will you understand WHY everyone hates SCO, but you'll be one of them.
Re:Why does everyone hate SCO?
by
craznar
·
· Score: 1
Seeing that you got to/. with no assistance and even managed to make a post, I'd say you might be salvagable.
If Sarcasm is the lowest form of wit, then was is long drawn out, bold, capital, blatant, hit with a brick sarcasm ?
Re:Why does everyone hate SCO?
by
marinebane
·
· Score: 1
your post gave me a good laugh... i think i am beginning to understand.
oh, and for the record, i am not a newbie, although it might have been a newbie question. you may not beleive me but i actually use linux on one of my computers, and i am adept in computer skills. it just so happens that i am forutanate to not have to deal with SCO in the past.
The Mydoom virus overwhelms the website of US software firm SCO, which owns the Unix operating system.
---
Since *when* did SCO own Unix? This is exactly what's wrong with the mainstream media - SCO is loosing it's court battles, and it's generally accepted that SCO is lying out of it's ass - but the BBC doesn't care to investigate the facts and continues to spread Darl's untruths. They are absolute fools.
SCO now pointing to 127.0.0.1
by
TheSpoom
·
· Score: 1
SCO has now set the A record for its domain to 127.0.0.1, possibly taking advice from the Netcraft article posted here earlier;^)
-- It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
makes you wonder if they had anything to do with the virus itself?
(Adjusts tin-foil hat)
It had to be SCO behind this virus! Anyone who would disrupt Superbowl Sunday like this is just downright unAmerican! That's so evil that only SCO could be the ones responsible!
Ahhhh! Ahhhhhhhhhh! (Runs off foaming at the mouth)
Is it just me or does anybody else think that if the open source community were to launch an attack on SCO, it would be much more powerful than a DDOS. We have some of the most creative people working on our side I mean come on.
Let's all do it !!
by
Anonymous Coward
·
· Score: 0
Fantastic !
I'm going out to the local discound store to buy some cheap and nasty cards (happy 7th birthday will probably do) and post them to him.
Some simple message (Hands off Linux you thieving bastard, PS - please recycle this card) will probably get the point across.
Postage may be a bit steep from Australia, but what the heck.
Why don't you American whingers stop sobbing in your milk and do the same ? If you cared about the problem, you could do similar.
Surface post within the US should be cheap, and I like the idea of someone delivering sackfulls of cards and letters to him, so that someone has to sorth the good from the bad.
Kind of like a twisted 'Miracle on 34th Street' but without Santa Claus
Don't mod me down - this is serious. Why don't we all take this protest into the 'real world' and snail mail him our thoughts ?
If darl's email addy was targeted with mydoom. We had a catchall running on our site a little while ago while we switched hosts, and the bulk of email coming in was directed at people's first names.
Wouldn't it be funny if darl@sco.com was sent mydoom and he installed it? So like he'd be attacking SCO.
That would be priceless.
Although it's very sad to see anyone in the Open Source community stoop this low. I think we would all agree (bitterly) that this is the wrong way to deal with the legal agressor that is SCO. But I guess if you piss enough people off, something like this is bound to happen.
Re:I wonder
by
Anonymous Coward
·
· Score: 0
Who says that Darl/SCO didn't have mydoom created himself? And now playing the poor victim of those nasty virus making linux users, that by the way stole his sores.
Of all days to pick a fight, they had to pick Sunday, a day when businesses are closed and most people are at home relaxing? It's like putting on a condom when there's nobody but your left hand around...
--
eTrade SUCKS
You got to love the venom here.
by
Lord+Custos
·
· Score: 1
Note how this is phrased:
SCO has drawn the ire of the so-called "open source" programming community who object to SCO's claims they have copyright control over key pieces of the Linux operating system.
You can almost hear the venom dripping off the reporters fangs.
Several have pointed out that www.sco.com doesn't even resolve anymore; it looks like they just pulled its DNS records. What no one seems to have pointed out is that sco.com (no www.) seems to be being null-routed before it gets anywhere near their network; a traceroute takes me onto Level3's network (after my ISP), but stops there. Hosts like mail.sco.com and ftp.sco.com go another ~10 hops onto XO's network.
I don't doubt they're being inundated with traffic, but with www.sco.com not even having a DNS record, and sco.com being null-routed, its no wonder their site is down: it's their own doing! That's a pretty interesting approach to handling the attack, especially since a lot of good data centers can easily filter out a lot of common DDoS-type attacks without denying any legitimate traffic. (That said, I have no idea how this particular virus works, so it's possible that it's not as simple.)
-- ________________________________________________
suwain_2:: quality slashdot p
What I want to know is how many people infected their computers on purpose and how man just didin't remove the virus after they found it? Most prople won't do a criminal act will but ignoring somebody elses?
I don't smoke crack, but I don't care if you do.
I guess it's a similar mentality.
LK
-- "Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
SCO is running their site on www2.sco.com
by
denks
·
· Score: 0
If you have a look, they have their site running on www2.sco.com.
If you click a link that takes you to a www.sco.com page, just replace the www with www2 and everything works.
--
I am Monkey, the Great Sage, equal of heaven!
Agreed...
by
Anonymous Coward
·
· Score: 0
If you think about it, this gets them the same thing the lawsuit did. News coverage. It also lets them perpetuate the lie that someone in the linux camp had something to do with this. SCO is not loosing revenue, and they may be able to sway some sort of sympathy support from businessmen. I know the papers/press in Utah had a very weird slant last week.
I have my theories about who is behind it. My gut says it's organized crime. That is who I believe may be behind many of these mass worms. The worms themselves don't carry a nasty (delete files, format, etc) payload.. other than creating a ton of network trafic.
What happens after the mass worms is a mass clean up. About 1-2 weeks or afterwards the machines that are still infected show the crime rings exactly which machines they can own as good DDoS or Spam sites because they have been proven to not be watched closely by their admins.
This theory is based on researching which DDoS zombies were hitting our customers the most. We found that a high percentage of them had signs of a previous worm infection.
We'll see what comes of this:).
Any Vegas bets/odds on MyDoomB vs. Microsoft.com
by
scupper
·
· Score: 1
Is anyone placing bets/odds on MyDoomB shuting down microsoft.com? Have bets been placed in Vegas before on viruses' success/failure against a target in a DDoS attack?
Just a note. After seeing your above post, I read that article. It angered me enough to write a letter in response to an editor there, who apparently forwarded it to the author, Steven J. Vaughan-Nichols. (I couldn't locate the author's email easily, so I sent it to one that I could find.)
Well now I'm engaging in an email point-counterpoint with this guy. He says he apparently has been reading and posting to/. for quite some time. So maybe he could please stand up here? That is, if this post doesn't get modded to oblivion by Mr. Vaughan-Nichols, since that is how I took the following from the email exchange:
I'll be sure to look for your posts the next time I moderate, since you clearly know nothing about me or my work
I'm not sure how to take that, sounds almost like a threat to me. I wasn't trying to shame the guy here, but I'm not sure how else to put that. Honestly, I'd like for this gentleman to show himself here with his "many years" old UID to post to us, to explain his usage of the post the way he did.
Well, with SCO taking the record of their site off the nameserver, perhaps we could start distributing a batch file to update the HOSTS file with www.sco.com and a valid IP address?
What's the Password ?
by
Anonymous Coward
·
· Score: 0
It's a password protected directory.
How's about reposting the link with the userid and password ?
Re:Finally!
by
Anonymous Coward
·
· Score: 0
Having mixed feelings on this is like Muslims having mixed feelings about the World Trade Center.
Quote of the Century
by
Anonymous Coward
·
· Score: 0
"Rather than try to continue to fight, we felt it was more advantageous to bring the site down and make that bandwidth available or other users," said SCO spokesman Blake Stowell, adding t 536870913 1751217184
Meanwhile in Darils office at SCO
by
Felinoid
·
· Score: 1
Programmer "Sir I must object again. We created two perfictly good viruses as it is we don't need a third targeting Slashdot." Darl "Why not?" Programmer "Becouse it would show it wasn't made bt someone in the Linux community." Ring Darl "Hold on..." answers phone "Hello?" Other side of phone (Bill Gates) "Dam it Darl what's this I hear about two viruses. If I find out your behind this Linux will be the LAST thing on your mind." Darl "Gates baybe.. relax old Darls got it all under" (click) "Hello?" (hangs up phone) Seeing the programmer is still in the office "Don't you have a virus to write?" "But Darl you can't imagin what a horriflcly bad idea..." Darol interupts "Now..." "yes sir.." Head hangs low.
Now that they are back up, look at the picture of the laptop on the main page, is that an iBook?
My ISP doesn't like SCO either...
by
thogard
·
· Score: 1
A few seconds ago my upstream (NTT/Verio/DavNet) sent me this:
In order to prevent any disruption to your service caused by the illegal traffic generated by this worm, we have filtered access to the site www.sco.com. You will therefore not be able to access this website. The DNS entries have also been removed by the owner of the site.
I wonder if they will remember to turn it back on after the 12th or if they will simply BOFH it and forget about it.
~~666~~
by
Anonymous Coward
·
· Score: 0
The Devil take SCO AND Microsoft!
Madagascar Roaches and Former Bosses
by
BigBlockMopar
·
· Score: 1
I think we should all send him a present! For example, these guys will ship a big ol' batch of live crickets. For $58, we could ship ol' Darl 5000 crickets and I know that would cheer him up!
They sell Madagascar roaches! Yay!
There was a place on Richmond Street in Toronto which used to sell specialty insects (including hissing roaches) for the film and television business.
And there was once this guy who got a raw deal from his boss, who had an absolute terror of roaches. When he left the company, he visited his former boss's home on a cold winter night, holding a small container under his jacket to keep it warm. With a broom handle through the dryer vent, he was able to dislodge the dryer duct. Opening the little container right beside the dryer vent, the roaches reacted quickly to the warmth and entered the house. 6 males, 6 females, each about 2" long.
This guy's former boss moved out within two months.
Why would a "normal" company publicize in advance how they were going to combat the attack? Wouldn't that just give the virus writers a chance to modify their strategy? It would be like John Fox publishing his playbook right before the Super Bowl.
This is only true if the worm contains a bot, but even then it's risky to the virus author. Many windoze born diseases like this worm contain bots that give some control of the machine to the worm's author, but using that control with people watching will get you busted.
If SCO wanted to keep their plans to themselves they would. Their Sunday anouncement of their plans to anounce their plans the day after the attack is supposed to commence makes little sense.
--
Friends don't help friends install M$ junk.
Re:nonsense either way.
by
Anonymous Coward
·
· Score: 0
Moderators: Please note that "twitter" is a known fanatical psycophant whose obnoxious offtopic rants are legend here on Slashdot. It doesn't matter what the topic is, he'll find a way to scrape in some pointless Microsoft bashing. While nobody expects us to love Microsoft in any way, his particularly tepid style of calling anyone he replies to "troll" or "liar" because he happens to disagree with whatever they're saying is well documented and should not be rewarded. If anything, twitter is the type of person that should not be part of the open source/free software community. He is an anathema to all that is good about free software.
I'm posting this so that you (the moderator) have some context to consider twitter and not mod him up whenever he posts his filler preformatted rants about installing Knoppix or whatever that unfortunately get him karma every single time and allow him to continue posting his trademark toxic crap (read on) day in and day out. You may consider this a troll - I consider it community service. And I ain't kidding.
If you're a/. subscriber, I invite you to look through some of his posting history. I guarantee that you'll be hard pressed to find someone that is more "out there" than twitter. You'll also probably notice he's got quite an AC following. Don't just read his posts, make sure you go through the replies.
For example, in this recent post twitter not only calls the OP a troll but attempts to "tell it like it is" while making some vague argument about "GNU". Yes, if you're confused, you're not alone. The reply (modded +4) proceeds to simply destroy his bogus argument. You will notice he did not reply. This is what some people call "drive-by advocacy". A sort of I'll just leave you with my thoughts here and move on to the next flamebait kind of deal. In fact, he almost never replies because he knows that his fanatical arguments simply do not hold up to any sort of discussion. It's not that he's chosen the wrong cause - he's just going at it in a completely wrong way.
More? Just read though this post and the subsequent replies. I guess this stands on its own.
5:55am Monday Morning (Pacific Time), and they're still down. Pretty soon the Google Cache will be their main homepage I guess. I know, a cheap shot but can't help it!
-- ...in bed
Remember to talk like a pirate!
by
Anonymous Coward
·
· Score: 0
Repointing to 127.0.0.1 is fundamentally different than repointing to someone else's machine - as it is a loopback, each machine only has one machine "attacking" it, rather than a million other machines. Not so bad. And most of these machines wouldn't be trying to maintain availability on network services in any case.
Re:Eh - one big difference
by
zenofjazz
·
· Score: 1
Exactly my point.
This way the Denial of Service attack is simply bogging down the attacking machines, which might actually cause their owners to realize they've been compromised.
-- --
All That's Evil in the Geek Space...
Allthatsevil.wordpress.com
Well, SCO is back online, but predictably their contact page is offline. I was about to send a missive, but no dice. Let's keep trying to let them know our displeasure.
They seem to have gone one further (and one worse).
$ host www.sco.com
Host www.sco.com not found: 3(NXDOMAIN)
In my view, this is going to result in a much higher load on their name server than a localhost address with an 8 hour TTL.
On the other hand, sco.com still has an address (but is extremely slow).
does anybody know what was the address of sco.com? I'd like to check my firewall logs to see if/how many machines are infected.
-- Free Software: Like love, it grows best when given away.
Re: PLEASE be AWARE!
by
Anonymous Coward
·
· Score: 0
Don't know if people are still reading this thread, but Darl is (or somebody told him) this was snipped from notes of a talk that he gave at Harvard.
*snip* Slashdotted phone. I have not checked, but Darl claims that someone put his name, address, and home phone on Slashdot during the Superbowl, leading to a DoS attack on his home phone line. If this is true, someone tell the babies that this is not a game. Not cool, especially as it just plays into SCO's hands. *end snip*
Again, please don't play SCO's games. Let the truth speak for itself, people.
Slashdot Mirror
and just to be sure they get DoS'ed, you post a link to their website on slashdot.
Sunday isn't even a business day? How much money will they not lose?
Jonathanjk.com
I've got all my machines pinging the heck out of it, and they don't even have the virus.
The Political Programmer
SCO had plenty of time to prepare for this. They were well aware it was coming. I personally believe it's a publicity stunt. (which probably wouldn't surprise anybody around here).
120chars for a sig is teh suck
If you query their DNS servers, you'll see that they have removed the A records to their site.
So the traffic just won't get to them anyway..
"Hey! Unless this is a nude love-in, get the hell off my property!!"
all of you who have been reading Slashdot know that today MyDoom.A begins it's attack...
But, evidently, not all of you who have been reading Slashdot know the difference between "its" and "it's".
Why is SCO suing Microsoft ? It thinks they used some of their code or something ?
A DDOS like this will have a trivial effect on a company like SCO, whose business model does not depend on its web site. For Microsoft, though, it really might cut into their bottom line and esteem as a company. Let's hope something good comes out of this idiocy.
The flag just makes more sense than the constitution. - Judas Gutenberg
I could not get to their site, is it the virus or have they been slashdotted?
Until Saturday when MyDoom.S hits Slashdot..
Remember, don't make any jokes..
These comments are obviously the voice of the open source community and may be quoted as such in wired.com articles as fact...
On a side note, what happened to all the sites I saw three days ago that said the payload wouldn't work properly?
And what about the variant that was supposed to target Microsoft?
Thinking outside my Head
we slashdotters didn't have to read an article and we didn't have to waste time slashdotting sco.com anyway!
Jonathanjk.com
From this page:
The DoS attack will start at 16:09:18 UTC (08:09:18 PST) on February 1, 2004. The worm checks the local system time and date to determine if it should initiate the DoS attack
I'm typing this and the time is currently 14:30UTC.
For those who are interested, it does appear to work in wine, before the news of it reached slashdot, I ran a copy of it in controlled conditions under Wine to see what it would do. It appears to be mainly a spam relay with SCO DOS'ing added as an afterthought.
I'm trying to remember who in the Linux community was quoted in the Wall Street Journal as saying "Let's take the high road." We should do just that. We all know that SCO doesn't have a leg to stand on. Let's let them sink themsleves.
There is no spoon or sig.
SCO may be making spurious claims to IP they don't actually own, but the moron that coded this deserves nothing less than the utter disdain of proponents of the Open Source movement.
--
Hanlon's Razor: Never attribute to malice that which is adequately explained by stupidity.
"Never attribute to malice that which is adequately explained by stupidity." - Hanlon's Razor
What I want to know is how many people infected their computers on purpose and how man just didin't remove the virus after they found it? Most prople won't do a criminal act will but ignoring somebody elses?
"A good friend will bail you out of jail. A true friend will be sitting next to you saying, 'damn....that was fun!'"
The server, the server, the server is on fire!
We dont need no SCO let the #*($&# burn!
Course it's not funny they will just say "The terrorist group "Linux Community" has claimed responsibility for the attacks" and declare us part of the axis of weasel like they did the other day on CNN.
Check out: http://uptime.netcraft.com/up/graph/?host=sco.com
Apparently SCO are running Linux.
They just didn't want to see if Linux could hack the pressure.
[ Monday is a terrible way to spend one seventh of your life. ]
Does anyone believe that this will do anything except help SCO? It associates their enemies (IBM, Linux), with worm/virus creators and spammers. If this sort of thing keeps up, the US Legislative and Executive branches will actively take the side of SCO and MS against Linux and it's "hackers".
What do they need a website for anyway? Their only business is lawsuits and press releases.
What's the difference between writing a virus that targets sco.com and posting a link to sco.com in a slashdot story?
Anyone? Bueller?
"If you want to improve, be content to be thought foolish and stupid." - Epictetus
LOLZ!
OpenBSD journal was commenting on how SCO moved their servers to OBSD: http://www.deadly.org/article.php3?sid=20040131082 431
Not even the might of OpenBSD web servers can stand up to a mass of infected windows boxen - watch out Microsoft, they're coming your way soon!
if i was crazy.
--- any post that takes longer than 20 seconds to write, isn't worth writing
Some news about the SCO dns:a y_morning_and_wwwscocom_is_still_in_the_dns.html
o .com
http://news.netcraft.com/archives/2004/02/01/sund
And graphs showing the results:
http://uptime.netcraft.com/perf/graph?site=www.sc
"all of you who have been reading Slashdot know that today MyDoom.A begins it's attack"
Actually I have been reading Slashdot and I have little idea what MyDoom does. Switching to a Mac has allowed me the pleasure of remaining virus/worm ignorant. It feels great. Of course I'll be pissed if I can't access my favorite websites (of which Microsoft.com and SCO.com are not two).
pretty soon they're going to have to find a new backbone with all this publicity.
Great, can't wait to see M$ being hit :) Next I'm gonna sue the hacker for copying our code!
Cheerio,
~Darl
It really is a sad day...
(Snap snap, grin grin, wink wink, nudge nudge, say no more?)
-- The morphemes of your disquisition are ascertainable, but they have eschewed an ambit of transpicuous exposition.
I checked on the way to bed.. they were gone already.
---- Booth was a patriot ----
If we had slashdotted them hard enough and often enough, then SCO would have been able to handle the traffic. So it is our fault for not giving them a high enough baseline to make the DOS attack look like noise.
hmm.. i just loaded the page.. hmm... WTF? Is it DOSed or not?
about the linux community? it doesn't make our case over SCO any less powerful, and obvious. We're innocent, until SCO proves otherwise, we all know they can't/won't do that, so whereas we may look to be the bad guys NOW, the linux community will continue, whereas SCO is on a deadline, and they're going to come off worse than anyone.
--- any post that takes longer than 20 seconds to write, isn't worth writing
Yeah! Like that is sooo untrue. Next they are going to be saying that the Linux community is a bunch of overweight hippies who never get any exercise and live off a diet of potatoe chips and caffine. There is not the slightest evidence to back those claims.
Besides the guy can not be an OSS guy, other wise he would not have only released his code on the closed proprietary Windows platform.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Just like the IBM lawsuit... ;-)
I don't advocate virus attacks to further the OSS community's aims...all Linux software authors and organizations ought to be suing SCO instead. That kind of attack will cost them real money and time, and won't generate any sympathy from anyone (who's sane anyhow).
Galileo: "The Earth revolves around the Sun!"
Score: -1 100% Flamebait
Anyone have a SCO mirror? :)
CB
free ipod and free gmail!
Only for educative purposes, of course.
-Woof woof woof!
poor sco..
*sniffle*
The A record is still there... listed as 216.250.128.12. (I queried the actual server, not a cache)
Friends don't help friends install M$ junk.
Well they should have taken Netcraft joke advice seriously and change the www.sco.com A pointer towards 127.0.0.1 or similar.
It isn't as if they have anything anyone wants to buy.
It seems my ISP has added a DNS entry to their name servers for www.sco.com pointing to 127.0.0.1. It does have a low TTL (primary: 107?, secondary: 300), but I wonder how long they'll continue this?
Someone at some point might actually want to visit www.sco.com ... nah, probably not. ;-)
zWhat would an EWOULDBLOCK block, if an EWOULDBLOCK could block would? -- me
That could bring the server down without the need for any dos'es.
Although I certainly don't approve of these malicious virii, I can't help but think that Microsoft is partially responsible for the attacks on itself. Maybe this will be a wake up call to them that security on Windows sucks ass. It's getting downright dangerous to be using Microsoft products these days, and even if Microsoft doesn't agree, their customers, and their shareholders, might.
It has been on and off and on and off all night long. And today is not February 3rd. Sounds strange.
According to heise.de(in English) MyDoom.B is not nearly as widespread as the A-version. According to the article the A-version just had a good start, because it was distributed through an IRC-Botnet. So we will probably not see microsoft.com going down.
Allowing it to install for the DDoS capability would be debateable, depending on what side of the SCO argument you may be on, but personally I wouldn't want the back door trojan that also installs on your machine at the same time.... I have a 15 year old son and the best advice I have given him concerning our home computer is similar to the old anti-drug commercials...'Just say No' when asked to install something. Has worked wonders. If he has a question about something, he asks me or phones me....wish most other clueless ID10T users would follow same advices....world would be a better place...
You're messin' with my Zen Thing, man.....
What I don't get is how this virus spread so far, considering how hard it must to be get infected by it. You'd have to go out of your way to get infected since the spreads its self as zip compressed attachment.
I can understand how past viri have spread so quickly taking advantages of exploits in Outlook and Windows RPC etc, but this doesn't seem to use any exploits what so ever.
Is it just a lot of stupid users or I am missing something?
aus.music.scrapbook
Even if SCO recovers from the virus, it'll get Slashdotted soon!!
There was a story posted "Refuting tall-tales and stories about the Mydoom worms" which can be found at:
t
http://www.math.org.il/mydoom-facts.txt
It contains the Time Table for the attack along with reverse engineering analysis of the DoS component in Mydoom.
You might also want to check:
http://www.math.org.il/newworm-digest1.tx
Which contains an analysis and reverse engineering bits for Mydoom.A>
This virus is painting the Linux community as a bunch of petulant adolescents - regardless of who's doing it.
No, it's not. The media (and SCO, et al for obvious reasons) is painting the F/OSS community as adolescents
Yeah! Like that is sooo untrue. Next they are going to be saying that the Linux community is a bunch of overweight hippies who never get any exercise and live off a diet of potatoe chips and caffine. There is not the slightest evidence to back those claims.
Funny, i thought the linux community DOES consist of a bunch of overweight hippies who never get any excercise and live off a diet of potato chips and caffiene.
"While we expect this attack to continue throughout the next few weeks, we have a series of contingency plans to deal with this problem and we will begin communicating those plans on Monday morning," Jeff Carlon, worldwide director of Information Technology infrastructure, The SCO Group, said in the statement.
Why wait till Monday to announce what you are going to do? Any normal company would have named it's contingency plan in advance and have executed it before the attack. You tested it in Wine, I'm sure that even SCO lawyers could have tested a Windoze machine by changing the clock. They should know what the virus is going to do to them and how to block it. Nothing from SCO ever makes sense.
Well, what do you expect from a company that cease and dissist extortion letters without telling you how you have infringed? Par for the SCO deal, they are sucking this for all that it's worth.
Chances are that they or Microsoft wrote the damn virus. No one else really cares.
Friends don't help friends install M$ junk.
Ok, I guess I'm a Troll. My point was that we don't all live in perpetual fear of being unwitting pawns in a zombie DDoS attack. Since I don't run Outlook under Windows I don't pay much attention to the media hype over these worms. I'm assuming it is more interesting to the Slashdot crowd because of the SCO angle. That said it does affect me if I can't get my email or view sites I want, but I am not otherwise personally concerned.
"Anyone have a SCO mirror?"
Queen: "Magic mirror, on the wall, who is the fairest of them all?"
SCO Mirror: "SCO owns the features that make the human nose, eyes, and cheeks 'fair'. Snow White will be hearing from our lawyers promptly."
G
what about this and that?
Stop srpeading their nonsense.
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
This is gonna be exciting, eh!
me goes to get popcorn
site is getting slow, here's the Google cached page!
CB
free ipod and free gmail!
www.sco.com has address 216.250.128.12
traceroute to 216.250.128.12 (216.250.128.12), 30 hops max, 38 byte packets
1 66.182.216.1 (66.182.216.1) 44.788 ms 45.293 ms 45.307 ms
2 iah-edge-13.inet.qwest.net (63.149.189.73) 51.143 ms 54.774 ms 51.355 ms
3 iah-core-02.inet.qwest.net (205.171.31.142) 54.766 ms 51.816 ms 56.265 ms
4 dal-core-01.inet.qwest.net (205.171.8.125) 56.562 ms 56.563 ms 58.236 ms
5 dal-core-02.inet.qwest.net (205.171.25.130) 58.450 ms 54.056 ms 58.734 ms
6 dap-brdr-01.inet.qwest.net (205.171.225.2) 231.204 ms 99.812 ms 92.647 ms
7 p3-2.IR1.Dallas2-TX.us.xo.net (206.111.5.13) 59.997 ms 61.537 ms 77.399 ms
8 p5-2-0-3.RAR1.Dallas-TX.us.xo.net (65.106.4.197) 55.789 ms 60.882 ms 57.735 ms
9 p0-0-0-1.RAR2.Dallas-TX.us.xo.net (65.106.1.42) 57.992 ms 63.093 ms 58.382 ms
10 p1-0-0.RAR2.Denver-CO.us.xo.net (65.106.0.41) 89.096 ms 93.724 ms 93.356 ms
11 p0-0-0-2.RAR1.Denver-CO.us.xo.net (65.106.1.81) 89.825 ms 84.570 ms 85.701 ms
12 p4-0-0.MAR1.SaltLake-UT.us.xo.net (65.106.6.74) 109.317 ms 98.882 ms 314.447 ms
13 p0-0.CHR1.SaltLake-UT.us.xo.net (207.88.83.42) 104.638 ms 99.345 ms 104.216 ms
14 205.158.14.114.ptr.us.xo.net (205.158.14.114) 100.682 ms 105.112 ms 101.775 ms
15 * * *
linuxupdate.sco.com has address 216.250.128.241
traceroute to 216.250.128.241 (216.250.128.241), 30 hops max, 38 byte packets
1 66.182.216.1 (66.182.216.1) 48.151 ms 89.228 ms 47.732 ms
2 iah-edge-13.inet.qwest.net (63.149.189.73) 51.187 ms 49.542 ms 52.654 ms
3 iah-core-02.inet.qwest.net (205.171.31.142) 53.441 ms 101.028 ms 53.714 ms
4 dal-core-01.inet.qwest.net (205.171.8.125) 319.413 ms 57.257 ms 59.600 ms
5 dal-core-02.inet.qwest.net (205.171.25.130) 57.595 ms 55.800 ms 57.578 ms
6 dap-brdr-01.inet.qwest.net (205.171.225.2) 61.077 ms 56.746 ms 59.109 ms
7 p3-2.IR1.Dallas2-TX.us.xo.net (206.111.5.13) 59.587 ms 54.717 ms 59.362 ms
8 p5-2-0-3.RAR1.Dallas-TX.us.xo.net (65.106.4.197) 60.098 ms 61.397 ms 58.609 ms
9 p0-0-0-1.RAR2.Dallas-TX.us.xo.net (65.106.1.42) 67.524 ms 59.960 ms 71.663 ms
10 p1-0-0.RAR2.Denver-CO.us.xo.net (65.106.0.41) 93.370 ms 113.441 ms 92.632 ms
11 p0-0-0-2.RAR1.Denver-CO.us.xo.net (65.106.1.81) 89.880 ms 85.503 ms 85.974 ms
12 p4-0-0.MAR1.SaltLake-UT.us.xo.net (65.106.6.74) 98.055 ms 97.907 ms 98.232 ms
13 p0-0.CHR1.SaltLake-UT.us.xo.net (207.88.83.42) 99.287 ms 96.170 ms 99.050 ms
14 205.158.14.114.ptr.us.xo.net (205.158.14.114) 101.741 ms 104.765 ms 100.452 ms
15 c7pub-216-250-136-254.center7.com (216.250.136.254) 106.771 ms 100.281 ms 105.686 ms
16 linuxupdate.sco.com (216.250.128.241) 106.443 ms 107.751 ms 105.682 ms
Your hair look like poop, Bob! - Wanker.
As a Linux geek I must admit to a small snicker at SCO's misfortune here, but it is definately not the right way to go about solving the SCO problem. All publicity is *NOT* good publicity, and the last thing we need is the world to think "Linux == Geeks spreading virii". I've been taking pains to point out the spam connection with the MyDoom virus, and I think that's the angle we should persue here. I can only hope that the next looser who DOSes SCO gives us as easy an "its not us" angle.
"Mission Accomplished" -- George W. Bush May 1, 2003
litigious bastards, and point it towards caldera.com, not sco.com (caldera.com isn't blocked from the results by google, but sco is)
If a SCO web site falls in a forest, and nobody is paying attention, does Darl make a sound?
SCO going down down down quicker than their lawyers can file a lawsuit. The press lamenting about how SCO "has drawn the ire of the so-called 'open source' programming community."
This is a pretty rudimentary DoS as far as I know (correct me if I'm wrong). Complex, no:
GET / HTTP/1.1\r\nHost: www.sco.com\r\n\r\n"
What is really causing the problem here is our old friend Microsoft and it inability to keep viruses off its hard drive, and the fact that even with all the press a large number of infected machines haven't been fixed yet.
Bugtraq has had a lot of stuff on this of course:
http://www.math.org.il/newworm-digest1.txt.
Has anyone asked the question of: with all of its intellectual power and original ideas, why hasn't sco put in place a server farm (http://www.squid-cache.org perhaps) and some nice load balancers (across multiple pipes) to serve up their damned homepage?!
I've been concerned about exactly the same thing. Regardless of where the virus really came from, the fact that SCO and MS were targeted may well have an impact on coming legal and public relations struggles that are important to the Open Source community. Don't think for a minute that this isn't understood completely by strategists at those two companies (as well as others that are threatened by the OS model). There is a lot at stake.
I just visited sco.com to see if I can get through, but apparently the Apache default page is coming up. Why is SCO using free software when they claim teh GPL is void and invalid?
"Quantity has a quality all its own." - Joseph Stalin
For those of you who don't understand the historical context, Stalin was saying that even though the Russian soldier might be the inferior to the German soldier quality-wise, there were far more Russian soldiers than Germans. In this case:
infected Windows boxes == Russian soldiers
OpenBSD == German soldiers.
Guess who's gonna win?
Curiously, this article seems to imply that there was a political agenda behind DDoSing SCO - but to quote Mikko Hypponen of F-secure a bit more:
"It's also possible the attack against SCO is just a smokescreen to misdirect attention away from the backdoor component in the virus - which is most likely included in order to facilitate sending of spam email messages."
Similiar, albeit longer, quote from him asserting that indeed spammers were behind this worm was in the local newspaper on Friday, but it's in Finnish and I'm too lazy to translate it. But the above quote can be found here.
"I wish it wouldn't happen. This virus is painting the Linux community as a bunch of petulant adolescents"
In case anyone still thinks this virus is related to linux people, let's put it as bluntly as we can:
Spammers have created yet another virus to send their emails, not caring about the cost to you, your computer, the law, or the internet in general
If you believed the spammer lies about how you've opted in to something, or how this is their freedom of speech, or how you can just press delete, then this should be the evidence you need: spammers are prepared to take down the entire internet for their own personal gain.
If anybody has bought anything advertised by email, or is considering doing so, or knows anybody who buys from email advertisements, then please be aware: you are supporting the criminals who are deliberately and maliciously attacking your computer, and the computers of your friends. Their programs are constantly bombarding your computer, where any mistake you make could lead to your computer becoming unusable by you, and being used to send illegal emails in vast quantities to the computers of others.
If any newspaper editor is reading this, and thinks "it's attacking SCO, it must be programmed by a Linux advocate", wake up and smell the misdirection. The DDOS in this virus was added as an afterthought. "Virus creation wizard step 6: you are nearly finished creating your virus. now type the name of a website you want it to attack"
1. This virus makes a machine an open relay. Considering recent legislation and other anti-spam techniques I smell spammer bovine feces here.
2. More and more spammers used high jacked machines for DNS, web service as well as relaying their crap. spammers Check out the nanae news group for more examples
3. The open source community is coming up with various anti-spam measures. Don't you think the spammers would love painting their enemy as petulant child - as they have proven themselves to be?
MyDOOM isn't the open source community pissing on on SCO, it's spammers pissing on all of us.
AngryPeopleRule
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
From a list that I am on, there was consideration that routes to SCO may be dropped due to the expected traffic to SCO. The plans were to null route the traffic at the edge of individual AS's.
well the virs isnt funny as they will blame linux users for it but then again they blame linux users for everything even there failing busness. but thats sco for you but last i rember isnt it m$ that kills small busness and new oses humm lol. but its still funny to see them doesed for real this time lol we all knoe there last 5 million clames of being dosed where fake.
Whats not to like.
The difference between Canada and the USA is that in Canada healthcare is a right and gun ownership is a privilege.
Realistically, who the hell even goes to the SCO website. They've got so few new potential customers anyway (I would put the number at zero). Current UnixWare users doubtfully visit their website very much anyway.
Their website being down is more of a symbol. A symbol to them of "Look at what they are doing to us". It's obviously not very important to them anyway seeing as how in the past they've taken it down for hours to days at a time for "server upgrades". If it were that critical to them, they wouldn't have had downtime. But it was cheaper to take it down and do what they needed to do to spend the money to keep it up during upgrades.
Anyway, SCO can eat apple sauce out of my ass with a spoon.
A refreshingly different Point of view.
...sco.com is only down because it's on the front page of Slashdot!
CAn'T CompreHend SARcaSm?
I think a lot of folks have mixed feelings on this on.
"It is a greater offense to steal men's labor, than their clothes"
Anyway, there are probably enough machines running in sync so the fireworks should be impressive at 1609Z.
If any newspaper is interested in the list of people most likely to benefit from the actions of this virus, and most likely to have been involved in writing it, there is a list available here
I tried to see if www.sco.com was DOSsed, but I was unable to load the site. Can someone please tell me?
What was that mod smoking?
This virus doesn't run under Linux as far as I know. Obviously it's the Windows community that's the problem.
...according to NetCraft, they're running BSD...
<rimshot/>
Thanks, I'll be here all week.
I am NaN
So how long before the Virus gets intside MS and attack all there servers internally. I would of thought anyway that if all the virus are using the same packet type/port that the upstreams could just filter out those types of packets
Rus
CPanel + Root from $35/mo - 10% off with discount code SLASHDOT
i want to be part of DDOS attack!
dammit! why are mac users always left out of the fun?! >_
I mean, as soon as I saw the entry, I eagerly visited their site to see if it's reachable. How many /.ers are doing the same?
To err is human, but to forgive is beyond the scope of the Operating System...
Microsoft's great feature, put there expecially for virus writers' social engineering attacks (well, there is no other real use).
.zip files and you see abcdef.txt.exe (or .pif), etc.
.txt file.
Look inside those
Muggins end user opens what (s)he's been tricked into thinking is a
Boom.
If Microsoft is at all serious about security they'd issue a patch for all their operating systems disabling this "feature" for all time.
So, this is for all those book learners who take potshots at those who try to communicate it verbally...
I call it sko,as in sco servers, sco unix, from way back. Is the SCO Group, now the Ess See Oh Group?
See, a windows user just modded me down!
Jonathanjk.com
I think you mean "potato".
Your name isn't Dan Quayle is it?
I can see that it might cut into the public perception of MS as a company - but is their website really a major factor in their business?
Some guy on winnetmag obviously thinks they should be offline, they must have brought it upon themselves, as he seems to think the virus is the fault of UNIX. he says that "A new email virus called MyDoom is spreading rapidly across the Internet through UNIX mail servers, bringing with it a dangerous attachment that, when opened, can give attackers access to users' computers through an electronic backdoor."
sheesh where do they get these people
I'm not sure which quote from the article I think is worse - referring to it as the "so-called 'open source' movement, or refering to infected computers as an "army of zombie PCs."
Either way, wow. What a terrible article.
Anyway, it should be easy to distance the open source community from this virus - it's not as though the writer of it released the source or anything, or put it out under the GPL.
Though there would be something dryly amusing if he had.
Philip Sandifer's academic website
I checked last night at about 10PM EST and it was gone. I suppose there could of been enough people to the east of me to take it down but perhaps they took it down themselves.
:thumbs up:
And just to make sure it stays down a bit longer, throw one of those links in to the post
_________ Help me get a PSP!
Law and order are more important than any disagreement over copyright. People who willfully violate copyrights by circulating warez & Mp3's against the copyright owners' express permissions, spammers, and crackers creating malware, none of them are of any use to the open source community.
Open source is about respect for copyright, our choice of the terms of the copyright (ie. GPL) is the disagreement with those companies, and we have an legal disagreement about some ownership issues. That does not give anyone the right to behave in a criminal fashion.
"Vigilante Justice" is an oxymoron.
They're not the ones to feel sorry for.
The source of MyDoom may be unclear, but much clearer is that it is a stunning PR win for SCO, and to a somewhat lesser degree, Microsoft. The anti-linux publicity from having their site knocked down is many orders of magnitude better than any publicity or business generated by having it stay up. So, far from doom and gloom, this is entirely to SCO and Microsoft's benefit.
I hope that MyDoom is not the work of Linux zealots. But if it is, and if any of the responsible parties read this, you should know that it is not appreciated. This juvenile act of revenge, far from damaging SCO and Microsoft, has instead handed them their greatest victory so far.
With friends like that, who needs enemies?
Sometime last night they did change it actually. And then in the middle of the night (3AM EST or somewhere about) they added it again. So for a few hours it was gone. But for whatever reason brought it back.
Of course, deliberately allowing the DDOS attack to work has the convenient side effect of denying access to all of the damaging evidence on their website revealed in yesterday's groklaw article. Maybe that's why they have decided not to take the simple steps necessary to prevent the attack.
The cynic in me wonders if when the website comes back up, SCO is going to claim that "certain web pages" were destroyed by the attack.
Is the internet telescope (also here) observing any DOS related activity? I've googled for information and not found anything that displays current (updated on the order of minutes/hours rather than days) data.
reuters ios incorrect..see
Netcrafts website..
Don't Tread on OpenSource
do
lynx --dump http://www.sco.com/ 2>&1 >
done &
Stay tuned for Tuesday when MyDoom.B hits Microsoft...
t CNAME www2.microsoft.akadns.net ...
Umm yeah. One problem with that - Microsoft sucked it up and went to Akamai after the last virus killed their website (even though it caused their website to appear to be running Linux for a while), so now trying to DoS microsoft.com would just be a total waste of time.
www.microsoft.com CNAME www.microsoft.akadns.net
www.microsoft.akadns.ne
Please read the links and mod parent up.
One line blog. I hear that they're called Twitters now.
s/email/spam/g
Take a breath, sport. There are legitimate email advertisements. That's why Computer Geeks gets some of my money, and why the whole damn spam debate is so hard to clearly delineate. When you want to go off on criminal spammers, use a little more linguistic precision.
</rant>
Mail? Put "slashdot" in the subject to pass the spam filters.
it was a week or so before matrix reloaded came out. some guy posts an insightful comment, but near the bottom of the post; he interjects 'trinity dies in the matrix' somewhere. i thought it was quite entertaining :)
Hi, Virus writer here. I just want to apologize to SCO. What I really meant to do was DDOS the Society For Creative Anachronism. Stupid typos! Sorry.
The virus was going to hit at 16:something hour. I checked the SCO website this night at 1:30 (CET) and then it was already offline. No reply no more
My guess is they took it offline themselves. Or they applied one of the tricks from yesterdays netcraft post.
The site where: "I'm right, as long as you ignore the things that prove me wrong", became a valid method of debate.
I'm not wizz at internal networking stuffs but it seams to me like any attack that requires flooding of any kind would be extremely simple to block. Is it that hard to monitor the same IP hitting you a X rate? If not then block it! This should be a standard piece of software on all servers... am I missing something here? Or is this something like UDP which is 'connectionless' so you couldn't block any particular IP(s)? (I thought TCP no UDP was used in http).
Isn't the reason for this virus is the lack of security measure in Windows?
I love the idea that some people who are stupid enough to become infected with MyDoom are also apparently stupid enough to not know how to set their clocks correctly.
In fact, the highest road to take here would be to offer to extend (without embracing, thank you) a hand to SCO and MS in helping them "brace for the storm". Maybe too late for SCO, but perhaps MS?
Then, when the FUD flies later, the Open Source community could show some sort of a documented effort to actually reach out and help them, "united together" against the spamming scum that came up with this virus.
At least it could give us some nice anti-FUD publicity to go along with all the rest...
-- You are in a maze of little, twisty passages, all different... --
" Title: SCO Says Worm Hasn't Hit Yet; ISPs Are Blocking Them...Right. That's the Ticket.
Author: PJ
Date: Sunday, February 01 2004 @ 02:02 AM EST
The latest from Lindon is that Blake Stowell said on Saturday that MyDoom hadn't hit them yet. The reason they were not reachable was because ISPs have been blocking them. Huh? What about all those interviews? They told the world for days and the SEC in an official filing that MyDoom had hit them already.
Somebody must have finally told SCO that MyDoom was timed for today.Woops.
So now the story is that it's ISPs that are blocking their site, and of course no one in the media remembers what Darl and Co. said just a day or two ago, so of course there are no followup questions. They just print whatever SCO tells them: "US software maker SCO, target of the Mydoom computer virus, said Internet access providers had hobbled its website, fearing infection by what may be the fastest-growing worm ever. "'There are Internet service providers around the world who are blocking access to SCO,' company spokesman Blake Stowell said, adding it was because they believe they !"
OK everybody, lets start jumping to conclusions!
C|N>K
what luck! ...
...
a customer opened the email attachment (maybe he was
on a sabotage mission from "the other shop")
in my shop but all it displayed was the computer
giberish in the zip file
strange, he didn't complain and left rather fast
after that
*puh*
Our network was "down" for several hours because the DDoSers used up all the bandwidth... As much as I hate SCO, I want my porn, damnit!
read the bunni comic
Naa, that's a bogus way to think about it.
I think anyone with half a brain realizes that this isn't the "Linux Community" that does these things, but a small rogue group of people. Since SCO is the big moron of the day, they get the DoS. If not, it would have been Microsoft, probably.
I've talked to a lot of people about this, and none of them think any less of Linux or OSS because of it. It doesn't change the fact that much OSS is high quality software.
- It's not the Macs I hate. It's Digg users. -
Don't forget to click that PayPal link! Being Slashdotted on a daily basis isn't free, ya know! Just think if even half the readers here who follow the SCO fiasco paid just $10.
*cue Sally Struthers*
"MyDoom worm linked to Russian sources"
.b-lou
How can you absolutely be sure that this virus was created by spammers? It could have been someone how uses linux and is pissed at SCO, or it could have been some Windows user who hates linux and sco. Maybe it was even some crazy mac user who hates, windows, linux, and sco and decided to punish them all in one swift blow. The point is, that you will never have any idea who actually created this virus. It could have been anybody on earth, associated with any operating system and any ideal. So, lets stop speculating about who created it and find ways to make things like this go away (ie: fix windows).
SIGFAULT
There are many people out there who think computer viruses are just part of computing and that there's little to be done about it. It's similar to the many people who think crashing is also just a part of computing. Take the same people and put them on a computer running either Mac OS X or Linux and, after a few days, you get an an astonished statement back: "It doesn't crash!"
The media should rake Microsoft over the coals every time this happens. Bill Gates should personally tried to be reached every time for comment/inverview on CNN. The problem is the media doesn't know any better.
If you reply, do so only to what I explicitly wrote. If I didn't write it, don't assume or infer it.
It's or its? Grammar police!!
sounds like the commerical i seen on TV..
Spider Man 2 coming out Sunday, Feb 01 this winter.
Lord of Rings 4 coming out Tuesday, Feb 03 this winter.
FANS CAN'T WAIT TO SEE.
ZOUNDS! We can't have any fags flamming around here! Maybe we should burn them instead!
What bullshit. Just make up a fucking target, call it "evidence", and viola! Better than actually finding out, ain't it? Make it sound really true by having the text stand out, that always works.
The saddest part is that this crap gets modded "insightful". Says far more about the slashdot crowd than any rumors about their part in this whole issue.
I wonder how many people who knew about this virus let it through in order to attack SCO/Microsoft. I haven't had a virus in years, I don't know why I even have an antivirus/firewall, you can look at the processes list and netstat to see if any process has opened a suspicious port. Anyway BitDefender hasn't said anything about MyDoom. BitDefender is the other good Romanian antivirus/firewall (BitDefender Pro has a firewall too) which hasn't been bought by Microsoft, which took RAV's business. I remember that they were giving BitDefender with 60% off for those who bought RAV when that happened last year. It is cheap, fast, and less bloated than Norton, McAffe and other crap, and has a linux version too.
"Even if it turns out that the writter is a Linux fanatic, you can't hold the whole community responsibe for the actions of one individual."
"It shows once again that windows is a virus ridden insecure platform."
Maybe you can't hold a whole community responsible for something, but you can sure hold another community responsible for it.
Use Evolution instead of Outlook? Bewa
Sorry, but it still amazes me how even /. does not seem to apply simple spellchecks.
Separate the contraction to see whether you're using the proper term.
It's Feb. 1st everyone... and all of you who have been reading Slashdot know that today MyDoom.A begins it's attack...
It is February 1st everyone -- check, good
and all of you who have been reading Slashdot know that today MyDoom.A begins it is attack -- doesn't check, not good
I don't expect anally-perfect grammar, but at least its/it's should have that check done, either by the submitter or the editor posting the story.
Human nature is the same everywhere; the modes only are different. -- Earl of Chesterfield
Reap what you have Scown.
Thy justice be done.
Why wait till Tuesday?
Advance your system clock.
So there are hundreds of thousands of computers infected with this virus. I believe that the attack is designed to expire in a couple of weeks, but what if it didn't?
I suspect that many of these users don't even know they're infected. They're not running AV software (or it's not updated). All they see is that their internet connection is kinda slow.
These computers will likely remain infected forever, and apparently with a back door installed to use them for future attacks.
Do the major ISPs have any programs in place for limiting this effect? I'd really love for hundreds of thousands of users to be getting phone calls right now saying, "Hi, you appear to be DDOSing SCO. We're turning off your account and it won't be turned on again until you're virus free."
I also read somewhere that the backdoor is listening on some particular port. Perhaps ISPs should start scanning connections to see who's listening on that port and threaten to cut off service unless you can demonstrate you're not infected. I'm sure there would be unfortunate incidents, since I don't know who else is using that port, but it seems like an important first step towards preventing a potentially serious internet meltdown in upcoming months.
the US Legislative and Executive branches are Fucked! why are you even considerring them?! they are allready merely puppets of corporations like Microsoft. it doesn't matter what you, or anyone else does, the damage has been done...all we have to do is wait for the effects. mabye if there wasn't control structures in place and these very same interests willing to screw over linux as we speak your voice would be meaningful, but this is not the case, and it's only a matter of time before 'associates with worm/virus writers/spammers' is equivilent or lesser than what 'linux user' means for a person. you are trying to justify something by claiming an unstable vicious and no one should care what they could potentially think about anything -- it is not they that do the thinking, and it is not they who we need to worry about offending. follow the money.
GENERATION 26: The first time you see this, copy it into your sig on any forum and add 1 to the generation.
"What bullshit. Just make up a fucking target, all it "evidence", and viola! Better than actually finding out, ain't it?"
Newspapers are already publishing their accusations, based on much slimmer evidence than that, that Free Software programmers were beind this virus.
Nope, it's not evidence, and we don't know who wrote the virus. We do know, however, that its primary purpose is to enable the sending of bulk email. We do know that this type of virus became popular after spammers became unable to purchase their own internet connectivity. We do know that this type of virus conveniently bypasses the IP-address based spamfilters that had been working so well to stop spam. We do know that the first instance of this type of virus was designed to attack anti-spam groups, which it did very successfully. We don't know exactly who wrote which virus, but we can make some guesses. It's possible that the usefulness of this type of virus for doing exactly what the spammers want to do may just be an inintended side-effect. It's possible that someone spent many hours perfecting their distributed spam-sending virus by accident, for a different purpose, or to give spammers a bad name (now that's a redundant idea if ever I heard one). But whatever their intentions, their creation is now being used to deliver bulk email.
When someone writes a virus, and that virus is designed to send spam, why should we not conclude that the virus-writer is a spammer? The best you could say about them is that they might only be an unintentional accessory to spammers
and pretend I'm not happy, right?
All this does is make the open-source community look like a bunch of whinebabies. People with techincal superiority, using that power against SCO instead of waiting to see how things turn out in court.
.1% of the people are the ones that are doing the talking when doing something like this. All this does is hurt the cause that Linus, the OSI, the FSF, and all the linux geeks have been working so hard to defend.
:(.
It doesn't matter that 99.9% of the open-source community is not malicious like this. The
I don't condone what Darl and SCO are trying to do, but I don't condone people doing this sort of thing either. "Hackers" (as opposed to "crackers") everywhere look bad when this happens, and ultimately confirm the malicious intent that most peope believe "hackers" to have.
This is a sad day for Linux and opensource if you ask me
check out shematic in that reuters article. not only SCO is DOSed but some software firm SGO too :-) btw there is some cool looking worm in that pic.
1. Buy some landmines on eBay.
2. Let evolution work.
Kjella
Live today, because you never know what tomorrow brings
traceroute to www.sco.com (216.250.128.12), 30 hops max, 38 byte packets 4 CDRRIACPH00CA01-AT1-0-1.mcleodusa.net (64.198.101.69) 18.068 ms 8.879 ms 9.771 ms 5 64-198-101-193.ip.mcleodusa.net (64.198.101.193) 32.402 ms 23.430 ms 22.699 ms 6 so-3-1.hsa1.Chicago1.Level3.net (64.154.65.65) 22.376 ms 23.189 ms 31.829 ms 7 unknown.Level3.net (64.159.1.225) 22.754 ms 23.325 ms 22.785 ms 8 so-7-0-0.edge1.Chicago1.Level3.net (209.244.8.14) 22.958 ms 22.558 ms 22.114 ms 9 xo-level3-oc12.Chicago1.Level3.net (209.0.225.14) 21.979 ms 23.040 ms 22.435 ms 10 p5-0-0.RAR1.Chicago-IL.us.xo.net (65.106.6.133) 22.390 ms 24.080 ms * 11 p6-0-0.RAR2.Denver-CO.us.xo.net (65.106.0.25) 47.023 ms 45.820 ms 46.428 ms 12 p0-0-0-2.RAR1.Denver-CO.us.xo.net (65.106.1.81) 54.374 ms 48.400 ms 46.745 ms 13 p4-0-0.MAR1.SaltLake-UT.us.xo.net (65.106.6.74) 57.846 ms 60.157 ms 57.974 ms 14 p0-0.CHR1.SaltLake-UT.us.xo.net (207.88.83.42) 58.014 ms 58.561 ms 58.608 ms 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * SCO, meet MyDoom
why are you paying attention to said reporter? we know he's a slanderous moron who doesn't understand the story? we know that they lie daily to Joe Nobody and that for it Joe has a worldview that is so full of shit that i can smell it wherever i go...and worse, that nobody out there cares.
why is this an issue? we *know* that if slashdot is something important or if slashdot is something with lots of activity that it will be used as a tool in some sort of reinforcement of some reporter/media exec's delusions...why is this worth considerring actions/value against?
GENERATION 26: The first time you see this, copy it into your sig on any forum and add 1 to the generation.
For the record, I really try to give users the benefits of the doubt when it comes to technology. But there comes a point when - you just throw your hands up. You know it - we've all been there.
We're an Exchange/Outlook shop (but in the past 2.5 years have only had ONE machine infected with anything). If you've used Outlook, you know that when you create a new meeting request or appointment, you can easily adjust the time on the calendar form or on the appointment form itself.
Our new conference call scheduling system uses standard Outlook forms and sends email message out to participants. The other day, I got a call from an irate user telling me that her people had been telling her for weeks that 1/2 hour is simply too short for their calls. She was mad that we hadn't fixed this glaring problem yet. I calmly told her that she just needs to adjust the start and end times of the appointment...
I guess it woldn't frustrate me so much if we didn't get multiple similar calls eveyr single day from the same user!
Rush Limbaugh once gave out the Capitol Hill switchboard number on the air and had it promply shut down under the load of calls. He hasn't done it since.
"Heck, we can't use the companies that offer mirroring services - they're all running linux! Quick! Go buy 10000 Windows Server 2003 boxen, we need to setup some mirrors!"
"While we expect this attack to continue throughout the next few weeks, we have a series of contingency plans to deal with this problem and we will begin communicating those plans on Monday morning," Jeff Carlon, worldwide director of Information Technology infrastructure, The SCO Group, said in the statement.
...unless they were in denial that is was going to happen. Seems to be a trend at SCO
Why wait until Monday?
But why does Feb 1st seem so familiar. Didn't something disastrous happen at this time last year?
I'll give you a hint. It starts with a "C" and ends with an "olumbia" ...
Yes, it's the one year anniversary of the Columbia tragedy already. And here we are on Slashdot, talking about SCO being the "victim" of yet another DDOS, which was probably of their own making in an effort to paint the Linux community as a band of evil hackers and SCO the poor, innocent company under siege. Newsworthy indeed!
So basically, here's the year 2003 in review:
- A piece of foam impacting the RCC on the space shuttle's wing can destroy it.
- A software company can pump their stock by pretending to own Linux.
Guess we've learned a lot!
"To confine our attention to terrestrial matters would be to limit the human spirit." -Stephen Hawking
A system designed in such a way that an average user can accidentally break it is fundamentally flawed, and flawed in such a way that no amount of training will eliminate the problem.
Blaming the user is the last refuge of a bad designer.
Forget about the DDOS attacks. It's a distraction. The bigger problem is that the DDOS may be able to be changed on command to any other site on the internet.
i cle_id=91
This is a spam zombie virus. We need to work securing our comprimised systems and keeping them from joining the spam network and obeying the commands. If anyone has any real information about how this virus works as a relay and how to stop it at the network level please post it.
So far I've found the following links. Blocking port 3127 at the router seems like it could help a lot. Any other (real) solutions would be appreciated.
http://xforce.iss.net/xforce/alerts/id/161
http://www.savvy.net/detail.asp?category_id=7&art
You know, I've been hearing this everywhere, but I've yet to see one instance of MyDoom at our business. I guess we got lucky that it didn't infect any of the thousands of Windows boxes we have. Well, I take that back, I think there were two cases of people bringing in laptops from home and it popped up for a couple minutes, but as for workstations? None. The virus scanning picked them all out probably.
The last time SCO had a DDOS, did they figure out who did it? Is it possible that it was a test of the Mydoom payload?
Given that they knew this was coming, and knew that they didn't have the bandwidth/CPU to handle the masssive overload, why didn't SCO Just set the A record for their website to 127.0.0.1 for a couple of days?? Either that or 192.168.42.42... With the former, a virus infected machine would simply attack itself. With the later, it would try to contact a well known address which would allow sysadmins to find any infected machine (and remove the virus) by simply looking for references to the address.
Free Software: Like love, it grows best when given away.
(801)424-2006
/. his home phone!
I just called his home and it sounds like his wife on the answering machine. It said something like, "Hello, you've reach the McBrides. We're not home at the moment, please leave a message and we'll get back to to you", or something to that effect.
I left a message:
"Sorry to say, but, you've been Slashdotted. Have a good Sunday."
and then I hung up.
Tee-hee-hee! Let's all
(I know this is cruel, but it's fun)
as someone pointed out to my moron self, my troll in the parent post is akin to joking about a bomb in an airport in the current security environment.
sorry, shouldn't have posted that, maybe i was still drunk from last night. i didn't write it, i had nothing to do with it, and I apologize to everyone.
The virus is written in Russia as a mail relay vehichle. They are just using the SCO issues as a foil, and indeed it worked on you. There even is an apology inside the virus from the author stating that he is just doing his "job"
Now Hang your head in shame.
Help fight continental drift.
While I'm on the blame Microsoft kick, I'd also like to point out that MS didn't put a bounty on the DOOM-A, which affected a much larger number of their customers... They only have a bounty on doom-B which is affecting far fewer customers, but inconveniencing Redmond.
Free Software: Like love, it grows best when given away.
Given that sco seems to have taken no real action to prevent this happening, even though the date and time of the attack were known, there may be an obvious explanation behind the attack.
That is, that SCO did it to itself in order to make itself look like a victim. This attack lets McBride paint SCO as the victim of "terrorists" (a term he actually used in a CNN interview), while letting linux backers look like the bad guys, which is something that the Utah Hustler has been trying to do all along.
My sig is too lon
I was thinking of sending Darl an electronic condolescence card. And maybe cards to some of the other poor SCO chiefs, and maybe some of their lawyers-- it really is a shame what has happened to them over the last year. I understand that some of them used to be such nice boys and girls.
So does anybody know the email addresses?
WTG!!! Now bring down their financial shit too!!
Don't forget to pay your $699 licensi=20 ]} } } }&..}=3Dr}'}"}[NO CARRIER]
From the grand heckler tradition in our culture:
Daaaaaarrrrrl. Daaaaaaaaaaarrrrrl. Daaaaaaaaaarl.
I note that this story was posted over 2 hours after I posted the EXACT SAME STORY.
Interesting how this seems to work on Slashdot.
Maurice W. Hilarius Voice: (778) 347-9907
At any rate the moderators today don't seem to be able to tell the difference between sarcasm and a flame.
Its all that caffiene that does it.
Whoever wrote the virus is like one those EarthFirst! loonies who go arround spiking trees with steel pins to kill anyone who tries to chop down the tree with a chainsaw. Its just a person on a personal ego trip who does not care what their actions do to the reputation of the movement.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
I think we should all send him a present! For example, these guys will ship a big ol' batch of live crickets. For $58, we could ship ol' Darl 5000 crickets and I know that would cheer him up!
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Lame joke, I know...
I do not wonder, because quite frankly, no one at that company is smart enough to pull it off. Just look at the quality of their current scheme, and then compare it to the logistics of planning, deploying, and concealing something like a virus in today's paranoid atmosphere.
At most, SCO will pretend to be hurt by he virus more than it really is, much like a basketball player who writhes on the floor in hopes of a foul call.
========
Together, we will drive the rats from the tundra.
nslookup www.sco.com
Searching for A record for www.sco.com at l.root-servers.net: Got referral to I.GTLD-SERVERS.NET. [took 95 ms]
Searching for A record for www.sco.com at I.GTLD-SERVERS.NET.: Got referral to c7ns1.center7.com. [took 152 ms]
Searching for A record for www.sco.com at c7ns1.center7.com.: Reports that no A records exist. [took 100 ms]
Answer:
No A records exist for www.sco.com. [Neg TTL=1800 seconds]
Details:
c7ns1.center7.com. (an authoritative nameserver for sco.com.) says that there are no A records for www.sco.com.
The E-mail address in charge of the sco.com. zone is: hostmaster@caldera.com.
I just tried to go to sco.com, it redirected me to my own localhost server! wtf? I haven't set that up (redirects, etc.) , how does this happen?
Here's a map to Darl's house. DOS his driveway.
Yes, they had time to prepare for this.
Problem is, there's some odd things going on with the DNS, etc...
If it's 100% what they're claiming it is, why can I not resolve www.sco.com but yet CAN resolve every other server listed in their DNS table?
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
What would have been cool in this instance would be to direct www.sco.com to some network that could try to handle the traffic and perform an audit estimating how many computers are actually infected. Basically an "official idiot count" of people on the net who execute unknown file attachments.
One assumes that every source of the worm propagating e-mail exposes the IP address of a compromised computer. I'm surprised someone hasn't written a script through the back door to either wipe out the virus or pop-up some, "Hey you're a moron" message. Obviously that wouldn't be any more legal than the worm itself, but it begs the question if "infections" on the Internet may eventually be treated like real-world outbreaks which force higher authorities to administer treatment.
This is very bad. These guys are professional slip-and-fall lawsuit artists, and what a slip-and-fall artist does is to go "waaah!!! I am the victim!!! pay me!!!"
In my experience I see more viruses on machines that also have some sort of P2P or Aim software installed. This virus was putting a copy in the users Kazaa share. There is huge issues with this stuff, but the media continues just to talk about email.
Yeah, I read that and knew that couldn't be the mindset of a technology company. It must be true that SCO has completed the transition into a litigious entity. I mean, who is going to buy or trust OS software from people that had 5 days notice of this event and couldn't think of a single thing to do to protect their site?
Registrar: DOTSTER
Domain Name: SCO.COM
Created on: 03-SEP-87
Expires on: 02-SEP-04
Last Updated on: 22-JAN-03
Take note that the last change of their domain record was a year ago last sunday,. No one even bothered to do something as simple as change www.sco.com to a place holder on another subnet and then use their massive free publicity to announce their alternate name for the duration of the virus DDOS attack.
When the response boils down to nothing more than a promise to make more announcements, well, I think they are sacrificing what is left of their technical reputation.
Kindness is the language which the deaf can hear and the blind can see. - Mark Twain
This virus is very hard to catch - people actually have to dobule click on the attachments, so how the hell does it manage to spread against those odds?
Oh well, what the hell...
If you believe US government is so irrational that it would actively take sides in civil lawsuits because of a few viruses,
how can you hope to fight SCO in legal ways?
I do think (news site and their own) front page publicity on how much SCO is hated has its benefits. Darl himself will not be deterred, but rank-and-file SCO employes and even lawyers must be sending resumes as we speak. Would you want to work for a company that was so hated? Nobody tries to DDOS the place where I work...
Also, if you were asked to pay $699x1000 for each of your Linux boxes, this kind of news might encourage you to wait and see.
What we need is to show Darl, in legal ways, how much he is hated in real life rather than just on Internet. If his residential community asks him to move out, restaurants refuse to serve him, hotels refuse his reservations, people spit on the ground and cross the street where he walks, he might just reconsider weather he wants this kind of life.
It will get hit more from people from Slashdot trying to see if the site is up or not.
"But with so many computer clocks incorrectly set, the infected machines began firing off data requests at SCO.com hours earlier...." This says something fundamental about the folks whose computers are being used for this attack. And it does not bode well for any user-based attempt to solve ANY computer problem. There are just too many folks out there whose VCRs continuously flash 12:00!
"Is this Winkhorst a nova criminal?" "No just a technical sergeant wanted for interrogation."
Trolling using another account since 2005.
Huge MyDoom Zombie Army Wipes Out SCO and "If ISPs Are Blocking Sco.com Today, What Happened Jan 28/29?"
I've been looking at the traffic statistics of some european internet exchanges and none of them seem to have more traffic then usual.
The 2 reasons I can think of:
1) There is no extra traffic. (maybe a little)
2) All traffic goes thru transit providers (cause it should go to U.S.)
If there are over 200.000 machines infected by MyDoom there should be noticable extra traffic.
References
Amsterdam
London
Brussel
Paris
200GB/2TB $7.95 Coupon: SAVE90DOLLAR
Being an Apple Consultant, this virus doesn't give me any more work to do.
Maybe I should have been a Windows guy instead...
"Russia usually does better fighting e-mail viruses than the United States because systems administrators are generally more competent here and install protection quicker"
Though that was a funny quote from this story about the fact the virus was traced back to Russia.
E-mail virus traced to Russia
I find the article dangerously misleading, saying things like "The MyDoom.B variant, which is also programmed to attack SCO". This reporter guy totally ignores that it can be very well smokescreen tactics used by spammers to discredit the spam-fighting Free Software-Community. Instead he writes like a SCO marketing drone.
Code is Speech. No to Censorship.
I am awaiting the continuing FUD from the bastards at SCO, blaming us Linux users, when in fact, the attack is solely coming from an army of owned Windows boxes.
Grab your umbrellas, it will be raining FUD by coffee break tomorrow.
DISCLAIMER:
I don't believe what I write, and neither should you.
I would love to see the look on Darls face when he gets his bandwidth usage bill from his service providers!!
According to the Reuter's graphic attached to the article, it's actually SGO not SCO. Did the poster even read _all_ the article? :p
[alk]
MSFT already changed their DNS entries.
(do a host www.microsoft.com)
Akamai's caching service will handle all the requests.
They already used this technique before. Check netcraft for more details.
While I don't agree with DDoS, or other criminal-type computer activities, it's awfully hard for me to shed a tear for either SCO or Micro$platt.
Phrases like "You Reap What You Sow," and "What Goes Around, Comes Around" keep coming to mind (or is that 'What SCO's Around...)?
In short: Darl "Darth" McBride and Billy-boy brought this all on themselves by behaving as they have. Maybe, if they were both a lot less arrogant and self-righteous, they wouldn't be in trouble now.
Bruce Lane, KC7GR,
Blue Feather Technologies
in that second one the Groklaw gang are shown to be as sharp as ever - worth reading
"Paul Thurrott's Internet Nexus, and honest look at Mac OS X, Linux and other Windows Alternatives."
http://www.internet-nexus.com/
Yeah, "fair and balanced," Paul Thurrott! Who do you think you're fooling? Paul Thurrott's Mom? Paul Thurrott's Bill Gates? I'll have to take Paul Thurrott's printout of Paul Thurrott's musing to Paul Thurrott's bathroom with me
Is version as wide spread as version A? What, if anything, is Microsoft doing to prepare for the coming DOS attack?
You say things that offend me and I can deal with it. Can you?
...that was humour.
If yoy know you are going to be hit, you just drop your apache, install a lightweight webserver, replace your homepage for just static content, with no cgi, no scripts, and put a message saying that services that rely on dinamic content won't be available until next week.
;)
Then you set conection limits in an per IP address basics, it's fucking easy, you can even do it with PortSentry, 5 minutes to set it up.
So, it's more than obvious that:
1) They wanted to play the victim's role
2) They are running Unixware, and all you need to ddos 'em is a few 386 with 14.400 ISA modems.
WTF am I doing replying to an AC at 5 A.M on a Friday night?
Nevermind
No, Thursday's out. How about never - is never good for you?
Give a file "virus.exe" the same icon graphic as a word file, and most users wouldn't know the difference.
And showing the wrong icon is not a bug? Get a clue: that's part of the whole "hiding the extension" bug! You could "unhide" the extensions by drawing the correct icon for the extension. It's part of the bug!!!
On the other hand, if you don't hide the extension, then each of us here would be constantly dealing with dumb users who have renamed "Document1.doc" to "Report" (no extension). For 99% of users, hiding extensions is a good idea.
Please explain why "hiding the extensions" has anything to do with "stop the user from changing the extensions"
Wow... Reuters is /.'d... kinda surprising considering that they are one of the larger news orgs... Ya think they'd have more bandwidth...
/. as a mirror for their more important stories... Maybe it could become a side business that makes Taco some $$$
Oh well, I suppose they could always use
I suppose it really is not a useful part of the discussion, but if you glance at the graph included with the article, it clearly says "...the website for software firm SGO..."
I just thought it was kid of silly...
ust goes to show you, it's easy to miss proofreading a graph, and an important lesson for college students everywhere: Check your graphics!
lose
v. lost, (lost, lst) losing, loses
v. tr.
To be unsuccessful in retaining possession of; mislay: He's always losing his car keys.
To be deprived of (something one has had): lost her art collection in the fire; lost her job.
To be left alone or desolate because of the death of: lost his wife.
To be unable to keep alive: a doctor who has lost very few patients.
To be unable to keep control or allegiance of: lost his temper at the meeting; is losing supporters by changing his mind.
To fail to win; fail in: lost the game; lost the court case.
To fail to use or take advantage of: Don't lose a chance to improve your position.
To fail to hear, see, or understand: We lost the plane in the fog. I lost her when she started speaking about thermodynamics.
To let (oneself) become unable to find the way.
To remove (oneself), as from everyday reality into a fantasy world.
To rid oneself of: lost five pounds.
To consume aimlessly; waste: lost a week in idle occupations.
To wander from or become ignorant of: lose one's way.
To elude or outdistance: lost their pursuers.
To be outdistanced by: chased the thieves but lost them.
To become slow by (a specified amount of time). Used of a timepiece.
To cause or result in the loss of: Failure to reply to the advertisement lost her the job.
To cause to be destroyed. Usually used in the passive: Both planes were lost in the crash.
To cause to be damned.
Pretty sure its real... :p
"Sic Semper Tyrannosaurus Rex."
"SCO has drawn the ire of the so-called "open source" programming community"
*sputters incoherently*
_so-called_ open-source?!?!??
Oooooooh, that just gets right on my wick that does....
From netcraft
SCO have done the public spirited thing and taken www.sco.com out of the DNS. This means that there will be no more http traffic travelling across the internet from the infected machines to www.sco.com. Plausibly, the hostmaster's plan was set the TTL to 60 seconds to give himself the flexibility of having changes propogate promptly, and then see what the http traffic was like before making a decision to remove the site from the DNS. He has now decided that he has seen enough. SCO may also have been the subject of pressure from ISPs to put a stop to the http traffic.
It's about time.
The guy has invested his CAREER as a Microsoft marketing shrill. Maybe they require this kind of service from him, so he stays in favor and gets free CD's. Maybe this is the only level he can compete at, so he considers trickery and manipulation to be fair tools for a journalist.
We have a WINDOWS virus spreading over the net. You'd think he would just SHUT UP about UNIX for one day...
Stuff you write on the Internet lasts FOREVER. I don't even wish this on him, but someday he'll be interviewing for work and he will be asked about this. When presented with a question if he knew UNIX mail servers to be implicated in this massive DDOS... I don't see how either a "yes" or "no" answer could yielding a favorable impression.
It's one thing to be wrong, but to twist words in an information-related profession is just plain *damning*! If he was afraid of UNIX taking over before, he better worry more because now his future is compromised. Perhaps Paul should re-consider his career, and work for Fox News.
SCO is confusing the /. effect for a DDOS. Stop visiting sco.com!! /. effect for their own FUD purposes. And the media is simply eatting up anything SCO says as fact.
They are using the
-- "Perceptions create reality. By changing your perceptions you change your reality."
#host www.sco.com
Host www.sco.com not found: 3(NXDOMAIN)
it will do more harm than good to the Linux cause.
Why? Can you prove that an Open Source or Linux developer/distriibutor/end-user posted those details?
And if so, can you please explain how does this affect lawsuits/countersuits against/by IBM/Redhat, et al?
How does this affect the development/distribution/adoption of Linux?
Just wanting to know your reasoning, that is.
A great idea, but for SCO wouldn't that be too smart and too conducive to dealing with things in a productive manner.
Not sure what's going on here but:
C:\>ping www.sco.com
Unknown host www.sco.com.
C:\>ping www2.sco.com
Pinging www2.sco.com [216.250.128.33] with 32 bytes of data:
Reply from 216.250.128.33: bytes=32 time=71ms TTL=49
Reply from 216.250.128.33: bytes=32 time=69ms TTL=49
Reply from 216.250.128.33: bytes=32 time=69ms TTL=49
Reply from 216.250.128.33: bytes=32 time=68ms TTL=49
Ping statistics for 216.250.128.33:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 68ms, Maximum = 71ms, Average = 69ms
The first ping, the "Unknown host" failure, is NOT a DoS failure. It means their www.sco.com DNS record has been removed from the public database so that nobody can lookup the IP address anymore. You can try to ping (or load the web page) all you want but your computer is doing nothing because it doesn't know what IP address to go for.
The second ping, the success, works great. If www2.sco.com is on the same physical connection that www.sco.com normally is on, then this demonstrates that their network connection is not currently encountering any significant attack.
-- laws are the opinions of politicians --
Here is a screenshot of it which i took from their webserver: Click Here
Funny, all the news I hear about myDoom only talks about attacking MikeRoweSoft. There's hasn't been any mention of SCO or Linux.
http://www.tpc.int/faxbyemail.html
Anyone with a brain wouldn't attribute the actions of a few to a whole group.
I know my opinion is popular, but that's exactly the reason why we can just lay back, relax, and have a good laugh while this worm does it's thing.
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
It's just the /. effect from the main post.
Vote for Pedro
www.sco.com no longer resolves. They removed it from their name server yesterday. Only sco.com without the www resolves to an ip address. The attack should be almost completely averted by now because of this, but sco.com is still down.
The only possible cause I see for them to still be offline is if they took it offline themselves, or there's been another attack that they've failed to mention to the press, but it's unlikely that they'd turn down any opportunity to slam us if that were the case. Check it yourselves. The worm specifically attacks the domain www.sco.com, which no longer exists, and the dns entry expired yesterday. All that worm traffic should be going to oblivion by now, because Windows doesn't reuse expired dns records when requery attempts fail.
> www.sco.com
Server: ns.calderasystems.com
Address: 216.250.130.1
*** ns.calderasystems.com can't find www.sco.com: Non-existent domain
> sco.com
Server: ns.calderasystems.com
Address: 216.250.130.1
Non-authoritative answer:
Name: sco.com
Address: 216.250.128.12
can someone explain to me why everyone hates SCO? i want to hate them too, but i dont know the reason...
They're clueless and from a similar timezone as myself, today is Monday here in New Zealand ;-)
HaseCorp has not payed $$$$$ yet, the M$Blaster's author is unknown and 'suelto'.
Right now on the BBC News front page, there's an article about the SCO website disruption. The summary is absolutely awful:
---
Mydoom cripples US firm's website
The Mydoom virus overwhelms the website of US software firm SCO, which owns the Unix operating system.
---
Since *when* did SCO own Unix? This is exactly what's wrong with the mainstream media - SCO is loosing it's court battles, and it's generally accepted that SCO is lying out of it's ass - but the BBC doesn't care to investigate the facts and continues to spread Darl's untruths. They are absolute fools.
SCO has now set the A record for its domain to 127.0.0.1, possibly taking advice from the Netcraft article posted here earlier ;^)
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
Reuters' visual description of MyDoom has some things wrong...
I mod down pyramid schemes in sigs.
(Adjusts tin-foil hat)
It had to be SCO behind this virus! Anyone who would disrupt Superbowl Sunday like this is just downright unAmerican! That's so evil that only SCO could be the ones responsible!
Ahhhh! Ahhhhhhhhhh! (Runs off foaming at the mouth)
My other car is a 1984 Nark Avenger.
Is it just me or does anybody else think that if the open source community were to launch an attack on SCO, it would be much more powerful than a DDOS. We have some of the most creative people working on our side I mean come on.
Quality over Quantity.http://www.virusgaming.com/
Note to anybody in the Salt Lake City area:
Try ordering new aluminum siding for his house, or something of the like. Be creative.
As you sow, sCo shall you reap.
I'm going out to the local discound store to buy some cheap and nasty cards (happy 7th birthday will probably do) and post them to him.
Some simple message (Hands off Linux you thieving bastard, PS - please recycle this card) will probably get the point across.
Postage may be a bit steep from Australia, but what the heck.
Why don't you American whingers stop sobbing in your milk and do the same ? If you cared about the problem, you could do similar.
Surface post within the US should be cheap, and I like the idea of someone delivering sackfulls of cards and letters to him, so that someone has to sorth the good from the bad.
Kind of like a twisted 'Miracle on 34th Street' but without Santa Claus
Don't mod me down - this is serious. Why don't we all take this protest into the 'real world' and snail mail him our thoughts ?
PS - anyone know Darl's Birthday
Because, of course, if their website is offline, nobody will show up for work on Monday, right? Um... no.
Condemnant quod non intellegunt.
Host not found. Not a very big deal.
"Champagne for my real friends - and real pain for my sham friends!" http://ericblade.postalboard.com/
I'm from SCO, and we want to know who did this right now!!!!!!! I mean it, damnit! Speak up now, or, or, or, .....
Will there be people in 2100? Will they be real skinny? vote : the_real_38@yahoo.com
If darl's email addy was targeted with mydoom. We had a catchall running on our site a little while ago while we switched hosts, and the bulk of email coming in was directed at people's first names.
Wouldn't it be funny if darl@sco.com was sent mydoom and he installed it? So like he'd be attacking SCO.
That would be priceless.
Although it's very sad to see anyone in the Open Source community stoop this low. I think we would all agree (bitterly) that this is the wrong way to deal with the legal agressor that is SCO. But I guess if you piss enough people off, something like this is bound to happen.
Of all days to pick a fight, they had to pick Sunday, a day when businesses are closed and most people are at home relaxing? It's like putting on a condom when there's nobody but your left hand around...
eTrade SUCKS
You can almost hear the venom dripping off the reporters fangs.
Several have pointed out that www.sco.com doesn't even resolve anymore; it looks like they just pulled its DNS records. What no one seems to have pointed out is that sco.com (no www.) seems to be being null-routed before it gets anywhere near their network; a traceroute takes me onto Level3's network (after my ISP), but stops there. Hosts like mail.sco.com and ftp.sco.com go another ~10 hops onto XO's network.
I don't doubt they're being inundated with traffic, but with www.sco.com not even having a DNS record, and sco.com being null-routed, its no wonder their site is down: it's their own doing! That's a pretty interesting approach to handling the attack, especially since a lot of good data centers can easily filter out a lot of common DDoS-type attacks without denying any legitimate traffic. (That said, I have no idea how this particular virus works, so it's possible that it's not as simple.)
________________________________________________
suwain_2
What I want to know is how many people infected their computers on purpose and how man just didin't remove the virus after they found it? Most prople won't do a criminal act will but ignoring somebody elses?
I don't smoke crack, but I don't care if you do.
I guess it's a similar mentality.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
If you have a look, they have their site running on www2.sco.com.
If you click a link that takes you to a www.sco.com page, just replace the www with www2 and everything works.
I am Monkey, the Great Sage, equal of heaven!
If you think about it, this gets them the same thing the lawsuit did. News coverage. It also lets them perpetuate the lie that someone in the linux camp had something to do with this. SCO is not loosing revenue, and they may be able to sway some sort of sympathy support from businessmen. I know the papers/press in Utah had a very weird slant last week.
:).
I have my theories about who is behind it. My gut says it's organized crime. That is who I believe may be behind many of these mass worms. The worms themselves don't carry a nasty (delete files, format, etc) payload.. other than creating a ton of network trafic.
What happens after the mass worms is a mass clean up. About 1-2 weeks or afterwards the machines that are still infected show the crime rings exactly which machines they can own as good DDoS or Spam sites because they have been proven to not be watched closely by their admins.
This theory is based on researching which DDoS zombies were hitting our customers the most. We found that a high percentage of them had signs of a previous worm infection.
We'll see what comes of this
Is anyone placing bets/odds on MyDoomB shuting down microsoft.com? Have bets been placed in Vegas before on viruses' success/failure against a target in a DDoS attack?
Just a note. After seeing your above post, I read that article. It angered me enough to write a letter in response to an editor there, who apparently forwarded it to the author, Steven J. Vaughan-Nichols. (I couldn't locate the author's email easily, so I sent it to one that I could find.)
Well now I'm engaging in an email point-counterpoint with this guy. He says he apparently has been reading and posting to /. for quite some time. So maybe he could please stand up here? That is, if this post doesn't get modded to oblivion by Mr. Vaughan-Nichols, since that is how I took the following from the email exchange:
I'll be sure to look for your posts the next time I moderate, since you clearly know nothing about me or my work
I'm not sure how to take that, sounds almost like a threat to me. I wasn't trying to shame the guy here, but I'm not sure how else to put that. Honestly, I'd like for this gentleman to show himself here with his "many years" old UID to post to us, to explain his usage of the post the way he did.
C Pungent
Well, with SCO taking the record of their site off the nameserver, perhaps we could start distributing a batch file to update the HOSTS file with www.sco.com and a valid IP address?
MyDoom == WMD ?
It's a password protected directory.
How's about reposting the link with the userid and password ?
Having mixed feelings on this is like Muslims having mixed feelings about the World Trade Center.
"Rather than try to continue to fight, we felt it was more advantageous to bring the site down and make that bandwidth available or other users," said SCO spokesman Blake Stowell, adding t 536870913 1751217184
Programmer "Sir I must object again. We created two perfictly good viruses as it is we don't need a third targeting Slashdot."
Darl "Why not?"
Programmer "Becouse it would show it wasn't made bt someone in the Linux community."
Ring
Darl "Hold on..." answers phone "Hello?"
Other side of phone (Bill Gates) "Dam it Darl what's this I hear about two viruses. If I find out your behind this Linux will be the LAST thing on your mind."
Darl "Gates baybe.. relax old Darls got it all under" (click) "Hello?" (hangs up phone)
Seeing the programmer is still in the office
"Don't you have a virus to write?"
"But Darl you can't imagin what a horriflcly bad idea..."
Darol interupts "Now..."
"yes sir.." Head hangs low.
I don't actually exist.
Now that they are back up, look at the picture of the laptop on the main page, is that an iBook?
A few seconds ago my upstream (NTT/Verio/DavNet) sent me this:
In order to prevent any disruption to your service caused by the illegal traffic generated by this worm, we have filtered access to the site www.sco.com. You will therefore not be able to access this website. The DNS entries have also been removed by the owner of the site.
I wonder if they will remember to turn it back on after the 12th or if they will simply BOFH it and forget about it.
The Devil take SCO AND Microsoft!
They sell Madagascar roaches! Yay!
There was a place on Richmond Street in Toronto which used to sell specialty insects (including hissing roaches) for the film and television business.
And there was once this guy who got a raw deal from his boss, who had an absolute terror of roaches. When he left the company, he visited his former boss's home on a cold winter night, holding a small container under his jacket to keep it warm. With a broom handle through the dryer vent, he was able to dislodge the dryer duct. Opening the little container right beside the dryer vent, the roaches reacted quickly to the warmth and entered the house. 6 males, 6 females, each about 2" long.
This guy's former boss moved out within two months.
Fire and Meat. Yummy.
http://www.thescogroup.com
they have removed www.sco.com however http://sco.com works in the same way...
how ingeniously simple can you get??
http://sco.com works OK now.
http://www.sco.com does not resolve.
Was http://sco.com working all the time?
I bet there's gotta be some old phreakers here, who still knows how to do the job :)
Not Buzzword 2.0 compliant. Please speak english.
Why would a "normal" company publicize in advance how they were going to combat the attack? Wouldn't that just give the virus writers a chance to modify their strategy? It would be like John Fox publishing his playbook right before the Super Bowl.
This is only true if the worm contains a bot, but even then it's risky to the virus author. Many windoze born diseases like this worm contain bots that give some control of the machine to the worm's author, but using that control with people watching will get you busted.
If SCO wanted to keep their plans to themselves they would. Their Sunday anouncement of their plans to anounce their plans the day after the attack is supposed to commence makes little sense.
Friends don't help friends install M$ junk.
5:55am Monday Morning (Pacific Time), and they're still down. Pretty soon the Google Cache will be their main homepage I guess. I know, a cheap shot but can't help it!
...in bed
Ahrrrr!
Ahoy there matey!
Or fill out those littls slips of paper and drop them in the "30 Free Days At the Gym" or "Free Info About Replacement Windows", etc.
Get as many telemarketers to call as possible.
A computer once beat me at chess, but it was no match for me at kick boxing -- Emo Phillips
Repointing to 127.0.0.1 is fundamentally different than repointing to someone else's machine - as it is a loopback, each machine only has one machine "attacking" it, rather than a million other machines. Not so bad. And most of these machines wouldn't be trying to maintain availability on network services in any case.
Well, SCO is back online, but predictably their contact page is offline. I was about to send a missive, but no dice. Let's keep trying to let them know our displeasure.
According to the BBC, SCO's temporary website is at http://www.thescogroup.com/.
$ host www.sco.com
Host www.sco.com not found: 3(NXDOMAIN)
In my view, this is going to result in a much higher load on their name server than a localhost address with an 8 hour TTL.
On the other hand, sco.com still has an address (but is extremely slow).
does anybody know what was the address of sco.com? I'd like to check my firewall logs to see if/how many machines are infected.
Free Software: Like love, it grows best when given away.
Don't know if people are still reading this thread, but Darl is (or somebody told him)
this was snipped from notes of a talk that he gave at Harvard.
*snip*
Slashdotted phone. I have not checked, but Darl claims that someone put his name, address, and home phone on Slashdot during the Superbowl, leading to a DoS attack on his home phone line. If this is true, someone tell the babies that this is not a game. Not cool, especially as it just plays into SCO's hands.
*end snip*
Again, please don't play SCO's games. Let the truth speak for itself, people.