Posted by
CmdrTaco
on from the no-surprise-there dept.
quakeslut writes "It's Feb. 1st everyone... and all of you who have been reading Slashdot know that today MyDoom.A begins it's attack... according to Reuters, SCO has already been hit hard. Stay tuned for Tuesday when MyDoom.B hits Microsoft..."
Re:Why today...
by
Pharmboy
·
· Score: 5, Interesting
Sunday isn't even a business day? How much money will they not lose?
There is one basic flaw in your assumption. Granted, for many businesses, this would hold true, but not SCO. Being attacked on Sunday is just as detrimental as being attacked on Wednesday, as it appears they make just as much money when no one is there as they do when the place is fully staffed: nothing.
I am sure they will spin this around and demonstrate how this hurt them terribly, costing them tens, if not hundreds of dollars in potential sales;) Then again, they will blame the Linux community for this, even though its soley from a bunch of owned Windows boxes. This is akin to blaming Smith and Wesson for injuries to the neighbors when you fire your gun in random directions.
-- Tequila: It's not just for breakfast anymore!
Re:Why today...
by
87C751
·
· Score: 5, Insightful
This is akin to blaming Smith and Wesson for injuries to the neighbors when you fire your gun in random directions.
Nit: It's more akin to blaming Smith & Wesson when mayhem results from you firing your Glock in random directions.
-- Mail? Put "slashdot" in the subject to pass the spam filters.
How stupid do you have to be?
by
Matrix9180
·
· Score: 5, Interesting
SCO had plenty of time to prepare for this. They were well aware it was coming. I personally believe it's a publicity stunt. (which probably wouldn't surprise anybody around here).
-- 120chars for a sig is teh suck
Well actually...
by
Chicane-UK
·
· Score: 5, Informative
If you query their DNS servers, you'll see that they have removed the A records to their site.
So the traffic just won't get to them anyway..
-- "Hey! Unless this is a nude love-in, get the hell off my property!!"
Re:Well actually...
by
anticypher
·
· Score: 5, Informative
Not yet. I just checked all 4 of their name servers:
AUTHORITY SECTION: sco.com. 6H IN NS ns.calderasystems.com. sco.com. 6H IN NS ns2.calderasystems.com. sco.com. 6H IN NS nsca.sco.com. sco.com. 6H IN NS c7ns1.center7.com.
and all of them return www.sco.com. 1M IN A 216.250.128.12
So their name servers are still up and running, and pointing to a valid address. Reasonably, they have a 1 minute TTL, which will give them a quick response if they do decide to point it at 127.0.0.1 or 66.35.250.150.
the AC
the slashdot crud filter doesn't like double semi-colons in posts
-- Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
The DoS attack will start at 16:09:18 UTC (08:09:18 PST) on February 1, 2004. The worm checks the local system time and date to determine if it should initiate the DoS attack
I'm typing this and the time is currently 14:30UTC.
For those who are interested, it does appear to work in wine, before the news of it reached slashdot, I ran a copy of it in controlled conditions under Wine to see what it would do. It appears to be mainly a spam relay with SCO DOS'ing added as an afterthought.
I wish it wouldn't happen. This virus is painting the Linux community as a bunch of petulant adolescents - regardless of who's doing it.
I'm trying to remember who in the Linux community was quoted in the Wall Street Journal as saying "Let's take the high road." We should do just that. We all know that SCO doesn't have a leg to stand on. Let's let them sink themsleves.
Course it's not funny they will just say "The terrorist group "Linux Community" has claimed responsibility for the attacks" and declare us part of the axis of weasel like they did the other day on CNN.
Re:What's the difference?
by
sbennett
·
· Score: 5, Funny
What's the difference between writing a virus that targets sco.com and posting a link to sco.com in a slashdot story?
Simple. The virus is less effective.
DDoS attack time table + analysis of DoS in Mydoom
by
Anonymous Coward
·
· Score: 5, Informative
There was a story posted "Refuting tall-tales and stories about the Mydoom worms" which can be found at: http://www.math.org.il/mydoom-facts.txt
It contains the Time Table for the attack along with reverse engineering analysis of the DoS component in Mydoom.
You might also want to check: http://www.math.org.il/newworm-digest1.txt
Which contains an analysis and reverse engineering bits for Mydoom.A>
Re:Finally!
by
Anonymous Coward
·
· Score: 5, Insightful
This virus is painting the Linux community as a bunch of petulant adolescents - regardless of who's doing it.
No, it's not. The media (and SCO, et al for obvious reasons) is painting the F/OSS community as adolescents
What I want to know is how many people infected their computers on purpose and how man just didin't remove the virus after they found it? Most prople won't do a criminal act will but ignoring somebody elses?
Actually, as a private computer techie, I've been removing MyDoom from my client's computers for the past couple of days. It really is amazing how fast it's spread...
As a Linux geek I must admit to a small snicker at SCO's misfortune here, but it is definately not the right way to go about solving the SCO problem. All publicity is *NOT* good publicity, and the last thing we need is the world to think "Linux == Geeks spreading virii". I've been taking pains to point out the spam connection with the MyDoom virus, and I think that's the angle we should persue here. I can only hope that the next looser who DOSes SCO gives us as easy an "its not us" angle.
-- "Mission Accomplished" -- George W. Bush May 1, 2003
What they didn't include in the article
by
marsu_k
·
· Score: 5, Insightful
Curiously, this article seems to imply that there was a political agenda behind DDoSing SCO - but to quote Mikko Hypponen of F-secure a bit more:
"It's also possible the attack against SCO is just a smokescreen to misdirect attention away from the backdoor component in the virus - which is most likely included in order to facilitate sending of spam email messages."
Similiar, albeit longer, quote from him asserting that indeed spammers were behind this worm was in the local newspaper on Friday, but it's in Finnish and I'm too lazy to translate it. But the above quote can be found here.
Yes, it's a classic trick, and it's worked for thousands of years. I'ts worked for politicians and armies. It's worked for the con-artist and the cult leader. What is this trick? Miss-direction. If you think that this virus has anything at all to do with the open source community or SCO then your not keeping your eye on the ball sparky!
1. This virus makes a machine an open relay. Considering recent legislation and other anti-spam techniques I smell spammer bovine feces here.
3. The open source community is coming up with various anti-spam measures. Don't you think the spammers would love painting their enemy as petulant child - as they have proven themselves to be?
MyDOOM isn't the open source community pissing on on SCO, it's spammers pissing on all of us.
-- "Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
SCO website just a symbol...
by
bangular
·
· Score: 5, Insightful
Realistically, who the hell even goes to the SCO website. They've got so few new potential customers anyway (I would put the number at zero). Current UnixWare users doubtfully visit their website very much anyway.
Their website being down is more of a symbol. A symbol to them of "Look at what they are doing to us". It's obviously not very important to them anyway seeing as how in the past they've taken it down for hours to days at a time for "server upgrades". If it were that critical to them, they wouldn't have had downtime. But it was cheaper to take it down and do what they needed to do to spend the money to keep it up during upgrades.
Anyway, SCO can eat apple sauce out of my ass with a spoon.
Telling people not to voice their opionions because of fear of what other people might think of you is an asinine way to excersice your right to free speech.
Yes, free speech is something we believe in at slashdot as well. We can and should make jokes. Why? Because we always make jokes about things! I would make a joke right now, but (1) I'm not that funny, and (2) I'm just too shocked that I am being told in a +5 comment not to say something.
Let the media report what they will. The fact is, some part of the community that you posted to can find humour in this. We are for sure a community that finds humour in everything.
Actually, now that I read your comment again, I am not sure you are serious. Perhaps it was just a joke and our mods have modded you insightfull?
Re:How did this virus spread so easily?
by
gdav
·
· Score: 5, Funny
The users that I support would double-click on a landmine to see what it did.
Re:How did this virus spread so easily?
by
glesga_kiss
·
· Score: 5, Insightful
For the past 4 versions of Windows Microsoft has refused to remove a huge security hole called file extension hiding.
Bollocks. The people commonly infected with viruses wouldn't even know what a file extension was, let alone the difference between an exe and a txt file.
"The one with the W is a word file, the portrait is a graphic file etc". Give a file "virus.exe" the same icon graphic as a word file, and most users wouldn't know the difference.
On the other hand, if you don't hide the extension, then each of us here would be constantly dealing with dumb users who have renamed "Document1.doc" to "Report" (no extension). For 99% of users, hiding extensions is a good idea.
But wait!!! I can prove it's not the virus.
by
dtfinch
·
· Score: 5, Informative
www.sco.com no longer resolves. They removed it from their name server yesterday. Only sco.com without the www resolves to an ip address. The attack should be almost completely averted by now because of this, but sco.com is still down.
The only possible cause I see for them to still be offline is if they took it offline themselves, or there's been another attack that they've failed to mention to the press, but it's unlikely that they'd turn down any opportunity to slam us if that were the case. Check it yourselves. The worm specifically attacks the domain www.sco.com, which no longer exists, and the dns entry expired yesterday. All that worm traffic should be going to oblivion by now, because Windows doesn't reuse expired dns records when requery attempts fail.
Slashdot Mirror
and just to be sure they get DoS'ed, you post a link to their website on slashdot.
Sunday isn't even a business day? How much money will they not lose?
Jonathanjk.com
SCO had plenty of time to prepare for this. They were well aware it was coming. I personally believe it's a publicity stunt. (which probably wouldn't surprise anybody around here).
120chars for a sig is teh suck
If you query their DNS servers, you'll see that they have removed the A records to their site.
So the traffic just won't get to them anyway..
"Hey! Unless this is a nude love-in, get the hell off my property!!"
Until Saturday when MyDoom.S hits Slashdot..
From this page:
The DoS attack will start at 16:09:18 UTC (08:09:18 PST) on February 1, 2004. The worm checks the local system time and date to determine if it should initiate the DoS attack
I'm typing this and the time is currently 14:30UTC.
For those who are interested, it does appear to work in wine, before the news of it reached slashdot, I ran a copy of it in controlled conditions under Wine to see what it would do. It appears to be mainly a spam relay with SCO DOS'ing added as an afterthought.
I'm trying to remember who in the Linux community was quoted in the Wall Street Journal as saying "Let's take the high road." We should do just that. We all know that SCO doesn't have a leg to stand on. Let's let them sink themsleves.
There is no spoon or sig.
The server, the server, the server is on fire!
We dont need no SCO let the #*($&# burn!
Course it's not funny they will just say "The terrorist group "Linux Community" has claimed responsibility for the attacks" and declare us part of the axis of weasel like they did the other day on CNN.
What's the difference between writing a virus that targets sco.com and posting a link to sco.com in a slashdot story?
Simple. The virus is less effective.
There was a story posted "Refuting tall-tales and stories about the Mydoom worms" which can be found at:
t
http://www.math.org.il/mydoom-facts.txt
It contains the Time Table for the attack along with reverse engineering analysis of the DoS component in Mydoom.
You might also want to check:
http://www.math.org.il/newworm-digest1.tx
Which contains an analysis and reverse engineering bits for Mydoom.A>
This virus is painting the Linux community as a bunch of petulant adolescents - regardless of who's doing it.
No, it's not. The media (and SCO, et al for obvious reasons) is painting the F/OSS community as adolescents
As a Linux geek I must admit to a small snicker at SCO's misfortune here, but it is definately not the right way to go about solving the SCO problem. All publicity is *NOT* good publicity, and the last thing we need is the world to think "Linux == Geeks spreading virii". I've been taking pains to point out the spam connection with the MyDoom virus, and I think that's the angle we should persue here. I can only hope that the next looser who DOSes SCO gives us as easy an "its not us" angle.
"Mission Accomplished" -- George W. Bush May 1, 2003
Curiously, this article seems to imply that there was a political agenda behind DDoSing SCO - but to quote Mikko Hypponen of F-secure a bit more:
"It's also possible the attack against SCO is just a smokescreen to misdirect attention away from the backdoor component in the virus - which is most likely included in order to facilitate sending of spam email messages."
Similiar, albeit longer, quote from him asserting that indeed spammers were behind this worm was in the local newspaper on Friday, but it's in Finnish and I'm too lazy to translate it. But the above quote can be found here.
1. This virus makes a machine an open relay. Considering recent legislation and other anti-spam techniques I smell spammer bovine feces here.
2. More and more spammers used high jacked machines for DNS, web service as well as relaying their crap. spammers Check out the nanae news group for more examples
3. The open source community is coming up with various anti-spam measures. Don't you think the spammers would love painting their enemy as petulant child - as they have proven themselves to be?
MyDOOM isn't the open source community pissing on on SCO, it's spammers pissing on all of us.
AngryPeopleRule
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
Realistically, who the hell even goes to the SCO website. They've got so few new potential customers anyway (I would put the number at zero). Current UnixWare users doubtfully visit their website very much anyway.
Their website being down is more of a symbol. A symbol to them of "Look at what they are doing to us". It's obviously not very important to them anyway seeing as how in the past they've taken it down for hours to days at a time for "server upgrades". If it were that critical to them, they wouldn't have had downtime. But it was cheaper to take it down and do what they needed to do to spend the money to keep it up during upgrades.
Anyway, SCO can eat apple sauce out of my ass with a spoon.
Is this a troll?
Telling people not to voice their opionions because of fear of what other people might think of you is an asinine way to excersice your right to free speech.
Yes, free speech is something we believe in at slashdot as well. We can and should make jokes. Why? Because we always make jokes about things! I would make a joke right now, but (1) I'm not that funny, and (2) I'm just too shocked that I am being told in a +5 comment not to say something.
Let the media report what they will. The fact is, some part of the community that you posted to can find humour in this. We are for sure a community that finds humour in everything.
Actually, now that I read your comment again, I am not sure you are serious. Perhaps it was just a joke and our mods have modded you insightfull?
The users that I support would double-click on a landmine to see what it did.
Bollocks. The people commonly infected with viruses wouldn't even know what a file extension was, let alone the difference between an exe and a txt file.
"The one with the W is a word file, the portrait is a graphic file etc". Give a file "virus.exe" the same icon graphic as a word file, and most users wouldn't know the difference.
On the other hand, if you don't hide the extension, then each of us here would be constantly dealing with dumb users who have renamed "Document1.doc" to "Report" (no extension). For 99% of users, hiding extensions is a good idea.
www.sco.com no longer resolves. They removed it from their name server yesterday. Only sco.com without the www resolves to an ip address. The attack should be almost completely averted by now because of this, but sco.com is still down.
The only possible cause I see for them to still be offline is if they took it offline themselves, or there's been another attack that they've failed to mention to the press, but it's unlikely that they'd turn down any opportunity to slam us if that were the case. Check it yourselves. The worm specifically attacks the domain www.sco.com, which no longer exists, and the dns entry expired yesterday. All that worm traffic should be going to oblivion by now, because Windows doesn't reuse expired dns records when requery attempts fail.
> www.sco.com
Server: ns.calderasystems.com
Address: 216.250.130.1
*** ns.calderasystems.com can't find www.sco.com: Non-existent domain
> sco.com
Server: ns.calderasystems.com
Address: 216.250.130.1
Non-authoritative answer:
Name: sco.com
Address: 216.250.128.12