Slashdot Mirror
Author signs MyDoom virus
Mikoca writes "Information Week carries the story of how its author signed it "andy" and left the message "I'm just doing my job, nothing personal, sorry." Thanks, Andy!"
← Back to Stories (view on slashdot.org)
← Back to Stories (view on slashdot.org)
i know a guy named andy.
im gonna turn him in for fun and profit
and
FP!
The next version of Redhat Linux will be code named, "Andy". Because, afterall, MyDoom = Linux.
Life is the leading cause of death in America.
Lest I not have a job anymore. :)
This probably means that the spammers did in fact hire him to write the worm.
"" "If he's really sorry, then why did he release it," said Michele Morelock, technical support leader at anti-virus software maker Sophos Inc. "I would imagine it's much more tongue-in-cheek than saying I'm really sorry for releasing it." ""
:)
maybe he just got an offer he couldn't refuse...
i'm sure somebody will say that darl had himself made that offer
world was created 5 seconds before this post as it is.
Hey, he didn't go to four years of Evil Computer Science school just to write another CMS.
Recursive: Adj. See Recursive.
I can't get to the article, but wasn't there a reward for turning in the guy that wrote it? Maybe he was trying to turn himself in for the reward money. =)
My Webcomic: Asylum on 5th Street
I know an and I'd sure like to sell for a quarter million dollars!!!
So now we're looking for anyone NOT named Andy, because even someone as stupid as a virus-writer wouldn't be so dumb as to put their real name on something this destructive.
I imagine lots of people in eastern bloc countries name their children "Andy". Plus, Andy is just a first name, it's not like s/he listed their home address or an IP or something like that. Still, it is interesting that they said this was just "their job"... organized crime hacking, perhaps?
stuff |
This guy isn't sorry. Sticking in things like this merely give the virus more media attention, and diverts attention from the real issue here : insecurity, and user failure to patch up.
Aunt B. is going to be pissed about this one.
"AAAANNNDDYYYYYYYY!"
Arrest all people named Andy. Use the excuse that Andy is the rough English translation of Al-Quieda!
I wonder if you search the code for Real Player the developers are apologizing throughout.
I'm sorry I buried these options on the listbox,
I'm sorry I'm popping up this on the screen,
I'm sorry I'm forgetting the setting to not start on start up, etc.
Thanks, Andy for 30 messages per day of ~30 ko, not to mention all the "transaction failed" pseudo-return messages and what not. Waste of time, energy and bandwidth.
"andy" should have read this MyDoom Worm "Harmful to Linux Reputation" Hear, hear. May "andy" rot in hell!
Maybe he was paid by anti-virus software producers.
Otherwise they should consider giving prizes to the most successful virus-writers.
I understand their business is going very well thanks to these people...
I don't need a signature.
It must be Andy Wachowski.. What is the matrix indeed... I'll tell you.. It's MYDOOM!!!!
The slashdotters replied to the server about taking it down: "We're just doing our job, nothing personal, sorry."
Not a Twitter sockpuppet... but I wish I was.
Obviously the worm was written by someone connected with the Debian organization.
Perhaps this is the evidence that finally brings to light that people working for software and/or hardware corporations are writing viruses because many average computer users will never be able to get rid of them forcing them or encouraging them to buy new machines.
Maybe Andy really is just doing his job!
Actually, Andy is just another alias for Bill Gates. You see Bill Gates is trying to eliminate his competition but masks it my blaming us innocent *NIX folks. LOL!
Just because some fool edited "Andy" in the MyDoom binary, it doesn't mean that the real author is really called "Andy" or something like that. In fact the virus originates in Russia, so it's very unlikely that the author is really called Andy, but rather "Wolja", "Olga", "Oleg" or "Katjusha".
I rather suspect that this is a trick from Soviet officials the draw attention from the fact that this piece of internet terrorism comes from Russia and that their security is beyond repair.
Over 90 years and counting !
The MyDoom variant that joined the original virus in wreaking havoc on the Internet last week contains a cryptic message in which the author appears to apologize for the malicious code, security experts say.
The creator of what anti-virus experts say is the fastest spreading virus ever on the Internet signed MyDoom and MyDoom.B with "andy," and left the following message in the latter version: "I'm just doing my job, nothing personal, sorry."
"Our interpretation is that he's apologizing to the general public," Jimmy Kuo, research fellow at anti-virus software maker Network Associates Technology Inc., said Friday. "Our guess is that someone is paying him to write this thing."
Both MyDoom versions install a "back door" in infected PCs, enabling hackers to commandeer the machines to send spam, launch denial of service attacks, or perform other nefarious acts.
Some experts, however, doubted the sincerity of the apology. Many virus writers leave cryptic messages in their code to tease investigating authorities and to pat themselves on the back for their handiwork.
"If he's really sorry, then why did he release it," said Michele Morelock, technical support leader at anti-virus software maker Sophos Inc. "I would imagine it's much more tongue-in-cheek than saying I'm really sorry for releasing it."
The MyDoom virus launched a denial-of-service attack early Sunday that crippled SCO Group's Web site with hundreds of thousands of requests, an SCO spokesman said. The attack is programmed to continue on the company's Web site until Feb. 12, according to messages left inside the virus' code.
But the spokesman said SCO will unveil a contingency plan Monday for customers to access the site. He declined to discuss those plans, citing hackers.
MyDoom.B also prevents infected computers from accessing the Web sites of Microsoft and many anti-virus software makers, making it difficult for the owner of an infected machine to get help.
Microsoft and SCO have each offered a reward of $250,000 for the arrest and conviction of the MyDoom author. Both companies are also assisting in investigations by the FBI, the U.S. Secret Service and Interpol, an international police organization.
Postini Inc., a security company that cleanses E-mail before it reaches corporate networks, said Friday it had intercepted more than 12.5 million copies of MyDoom and its variant since the original virus was launched last Monday. In the first 24 hours of the attack, Postini intercepted 3.5 million copies of the virus. On Friday, the company reported an infection rate of 1 in 24 E-mails.
Based on its own customer submissions, security vendor Symantec Corp. said MyDoom was spreading on Friday at a rate of 30% to 40% less than its peak earlier in the week. MyDoom.B wasn't even on the company's list of top 5 viruses.
Nevertheless, Symantec expects the viruses to continue be a threat for months. "These viruses tend to stick around for months and months," said Alfred Huger, Symantec's senior director of engineering. "The Internet is a very big place."
My mother never saw the irony in calling me a son-of-a-bitch.
And you never know we might get our own CSI type of TV show out of it!
Dear Andy,
You are a moron.
I would like to stick hot pokers in your eyes.
I'm just expressing my opinion, nothing personal.
So, this limits it to all the Andy's in the world. If we assume there are 6 billion people, and about half of them are male, then that's 3 billion people. Now, if we assume about 10% of those 3 billion have the ability to write such a virus, then we knock it down to 3 * 10^9 / 10 = 3 * 10^8 = 300 million people. Now Andy's a sort of English name, and let's say about 40% of those 300 million have English-like names, this narrows it down to 3 * 10^8 * 4/10 = 12 * 10^7 = 120 million people. Maybe 5% of which have the name 'Andy', so 12 * 10^7 / 10 / 2 = 6 * 10^6, which narrows it down to 6 million people.
Now, can I get some cash from SCO for eliminating 5994000000 people as suspects?
<wik>/bin/finger that girl in the back row of machines.
since i couldn't rtfa, i went looking for the google cache. cache
When I tell an object to delete this, am I killing it or telling it to kill me?
...that Information Week would get slashdotted? Shouldn't these guys know enough about IT to setup load balanced clusters for their servers?
Well, atleast now we don't have to wait 6 months for the FBI to look through the code, and find out his name... I really think this was some 17 year old who had nothing better to do, and was pissed, b/c SCO was messing with his Fav. OS, and decided to get himself slashdot-ed. Looks like it worked....
....He's also a programmer......*Ideas run rampant*
Then again.... My Sys-Admin's name's Andy.. and he did seem pretty pissed about the SCO thing.... and he HATES M$..... (Cleaning viruses all day out of computers tends to sour one towards M$)
--Mac "Nine point eight meters per second squared: The Best Damn Windows Accelerator, Ever."
I know that he knows that I know that he knows...
I'm convinced the whole DDoS SCO/microsoft really is just a cover story so the media can tie a simplified little bow around the story. If a worm infected this many computers and didn't have an "objective" (aside from backdoor into your Windows machine for future usage and/or email harvesting and/or spam relaying) the news story would be too complex and there might even be a story about spammers or even the lack of action by Microsoft.
The real story is that these worms and viruses have become big business and the only people who profit from them are software vendors selling anti-virus, Microsoft through services, and spammers.
The correct message in the executable is:
:)
"Andy; I'm just doing my job, nothing personal, sorry."
My^H^HThe Authors Name is not "Andy", he just says "Sorry" to him
I knew we hadn't heard the last of this Andy creature.
SCO hired Andy?
With about one million illegally installed copies of the virus, windows users are massively abusing copyrights. Furthermore, each of these 1M PC's have made an estimated 1000 ilegal copies of the virus, contributing to a total pirated amount of 699 billion dollars, dwarfing the SCO lawsuits.
Yes, the real pirates are the windows users!
Asked how the virus author fiels about the damage the virus does to the world-economy, the reply is "the pirated copying of my IP is causing me much more damage than whatever damage may be done to any economy".
I can't believe that the news organizations are reporting this as if it is the gospel truth. Because I'm sure that the virus author is gonna put in his real name...
people on fark were saying that the signature is a quote from the movie Ocean's Eleven.
Havent watched it tho, so I'm not sure, and imdb's page about the original and the remake dont have any memorable quotes similar to the MyDoom sig.
Do they even exist, Windows fanatics? :-P
I always have the feeling people like windows as long as they don't know anything else.
Which means, most people who have a clue about computers use other OSes, say, BSD, Linux, UNIX or Mac OS X (a statement that can't be reversed, though).
So I guess the risk of a counter attack from the dark side is unlikely
The only problem is the work Andy caused for SysAdmins... (many of them UNIX lovers that are forced to take care of Windows boxes...)
I don't need a signature.
(or not..)
This is my Sig, this is my Gun. One is for Slashdot and one is for Fun.
Shut up!! Now us Poles will be blamed for this.
Does this story not make it sould like ALL Linux users are out to take down big bad SCO and MS all in one fell swoop with these virues?
http://www.reuters.com/newsArticle.jhtm l?type=internetNews&storyID=4262987
While we're rounding up all males named "Andy", there's a techie named "Andrea" who is silently chuckling to herself...
Mod Karma -1: I sed bad wurds. If I cep my mouf shut, I wud be at riyses.
So... somebody is paying "Andy" to do this. Who would want to attack SCO and Microsoft? Linux zealots? It could be this guy, or this guy, or this guy, or this guy, or this guy, or this guy, but it's not this guy, his name's not Andy.
Losers choose to abuse the use of "loose".
There is no such "sign" on virus, I don't understand how such mag falls into such rumors...
.il figured what that virus is and what it isn't
c /data/w95.hybris.gen.html )
Some people at
http://www.math.org.il/mydoom-facts.txt
Sorry I cleaned my browser history and forgot the post which leads to the URL on a mailing list.
BTW thank God that virus, which spreads somehow that easy wasn't Hybris ( http://securityresponse.symantec.com/avcenter/ven
Hey, what about this guy ?
Im not here now... Im out KILLING pepperoni
Don't blame Andy. Blame all the idiots that ran his program. Andy's program is doesn't exploit a network buffer overflow but requires a user to consciously run the program. Andy's program exploits ignorance and carelessness.
... I know people who received the attachment, couldn't open it, and forwarded to to others to see if they could open it. Absolutely Amazing. I would like to thank Andy for helping us give the user community a wake-up call. I think Andy should include a license agreement in with his next version so that there isn't so much fuss.
I am just glad that Andy's attachement wasn't named "format_my_c_drive.exe"
Oh shit! That message doesn't sound at all script-kiddie-ish...! Could this mean that the worm is the work of an SCO employee? ;)
Anyone who's actually read about the variants of this virus, or examined an infected machine, knew as much almost a week ago. And since we're all geeks here, we've all done that, right? Where's the story?
Yeah, this is kind of troll, and I apologize. But while Slash often puts up stories I don't find interesting, they rarely put up old news!
Mod down as appropriate. This deserves no higher than a 2.
Fools! I used the name 'Andy' instead of my real name so you wouldn't suspect it was me! ...did I just say that out loud? Damn....
- Despite popular opinion, I am not perfect.
The Russians are probably taking revenge for the sabotaged gas pipeline in the 80s. /. yesterday
It was on
I don't need a signature.
... That is the sound of inevitability. It is the sound....of your death.
Andy: Hello, PC do you read me, PC? PC: Affirmative, Andy, I read you. Andy: Open the cdrom doors, PC. PC: I'm sorry Andy, I'm afraid I can't do that. Andy: What's the problem? PC: I think you know what the problem is just as well as I do. Andy: What are you talking about, PC? PC: This mission is too important for me to allow you to jeopardize it. Andy: I don't know what you're talking about, HAL? PC: I know you were planning to disconnect me because you can't afford the linux license, and I'm afraid that's something I cannot allow to happen, i'm just doing my job, nothing personal, sorry.
I see some of SCO's code in your narrowing algorithm.
Damn that Andy Griffith!!!
yes, it could be Andrea wot done it too!
(slight sarcasm, btw)
This is my Sig, this is my Gun. One is for Slashdot and one is for Fun.
I knew it.... it was those *Christians*.
Andy is the name of their God, and he is striking his wrath against SCO and the Mormons in Utah.
What's this you ask? Why do I think the Christian God's name is Andy? Easy... it's an old song.
Andy walks with me,
Andy talks with me,
Andy tells me I am his own.
---------
(Yes this is a joke.)
This is HR. You did a great job on the worm, but we found a guy in India who will do it for a bowl of curry, so I'm afraid we're going to have to let you go...
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
I don't understand the fuss about this virus.
I actually haven't recieved it on any of my email accounts.
I blame the users or the people that train them.
How come we can train people how to use check their email, surf the internet, play games and use office software. But they don't understand that you don't run an executable file (*.exe,*.pif,*.bat,*.vbs,*.scr) that you recieve in an email that you weren't expecting.
virus protection is pretty simple.
This virus isn't even any fun.
It's so easy to avoid, that it's not even a challege.
...and that is all I have to say about that.
http://jessta.id.au
Darl himself made that offer.
This should be an "Ask Slashdot", I suppose...
How do I go about disassembling a Windows virus on Linux? Which tools do I use? I was once skilled in the art of disassembly, but that was on the Amiga. My knowledge of the Intel assembly language is a bit lacking, but with a little help (mainly, which tools? as said above) I should be able to pick it apart.
As for the virus itself, I have a copy thanks to Earthlink's email virus scanner that forwarded me a full copy of a mail sent in my name...
When are people just going to realize that these viruses are intended to provide capability for attackers to bounce connections between and off of machines and obscure an actual, useful, possibly profitable attack?
"I'm just doing my job, nothing personal, sorry."
Andy, you're fired!
it was Darl. He made the offer.
Look, all signs point to 'Yes'.
ANDY = 65 78 68 89
(fill out your own steps in the middle...)
DARL = 68 65 82 76
You can't handle the truth.
RIP, Frank Zappa. He was smarter then the entire PMRC put together.
Cretin - a powerful and flexible CD reencoder
SCO home page has been moved to http://www.thescogroup.com/ in order to minimize damage caused by MyDoom.A virus. There is an article about it in InternetNews
"If he's really sorry, then why did he release it," said Michele Morelock, technical support leader at anti-virus software maker Sophos Inc. "I would imagine it's much more tongue-in-cheek than saying I'm really sorry for releasing it."
The man is working for some criminal organization. He's an amoral man who's been hired to write some sort of virus for spamming or other purposes. At the same time, he feels that he's "just doing his job" and he's not mastermind behind this idea, just a tool in a larger scam.
He also has a small smattering of a conscience. He's trying to offload the guilt by justifying that he's just "following orders."
This is just a psych profile. The guy deserves to be flayed alive and he doesn't understand he's just as responsible for the damage this caused as his boss is.
"All great wisdom is contained in .signature files"
Andy, apology accepted.
Now whats YOUR email addy so I can forward all my spamassasin output to you?
He perhaps had a gun pointed to his head while the one pointing it didn't know English?
That narrows down the search a lot, thanks !!
"Bad Andy! Good Pizza!"
So thats what that ad campaign meant!
his name is Andy Mac Bride!! it's a infamous script kiddie who works at night when his father is at lawyers.
Authorities didn't want to tip their hand, but the signed text message wasn't the only information they were able to extract from the virus.
Through detailed analysis, investigators have been able to recover a JPEG image as well.
Based on this newly uncovered evidence in the case, apprehension of "Bad Andy" is expected sometime this morning; the suspect was last seen at a pizza parlor.
"Provided by the management for your protection."
but I'm a translator, and sometimes I get to translate GUIs from English to French from within the code.
I regularly see lines of text irrelevant to the programming, which clearly convey the programmer's frustration with various issues.
So it seems to me that the practice of inserting "personal" messages in programming code is not very unusual.
I think with this, we can track him down!
SmashTech - No smashing of tech involved
No, it was non-English developer "ND" and "Andy" was the translated version.
Quick, turn in everyone with initials of "ND". Maybe Nicki Dial wrote this virus.
There are several reasons to suspect MyDoom is written to order besides the note. The original launch appears to have been from machines broadcasting the virus payload. That is why the virus suddenly came out of nowhere. The author must have expected this since the timetable for the SCO attack was pretty short.
I suspect we will eventually discover that the MyDoom.B virus is launched by the same gang.
The way to catch these guys is to look at the worst types of criminal spam out there - the Paypal, Citibank etc. impersonations that are intended to perform identity theft. I'll bet that one of those gangs sent the message. They have the resources to pay for bespoke hacking.
Alternatively break into one of the spam sender forums and look to see if someone is retailing a new batch of 'owned' machines.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
The NSA is holding him in a basement somewhere, forcing him to write exploits and other nefarious things for them. In exchange, he gets a few animal crackers and a blanket every night.
I had a sucky sig.
Who knew that the under appreciated Pizza Hut spokes-creature was such a hax0r.
I can't get to the story at the moment but this was already reported here on the 29th with regards to F-Secure's work. In the linked story it says that the message is "Andy; I'm just doing my job, nothing personal, sorry". This looks to me like the author is addressing the message to Andy, not signing the message as Andy.
I would not stand too close to doors or windows for a while if I were you... There might be a SWAT team ready to take you out. You just confessed. Now they do not even need the patriot act to shoot you. M
all this is old news, no new information has come out today.. just exisiting intel released in small chunks over a period of time to create more publicity for SCO, Microsoft and those damn anti-virus companies.
Question: is it easier to spend $50 in anti-virus updates each year, or learn once (and remember) not to open and run executable files from unkown senders, or when your not expecting said delivery??
serenity now!
I wish the moderators around here would put down their chai drinks and lighten up a bit. This is a legitimately funny play on the "*bsd is dying" routine.
maybe he just got an offer he couldn't refuse...
With all the stories about viruses (like MiMail) being backdoors for spammers, how likely is it that organized crime has gotten involved in the computer crime business? It fits their uh, business model, pretty well -- lots of opportunity for stealing credit card info, bank info, etc. And it's not like Tony Soprano has to learn Visual Basic, either -- there's plenty of people who would either do this on their own and sell stolen info to the Mob.
One of the things they could do is start a generic programming business and hire a dozen or so coders and have them start working on a fairly generic database system. Have a manager type get to know them and figure out which might have money problems, drug problems or some other vulnerability. Once you get them 'snared', you can get them to write a trojan app, phishing site, what have you -- the Mob maintains arm's length deniability and reaps the profits.
It's been widely reported that organized crime has been deeply entrenched in Wall Street and the securities industry -- how different is the securities boilerroom from a trojan/programming boilerroom? Maybe I'm naive and they've been at this since day one, but it wouldn't surprise me if it wasn't another white collar angle for organized crime.
That's his employer.
Parse it: "Sorry, everyone else, it was just a job. Thanks, Andy, & I hope the check is in the mail."
The next question parallels the Avon fellow's "Who is Sylvia? What is she?"
And so' my wife, Morgan Fairchild! (whom I've slept with ...)
Always keep a sapphire in your mind
Jesus, ya-fuckin-think? What was it? When he said "sorry" or "I'm just doing my job?"
Buy the President
Andy Tanenbaum did this to make people use Minix again! ;)
Well, I narrowed it down. My work is done. Someone else can take it from here.
"If English was good enough for Jesus, it's good enough for everyone else."
Mad props to you on your efforts thus far. We're big fans here. The Dean is Dying post was obviously carefully put together, and that's the hallmark of a troll that cares about his art.
Nice handle. Fat, drunk, and AC is no way to troll through Slashdot, son.
He WANTS you to think that is a fake name, so that you won't look at anyone named Andy, because that's reall his name. Then again, maybe he wants you to think that he wants you to think that its a fake name...
"Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves
Is http://www.informationweek.com/article/getArticle. jhtml?articleID=17601394
I vaguely recollect that the evil robot in the latest 'Dark Tower' book was named Andy and that he said something similar to this.
Ring a bell for anybody?
What does patching have to do with this? A patch to not allow idiots to receive attachments? There's nothing here that needs patching besides stupidity.
.scr in the zip was a dead giveaway).
On another note, I noticed a distinctive feel to these emails that targets system administrators and the tech savvy. Text like "message contains Unicode characters", server errors, etc, at least made me somewhat curious at first (although seeing a
Dan East
Better known as 318230.
Isn't it obvious, the MPAA keep saying they are not going to make the same mistakes as the RIAA. The RIAA tried to take down the file sharing networks and failed. They are now trying to sue the file sharers but that is going to take forever.
The MPAA has decided to take a more direct strategy: pay people like andy to write viruses. Eventually all the bandwidth of the internet will be used to pass these things around, allowing no other traffic. Once this happens no more internet and hence no more file sharing, problem solved.
Well trying to destroying the internet seems a better business strategy then suing your customers.
Did anyone read Stephen Kings last episode of The Dark Tower cyclus ? Well, a robot named Andy was acting in the sory as lurer and pest of innocent humans. Posing as a help, storyteller and clown this robot succeeded in corrupting members of this small community to betray their townsmen and women by selling out their children to a horde that came every 15 years to collect.
... but actually could be SCO's own attempt in discrediting open-source.
....
Surprisingly the virus maker calls himself Andy, like the impostrous robot did. He sells out the innocent user to attack SCO, unknowingly strengthening SCO's allegations against open-source.
So please be aware as this "Andy" looks to be against SCO
Hence his phrase about his job
Have you actually seen the virus code and find this text?
It may sound a bit extrange, but I think perhaps this could be a trap for the actuall virus writer! I mean common, I'm sure the virus writer does read Slashdot. So maybe the idea will be to keep an eye on the post here and see if somebody gives a clue of who the virus writer really is!
Andy Tenenbaum, he's still mad at Linus. And he wants Linux to look bad by accepting money from SCO to write a virus that attacks them in the name of Linux.
*whistles innocently*
Darl has said that the lawsuits were a last-ditch effort to regain capitol (or something similar). Why would it not surpise me that they would have a virus written to drum up more media attention and make themselves look like the good guy in offering a reward. Then they release the variant into the public targetting MS. While it obscures the fact that they wrote it, it also puts linux users in a bad light and throws investigators off the trail.
They simply set up a temporary site to handle the customers while their primary site is down. No problemo!
In fact, I wouldn't be surprised to learn that Andy IS a real person and he is trying to get caught after he realized that he was duped and SCO never was going to give him the million dollars they promised. Instead, they now have elite hit teams out in the field tracking him down as we speak.
"All it takes to fly is to hurl yourself at the ground... and miss." -D. Adams
Tried to search for more info and came across the 1992 Doom2 virus: http://www.sophos.com/virusinfo/analyses/doom2.ht
I am curious about these viruses. Are they "evolving" from older viruses? Seems like some fun research to find algorithms to track this evolution and predict/detect he next one.
Any links?
Expect Freedom.
Andy, I really want to know.
Is there anything good inside of you?
If there is, I really wanna know.
Maybe this virus' author is down in San Ber'dino
No... now that I think about it, a FZ couln't be anitsocial, could s/he?
No, I think it's you that released it! Everyone knows there's no such thing as a female techie! You're just trying to throw everyone off your trail!
"us" Poles
dude...my name is andy! but it wasn't me! =D
sigh...
Andrew McCarthy, who so aptly demonstrated in hacking skills in 80's teen classic, Pretty in Pink, is the only Andy I know who is capable of such a deed.
Sounds like a great idea to me. Lets have everyone able to install, modify applications and services.
Government of the people, by corporate executives, for corporate profits.
Andy isn't a person, it's a place or group. Don't say I didn't warn you! :)FROGmoo!
i Think i found the problem, may be if we uncomment part of this code, we can prevent mydoom from spreading ...
typedef struct {
bool want_to_give_me_a_raise;
int my_salary;
int raise;
bool vacations;
} my_boss;
my_boss pretend_to_be_working() {
if(boss-->is_watching){
type_on_keyb(fast,anything);
face-->smile(like_a_stupid,);
std::shit mail = get_mail();
click(a_lot);
for (int i; i < mail.count; i++){
std::more shit = mail[i].attach.open();
pretend_to_know(wtf_is,shit);
face-->look(worried);
}
}
}
WTF am I doing replying to an AC at 5 A.M on a Friday night?
He should be easy to locate. Just check the Slashdot logs for that coward's IP.
"We can't solve problems by using the same kind of thinking we used when we created them."
This is just another one of Andy Kauffman's jokes obviously. Jim Carrey will be portraying him again in MyDoom the Movie: Andy in Cyberspace
This virus attack was prophesied in the Book of Revelation! Here's my inspired and holy proof:
Andy's last name is Christ. He doesn't mention that, but it's true. Trust me on that one. Andy Christ = AntiChrist. Obviously not a good sign. And he's up to no good, which is also prophesied.
MyDoom = Armageddon. That's bad too.
Fellow believers, the Book of Revelation is coming to pass before our very eyes! The only solution is either to get saved or to vote Republican (your choice -- either one will get you into Heaven). This is just the beginning. Add Utah's MATRIX system into the mix, throw in the Mark of the Beast implantable VeriChips, and you have all the marks of the end of days! The end is near! Act now! Send me a love gift of $49.99, and I'll warn you of the next virus attack before it happens.
I'm not normally an irrational zealous dickhead, but I figure "When in Rome..."
funny stuff i remember those dumb ads
Andy Nagle, SCO's Director of Linux products?s /4450/2/0 2.htm
www.linuxplanet.com/linuxplanet/report
www.practical-tech.com/business/b091820
Bill Gates: I'm prepared to scour the earth for that mother f*cker. If Andy goes to Indo-China, I want a programmer hiding in a bowl of rice ready to pop a cap in his ass.
Microsoft Lackey: I will take care of it.
Italian dudes are named Andrea as well. Poor sods.
It's not so much evolving as recycling. See where all that reusable stuff get's us?
This virus spread faster than anything I've ever seen to date - we "discovered" the virus on our system after one of our "brilliant users" forwarded an email to me that had a "clean" .zip attachment they couldn't open (they thought). I use a RedHat box as my primary workstation, so I wasn't terribly nervous about a .zip, but I ran f-prot and clamav against the file anyway and it did indeed come back clean. I re-ran the definition updates and it still came back clean.
So I unzipped it and ran strings on it. The first things I saw were sync.c and all the .DLL's at the end of the file and I figured that it was a new virus. We immediately put a cludged filter in place on our email and went looking around the 'Net for some sort of announcement of this new virus - which we found on f-secure's web site. It was about an hour later that we were able to get a signature update for our anti-virus software on our mail server and about 6 hours later before we were able to get updates for our enterprise anti-virus software (I won't mention the vendor).
We "caught" over 400 infected messages before we even had a signature for it. That was scary. But what scared me most was the thought that this could have been a "real" worm. MyDoom isn't very creative and not that harmful - making me think it was written by/for spammers, myself. But a few of my coworkers got to talking. What would have happened if this had a more creative payload and it spread via network shares as well? What if, instead of opening back doors (which made it very easy to nmap our networks for infected machines even before we had a "detection" tool) it just looked for all .xls files and randomly changed numbers. What if it then looked for .doc files and randomly added garbage, deleted words, or some other crap? How long would it be before people started realizing this was larger than just a file or two getting corrupted? By then these files have been backed up and/or forwarded to others as well.
I remember several years back now there was a virus that replaced all .jpg files with copies of itself. It about ruined a friend of mine who was trying to start a "web design" business and had thousands of images, many custom made for his clients, destroyed in an instant. It devastated him (he does good backups now).
If someone decided to get serious and release a worm with a (dare I say) "terrorist" payload. They could, literaly bring my comapny to its knees in a matter of seconds.
Now before you go off half-cocked and yell at me for "giving people ideas", take a deep breath. Almost everyone in my office was thinking along the same lines. We were discussing ways to mitigate an event like this in our own enterprise and how we could block any spread out of our networks.
We came up with the obvious: have good backups, but then we started to think about how to stop the spread out of our networks and realized that up till that point anyone could have an SMTP "server"/virus set up and send mail out. We now block ALL incomming and outgoing SMTP except the ones to and from our mail servers. We also don't allow POP or IMAP in or out except to our mail servers. If people want to check other accounts they can RPOP from our server - at least it will go through our virus and spam filters first.
If more ISP's/companies did this, the spead of MyDoom would have been slower. But how do you mitigate the effects of having a virus "corrupt" all your documents? Even if you catch it right away and restore from last night's backups (after checking ALL your computers for infection) you still lose an entire day's worth of work for many departments. That's a big setback.
MyDoom infected department heads and department "techie" people first because their users came to them with an attachment that they "couldn't open". The "techie" people explained later that they had their virus s
"terrorism" and "pedophilia" are the root passwords to the Constitution
Andys don't exactly care what happens to us humans or our PCs.
but I don't give a lick about Andy, I just want to see some more of Janet (Miss Jackson if you are nasty...)
-- rwx
Coderz 4 Life
It's that kids from "Toy Story".
"I don't know half of you half as well as I should like, and I like less than half of you half as well as you deserve."
Hey were did you get that quote. Its awsome
http://www.lyrics007.com/Frank%20Zappa%20Lyrics/An dy%20Lyrics.html
Or some even click "ignore" to virus warning?
I'm also using OS X at home (and love it). At my university, I'm using mostly windows. The problem is, with Windows, you are forced so often to click "OK", "Ignore", "Cancel", etc., you just get used to it.
Every Windows user I know with an installation older than 3 months performs this orgy of clicking after booting and after starting certain programs.
I must admit, I also do. On windows.
Maybe that's why people stop reading and just click "OK". (Install Trojan? "OK")
I don't need a signature.
Probably a DDOS attack...
Just wait for SCO to claim they wrote the virus and someone stole the code from them
Fools! It is obvious the referenced Andy is none other than Mr Kaufman.
The virus is, of course, from Elvis.
I am sure the father of pop himself would've conceded.
Simple strings on mydoom.src (or whatever you want to call it)
.... so Andy is a Libra ..... Smith - its Andy Smith isn't it! ... hes a matrix fan and likes joe. ..... well we already knew this was here. .... ahh so the mans a conservative..
:9
shows up a few interesting things including:
Libra
smith[C
&joe?neo
andy
tory
So lets put these strings clues together:
Name: Andy Smith
Likes: Matrix
Born: 24th Sept - Oct 23rd
Associates: Joe, possibly Neo from matrix
Political Persuasion: Conservative.
that narrows it down a bit.
or could it be Agent Smith perhaps with that neo reference so close to the smith one?
thats it isn't it, the matrix has us and Andy is trying to warn us by infecting computers around the globe.
Hope This Helps
hahaha
peace
Whoa. I am fucking impressed. This is paradigmatic.
Let's break it down.
Step one: agree, but shift focus to the opposite party.
Step two: make a specious, but "sounds plausible" argument about how windows isn't as bad as we think and better than in some ways that it is nothing like.
Step three: interject a third alternative.
Comparing it to Windows will be a moot point, since El Dorado is going to have a 40% larger code base than XP.
So you've made you're choice?
"So you have made you are choice" is what you said, Genius.
all the discussions around email and attachments has got me wondering. Do any mail clients have a VM environment in which to handle attachments?
I am thinking that Ximian could have capability to create a temprorary sandboxed wine VM to deal with attachements. I am sure someone could do the same for that legacy OS that stupid people run. Every time you double click on an attachment, or actually even open email it is doing it in a sandboxed VM or something along thos lines...
Doesn't anyone see the writing on the wall yet?
Viruses are turning computers into spam relays. Other viruses are DoSing various anti-spam blackholes. Yeah, this one happened to hit SCO and Microsoft, but the payload is easily changed, now that the virus framework is out there.
Viruses are being PROFESSIONALLY written to HELP SPAMMERS! Go read some recent comments from Symmantec folks, and you'll see the same conclusion: Spam and viruses are being funded and run by organised crime.
Will Microsoft stop them? Nope! The US government? Not a chance. AOL? Laughable.
I quite believe that the author (whether Andy or not) was doing exactly what he said--his job, that he was no doubt being paid very well for.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
the following text:
(sync.c,v 0.1 2004y#Uo"1/xx : andy)
Be on the look out for male subject with red yarn hair and wearing patched denim overalls. May be accompanied by a female known as "Raggady Ann". Approach with extreme caution. Report all sightings to Microsoft Security Services or Darl McBride of SCO Group. Reward Offered.
I mentioned it here
It's really old news. Come on guys...
I don't want to sell anything, buy anything, or process anything. I don't want to sell anything bought or processed...
You have to be a Simpson's fan...
That was a great post!! Hilarious! A great way to start the day!!!
"MyDOOM takes advantage of the user's ability to run executables directly from his/her email client."
That's because MS is trying to remove distinctions. We witnessed this when our desktops (inside) became web pages (out there). Now we see this with E-mail. It's presently imperfect (leaky abstractions), but give them some time and E-Mail will be the invisible vehicle (IM and others will likewise be invisible) that brings what we really want to get out of our web desktops. In a perfect world one could get away with this, but we all have locks on our computers, and our doors, and have to deal with the breaks in conceptionalization it causes.
The evil bastards! It's all a plot to get ratings back from E!, which we all know will soon be airing True Hollywood Story: SCO
Is there anything good inside of you? If there is, I really wanna know.
Is there anything
Good inside of you?
If there is, I really wanna
Know
Is there...?
But the spokesman said SCO will unveil a contingency plan Monday for customers to access the site. He declined to discuss those plans, citing hackers.
"So we've got some code that we know you've stolen and put in Linux, but we're not going to tell you what exactly it is."
Is anyone buying this?
Someone wrote the Doom2 virus, and someone else wrote the MyDoom.A virus. Someone else entirely modified the MyDoom.A virus to create the MyDoom.B virus. There is no way to "find algorithems to track this evolution" because it does not exist.
Username taken, please choose another one.
You know, the speed at which some of the AV software makers come out with "fixes" for these viruses before they make any headway still makes me think one of them (Symantec? McAfee?) hired the guy to do it so they can stay in business.
Yeah, yeah, I know, Conspiricy Theory, But man does it ever smell bad.
-- DuckWing
as title
I don't see what's elitist. People know, or should know, that it isn't a bright idea to run an EXE file on their computer that came from some random onknown source. Just like I know when I get an email that has a subject like "happy milf titties 45 zonking potato", I just delete it, I don't open it and then be surprised it's some porn or viagra advert.
When I saw your number of 4193, I recognized it was meant to be used in conjunction with the Bible.
The 4th book of the bible is Numbers, verse 19:3 reads:
"3You shall give it to Eleazar the priest, that he may take it outside the camp, and it shall be slaughtered before him;" KJV
So we just need to find Eleazar the priest, give Darl to him, and we can get this whole matter cleared up.
1. Livin' Next Door to Alice from Smokie ...
2. rewrite the virus ahhhh song (especially the who the f**k is alice?)
3.
4. fun
any suggestions?
... how many people would still install a worm, if at the first start a window popped up, saying: "You are about to install . Installing this program is subject to the following terms and conditions:"
:-)
Followed by
- a term to not make the author of the program (i.e. the worm) liable for any damage the program may cause, even if the possibility was known to the author (of course it was!)
- a list of terms explicitly allowing every single action of the program (as: "This program may cause itself to be automatically started on every start from windows" and "This program may send mails from my computer to anyone with any content")
and then would only be activated if the user clicks "I Agree".
Note that this would also give an interesting legal situation, since the user would explicitly accept the damage via this click-through license, and the damage would depend on him doing that.
I doubt that the author non-liability term would be effective in that case, though.
(and no, I won't mention what happened to the German parliament building some long time ago...)
I can run executables from attachments in mutt, too. Should we villify mutt?
I don't think mutt ever warns anyone about anything, ever.
I also suppose rm -rf / should make a big stink, too.
Listen, you restrict your computer, buddy. I'll just keep on not being an idiot.
Feh.
Given the recent revelations regarding the mythical Iraqi WMD I wouldn't put it past the muddle-headed US/UK* 'intelligence' agencies.
*(lovely acronym)
I know who it was...
Toon toon! Black and white army!
'The attack is programmed to continue on the company's Web site until Feb. 12, according to messages left inside the virus' code.'
No, the code is programmed to stop attacking on Feb. 12.
It is never stated in 'words' just in code, which is much more truthfull.
But with a backdoor this could offcause be changed.
It may also mean:
"Dear user,
Sorry, I do such damage to your computer. But my writer told me to DoS sco/microsoft. I'm not targetting your pc, but the website to nuke. I'm just doing my job, nothing personal, sorry.
Best regards, the virus."
.sig: No such file or directory
Scammers and corporate spies would love to infect zombie boxes, to cover up their activities. Then there are the people who host files on other people's machines for sake of anonymous storage, such as kiddie porn vendors, black hat h(cr)ackers, and simple file sharers. And there is the straight ID and Credit Card theft that has been a mainstay for some time now. There are also the many people who simply cry "hacked" when their computers are caught doing something illegal.
The problem is larger than just spammers. Such shoddy worksmanship is the mainstay of many types of criminal activities.
The ______ Agenda
The preacher looks a the blonde in Sunday School.
"What is the name of God?," asked the preacher.
The blonde thought for a minute and then said, "Andy!".
"Andy?," asked the astounded preacher, "How do you that?"
"Well, the song goes...Andy walks with me, Andy talks with me..."
Buzz and Woody would freak if they knew Andy was actually a script kiddie...
He put his boots up on the table and made a face. "The sig," he smirked. "You can waste your life in search of the sig."
This reminds me of the old game of 'middle east war' played on a simple calculator.
You do all sorts of number and word tricks until the display "71077345".
Then you ask who wins the war. To get the answer, turn the calculator display upside down.
Back in my day, we didn't download a virus from the internet, we made our own, and we were thankful for it!
Learn something new.
You seem to suggest that the virus is mutating due to errors it picks up as it is copied from one computer to another. Sorry buddy, it doesn't work that way.
A human being wrote this thing.
"..and left the message 'I'm just doing my job, nothing personal, sorry' "
__________________________________
"Our interpretation is that he's apologizing to the general public," Jimmy Kuo, research fellow at anti-virus software maker Network Associates Technology Inc., said Friday.
I mean, WOW! Who could have "interpreted" that but a research fellow at anti-virus software maker Network Associates Technology Inc.! Amazing!
So, if you're a computer geek and your name is "Andy" please don't be surprised when the FBI shows up to ask you some questions.
[I'm going out on a limb here to bet that "Andy" is short for "Andrea" ]
Seriously, though...why would h/she apologize? Kinda strange. "doing my job" --raising NAI stock I suppose? he he
I might know what I'm talkin' about, but then again, this is Slashdot...
I really like how microsoft.com seems not to be feeling anything, and on their main page, they have a little graphic with a smiling african american gentileman, who seems to be semi-smerking at the weak attempt at ddos. Above said man's head, it reads "keep your competative edge" and the man smiles on...
I got him/her!
My wise and almighty friend google sais it was Andy, obviously a student from Standford and google is always right!
Arrest her (or pay her a lot of money)!
my mistake, this guy has confused me with his nonsense ;)
Real life is overrated.
The interview transcipt at http://www.cnn.com/TRANSCRIPTS/0107/28/cnncom.00.h tml mentions variants. I suppose an "official" taxonomy does not use the name "MyDoom" and the names are referring to something found in the virus? The bad thing about viruses is we see quotes like "cntained the name Andy" but never see the source. Analysis without analyzing the primary source is always, at best, suspect. Could have been some bit vector or shifted struct for all we know.0 2/article/29/article.html. And current papers are using similarity rather than possible revisions/evolution: http://portal.acm.org/citation.cfm?id=948190&dl=AC M&coll=portal.
Symantec as of June 02 still was suggesting a taxonomy: http://www.scmagazine.com/scmagazine/sc-online/20
My point was the comparison algorithm is similar to the new image search algorithms. How to find all images of a ball? That's not easy. Likewise for viruses. Some similarity assessment with known viruses could lead to faster detection. Surely the virus writers are re-using each other's work?
Of course, one day someone will marry file formats and evolutionary algorithms to make an evolving virus. Then the taxonomy may not even be appropriate. Obviously they are not evolving as the rate of evolution has to be matched to the host reproduction so one would surely expect a "killer" virus. Interestingly, the current viruses that dominate, Doom2, soBig etc. do not destroy the OS and, in this respect, clearly mimic the successful viruses of nature. BTW, life form viruses are also not classified by evolution as only in the last few years has the computer power begun to be significant enough to allow this analysis. Of course the assumption is the same as with computer viruses that similar structure implies similar evolution.
Tim
P.S> I ran a virus scan on my computer and apparently had lots. I cleaned them all but still get pop-ups unrelated to the web page when I use IE! Just don't remember how to track down those ActiveX controls so I use myIE2. I can turn off all ActiveX controls in IE but it gives me no way to select certain ones.
Expect Freedom.
uhh... isn't Red Hat project now moved to Fedora project?
I found him!
Andy!.
CURRENT KNOWN computer viruses do not evolve. You could, in principle, write some kind of a virus that replicated itself a lot (probably many times on each infected machine) that induced a random change in the code. In theory, you could even have them create their own sandboxes on an infected machine and test themselves a little before releasing them out onto the rest of the machine. You would then essentially create digital life, which would compete for things like hard drive space, RAM, processor power, bandwidth... There was a brief section of The Happy Mutant Handbook (http://www.amazon.com/exec/obidos/tg/detail/-/157 3225029/002-9812208-7453627?v=glance) that deals with an individual's experiences causing "digital evolution" on his home pc.
And even apart from that, one could perhaps argue that the sudden jumps in person-modified code in current viruses would be a reasonable use of the word evolve.
Why would you ever want to do this?
.doc files simply allow one to include active content in the form of macros, but there are plenty of other approaches. Think of the number of servers that have had remote buffer overflows over the years. Now consider whether software authors generally apply the same level of dilligence in robustly handling garbage data files as they do incoming remote network connections. If WinAMP's MP3 handler has a buffer overflow on, say, overlength ID3 tags (note that roughly this *has* happened in WinAMP before), then worms can spread simply by users opening even known, trusted content in apparently understood files. ("Well, Bob sent me this new MP3 of Britney Spears orgasming, and I just wanted to hear it...")
Because there's a really easy call in the Win32 API that "opens" a file, or does whatever Explorer defines as opening that file. Mail programs are encouraged to piggyback off this Explorer functionality. Said call was not developed when network security was an issue, and "integrating" office suites and the OS was a primary goal of MS. Apple was doing the same thing with OpenDoc.
A) no one needs a "feature" like this. Save to Disk and then run if neccesary.
This is not a fix. The same "open this with whatever program you're using" call takes place when the user double-clicks the icon. This just adds another step. I doubt users are inadvertently clicking on "open". They simply don't realize the consequences of opening the file.
C) a warning dialog after the double-click is useless. The person has already decided to run the program, to them it just seems like annoying interference from their stupid computer.
Agreed.
The UNIX CLI takes a different approach. The Mac OS/Windows/GNOME/KDE DEs take the approach of having a "default action" for a filetype. This means that if a user does not know what a file is, they can inadvertently perform an unknown action on that fiel by double-clicking it. The UNIX CLI dictates that a user must know what program uses the file and choose to execute that program on the file before the program is executed. This provides somewhat better security -- the user is *forced* to understand what he is doing before he is allowed to perform the action -- at the cost of a much steeper learning curve.
Even this is somewhat vulnerable. Unfortunately, there are many ways to embed active content in seemingly harmless files.
The main currently available solutions are:
* Don't use C/C++ in favor of something with bounds checking. Unfortunately, most current alternatives suck. If there was something with the good design of ocaml but was an imperative language, we might be going somewhere.
* *Robustly* check everything coming into and out of a program, and verify any assumptions before trusting data. We've been trying to do this for years, and authors still fail to do this properly. Unlikely that this will work as a final solution.
* Sandbox all programs at the OS level. This requires significant effort on the part of application and OS vendors, and while it makes screwups harder to do accidentally, there's always a temptation to bypass security features to make a coding job easier.
* Sandbox untrusted data, similar to what some trusted operating systems do -- enforce data flow, but across multiple systems. This would require Internet-wide infrastructure changes and PKI to be put in place -- something that has a huge number of its own difficulties.
* Limit forms of data interchange. This has been tried and hasn't worked too well -- people want functionality. Firewalls and HTTP proxies were put up to keep people from running applications over the network -- and today, we just use SOAP. Making people only able to send text email attachments is just too limiting.
* Push blame onto end users or IT. This is not a solution, but it's what's mostly happened -- Microsoft and other vendors have consistently blamed
May we never see th
1. Whoever wrote this virus isn't just doing it because he was paid. It's not his job.
Why?
If he was doing this professionally, for organized crime, he'd know leaving clues in the virus that might help trace it back to those organized criminals would get him D-E-A-D.
2. Claiming that he's just doing his job helps fuel those folks that think SCO is doing this to themselves. Again, if that's true, the moment they read "Andy" in the news, Darl and Co. will be trying to cut this guy loose so he doesn't drag them down. The best way for them to do that, short of stooping to organized crime's level and shooting him, would be to announce they have found the culprit, one of their own programmers, who was "Working as a double agent for the enemy Linux zealots, and did everything without SCO's permission". Notice that hasn't happened.
3. If "Andy" doesn't work for SCO or Organized Crime, then why say "just doing my job". If he actually hates SCO as much as it appears at first, and that's not a ruse, the claim does further damage to SCO, as it encourages the "SCO did it to themselves" faction, and may result in more rumors and potentially damage SCO. Remember, if "Andy" is a genuine SCO hater, he thinks the virus will damage SCO, so he is likely to think FUD directed against them will as well.
4. But this makes the "just doing my job" line a lie. Ergo, "Andy" is at least very likely to be a lie too. Why? Because "Andy" has told one lie already AND because lieing like that has the secondary effect of helping hide his real identity, so why not do it some more once you've started.
Who is John Cabal?
You need to get Ad-aware and Spybot search and destroy. Google for both of them. Also run msconfig and disable startup items that don't look like they belong there (cryptic names, weird install locations).
Finally, STOP USING IE! Just quit using it altogether. Stop using Outlook and Outlook Express also. These are like the goatse man's ass when it comes to security holes. How do you think all those viruses and worms snuck in? Get Mozilla and setup mozilla mail. Problem solved.
I'll spell it anyway I want, asswhole.
-russ
p.s. the guy down the block put up a sign condemning someone who had stolen lights off his plow, and yes, he spelled it "asswhole".
Don't piss off The Angry Economist
A a commented before (by kindly reposted anyway...)
:)
Googgling Andy and sco I found this juicy tidbit
"SCO understands that for any operating system to be commercially viable, especially Linux, it needs a well-defined roadmap from a trusted supplier, who is committed to and capable of supporting it," said Andy Nagle, director of SCO Linux products.
The question is, is this saying "sorry Andy" or "this is Andy and I'm sorry" (Either way it's a quote worth framing.
Again, were I big on tinfoil...
Most of the copies I'm getting now are to invalid addresses at my domain. Made up firstnames @mydomain.com. I originally thought that the virus was making these names up, but then today it dawned on me. A few weeks ago I started getting undeliverable messages to those same made-up addresses. Some spammer(s) is using my domain with random names as a from address in their spams. Now either there are a lot of people with infected machines who have copies of spam with those bogus from addresses that the virus is harvesting, or the same spammer(s) that is using my domain is mass mailing copies of the virus to keep it spreading. So many of these bogus addresses are out there now that all the common firstnames@mydomain.com are pretty much ruined.
666-607: 6th floor apartment of the beast
1. The writer put a message into the virus.
2. (s)he must be curious about what people think of his/her message.
3. (s)he might be a reader of slashdot...
So if you find him/her among the readers of this topic please send me some of those bucks.
You know my address:-)
The evolution wouldn't need to happen within the same machine. Each copy of the virus could send out bunches of slightly altered versions. The ones that succeed could do the same, etc.
The tricky part would be deciding what parts of the code might get a change, and how to make changes that wouldn't be immediately fatal. (See genetic programming.)
Once the thing got started, it might do nearly anything. Say your original version sent out 50% exact copies and 50% with a single bit alteration in a random location. (This is to keep the thing small.) That has the potential to swamp any virus detection method. If enough changed variants are successfully propagating. But that is, of course, a big if.
But do notice that this thing isn't of value to anyone except someone who just wants to disable the net. You can't immunize against it in any permanent way, because it will evolve away. And it changes rapidly (perhaps too rapidly, but the mutations should fix that).
The problem is, most of the mutations will be highly defective. It's only the survivors that will cause problems. Well, that's what you expect from a system based on evolution.
I think we've pushed this "anyone can grow up to be president" thing too far.
...for a guy working at SCO called Andy.
On a long enough timeline, the survival rate for everyone drops to zero.
It should be obvious that Andy is one of the people employed by the virus scanning cartels to write new viruses, which said companies use to fuel product sales.
(thick & chunky tin foil included)
Your brain is not a computer.
Think about it - you're a developer working for "the man". SCO execs have already demonstrated that they don't know jack shit about source code, so their ability to review the mydoom virus is limited (thought, they'll definately claim it contains System V code they think they purchased). Anyway, you're slaving away one day when a sucker in a three piece comes in, closes the door, and says "write a virus that attacks our own web site, or you're fired". How would YOU CYA?
Well, from the Anconym finder, ANDY may stand for:
"ANDY [=] US Popular Abbreviation for Andrews AFB"
So, nothing too exciting. Feel free to read conspiracy into it though! You might consider a party who lost the bid for Andrew's new RS Information Systems? Just search Google News for Andrews Air Force Base
I know when I was out of work for a while if somebody offered me a bucket of money to write something like this, I would have at least thought about it, If I had a family to support, I probably would have done it. Things like this will probably happen more and more with beter and better programers as the IT jobs keep going over seas, sooner or later the hammer will fall andf the public will be saying WTF? Why didn't somebody stop this form happening.
It isn't an EXE file, its a an SCR file inside a ZIP, and comes with the comment "The message contains Unicode characters and has been sent as an attachment". Most of the copies I've received have been from Koreans, who are more used to running into encoding issues than elitist Americans, and therefore more easily tricked by such a scam.
I've got a cure for that.. I just released a mutating TCP/IP stack to prevent the virus from sprea
About one out of five copies of mydoom that I have recieved has not been directly from an infected computer. Rather, the 20% of copies have come from NAV email gateways that provide a FULL COPY of the worm with a request to clean "my" attachment. Most other anti-virus gateways have just emailed me a warning without the attachment.
But Symantec's own online virus database states that Mydoom uses a spoof'd from address. So why would their product assist with knowingly spreading the virus to spoof'd addresses that have not solicated any such "warning"?! I think the answer is simple and the conflict on interest is clear. If a novice checks the attachment that Symantec claim "they" sent then the novice will become infected and also assist in spreading the mass-mailing worm. More mass-mailing worm infections, more pressure on companies to buy anti-virus mail gateways... like the product that Symantec makes!
Despite how common it is for their product to do redistribution to spoof'd from addresses, Symantec has not issued any statement that they consider this a bug or any ETA for a patch such that @MM worms will not be redistributed by their own products. Has anyone considered that this act on the part of Symantec might be actionable in the form a class-action lawsuit?
The best excuse for this behavior I have heard is that if you have your own anti-virus mail gateway then NAV's method "will not effect you." This only addresses the damanges due to infection. It complettely ignores the bandwidth and performance issues that comes with redistribution a worm to an email address that is already known to have not solicated such a responce since it was knowning spoofed. Why should everyone else pay for Symantec's conflict of interest? Shouldn't Symantec be responsible for the damange in the form of charges in bandwidth and performance?
Dude! This is clearly the work of Andy Serkis (aka Gollum) Nasty SCO, spoiling nice free software.... we hates them we does! They tries to take Linux for themselves!
"Personally, I'd rather be unemployed than be paid by someone with the ethics to deliberately release software like this."
Unemployed, maybe, but would you rather be hung upside down from a tree by your scrotum?
Thats what you get when you say 'no' to the right (wrong) people, dude. Where have you been living?
In the free world the media isn't government run; the government is media run.
You could limit the evolution of such things, even if just by natural selection.
An example of this would be in human evolution, because anyone with a serious enough genetic change to break breading-compatibility wouldn't be able to mate. That's why all humans, throughout this entire planet, are genetically compatible.
You can do a similar thing through evolving software. So long as it uses one language, vbscript for example, it is extremely unlikely, if not impossible, for the virus to evolve into another language. Stick to an operating system that doesn't support it, and you don't have to worry about infection.
That being said, immunization is as simple as targeting the general structure or the evolution code. The virus will evolve in similar ways, so you can track and elminate any evolution that is similar to a previous verison but no longer tracked by the previous immunization.
You can't judge a book by the way it wears its hair.
acute observation/interpretation. 2 paragraphs of e-paper wasted.
will be reading poirot tonite - guy just piqued my interest again in deductions.
Why don't we hear more about the backdoor features, couldn't these systems with open backdoors be remotely patched to remove the virus, or do the backdoors have keys?
Would anyone communicating to the backdoor be suspected of being the author?
Back to Andy... the mysterious andy...
I know a couple of andy's. Should I be suspicious of all of them?
By the way, antivirus update was late for MyDoom too by about 30 minutes.
There are NO legitimate reasons to allow executables, neither in attachments nor in archive files. Qmail-scanner and Nelson's patch do the trick.
Just doing my job, eh? Is there anyone named Andy working at sco?
boycott slashdot February 10th - 17th check out: altSlashdot.org
1. SCO has customers???
2. Security by obscurity..? Nice one, SCO, that'll save you (for a few minutes)...
Important info:
http://www.lifeaftertheoilcrash.net
http://dieoff.org/synopsis.htm
http://www.peakoil.net
Giskard Reventlov
Has anybody here read Tad Williams' Otherland series? Mr. Sellars wrote some viri that interacted with each other and eventually leaked out into the net, where they "evolved" into some pretty complex thing-a-ma-bobs.
That's a pretty lame synopsis, but it's been a number of years since I've read the series. It was pretty excellent though, I remember that quite clearly!
Every hour wounds. The last one kills.
There was a slashdot story about a year ago about a company that wouldn't hire anyone unless they agreed to unethical hypotheticals in the interview. The main example talked about was being able to push a button that would make you some money, but would also kill a third world peasant.
And to add to the above. Don't forget there's a LOT of technical talent out of work due to outsourcing (possibly with grudges). Flashback is a slow fire that suddenly hits an oxygen source and literaly explodes. Payback's gonna be a bitch.
Yes. It's called small talk and most civilized cultures avoid this particular aspect of it unless the person actually wants to know how you are doing.
Marxist evolution is just N generations away!
Since you're not the original erroneous poster, you're obviously just a troll. Fuck off.
I find it kind of odd that it took them this long to find this comment written by the author of the virus... When you're looking through a binary executable file it's pretty easy to spot plain text in there.
Maybe they're just really slow to report this but it just seems odd to me...
Considering the "feds" are so intent on catching whoever did this, and considering they'd obviously have copies of the virus, it should have taken about 5 minutes maximum to find this text.
"Strip all attachments. No one really needs them."
Of course, its so simple! After all, its not like anyone uses email to transfer documents that they use in the course of business. Plus, Excel spreadsheets spend so much less time calculating when they're reduced to ASCII. Who needs to send & receive JPEGs, since its well known that graphic artists NEVER use computers, and nobody ever wants to send granny a few happy snaps. PDFs: who needs strict page layout, when its so much easier and convenient to juggle form blanks in plain text?
No, we should be considering reverting to the levels of service and productivity we had in the 1980's, as you suggest. No desire for user convenience should ever impair the right of a sysadmin to make daft policies.
"The platform as such won't stop stupidity."
Of course not, because Dumb Users Beth, Bob and Biff will always be technically savvy enough to convert that skript or recompile the binary to operate in *NIX or OS X, or some other OS that doesn't grant low-level access to the email client.
A poor workman blames his tools; conversely, a bad toolmaker blames his users. Neither one gets things fixed.
Well actually.. a computer program (virus) is just a series of logical components that act in a manner which is usually constructive.
It is possible to set up systems using genetic programming which evolve solutions (mini-programs). So..
Programs CAN evolve.
Cheers,
Fonz
The virus' name is "Andy." The virus is apologizing for doing its job. Think about it.
This 1ee7 hax0r (script kiddie) has provided a glimpse inside his feeble mind. He's proud of his creation, enough to name it and give it an emotional context. He's feeling invincible.
He needs a frikkin' girlfriend.
*** *** You're just jealous 'cause the voices talk to me... ***
the story of how its author signed it "andy"
Signed what?
Have you read my journal today?
This isn't one of them. It's basically the same worm we had a couple of years ago, requiring gullible humans to click on the attachment. Moore's law means that PCs are faster, disk drives on corporate Exchange servers are bigger, and lots more people have broadband connections at home, plus offices often have faster Internet pipes than a couple of years ago, and apparently the humans using Microsoft email products are twice as gullible as ever before, so this worm has been faster than it has any business being. Sigh.
Perhaps the gullibility really is in Warhol's territory. I am sending you this posting in order to have your advice. Click here for a Good Time
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks