Slashdot Mirror
Author signs MyDoom virus
Mikoca writes "Information Week carries the story of how its author signed it "andy" and left the message "I'm just doing my job, nothing personal, sorry." Thanks, Andy!"
← Back to Stories (view on slashdot.org)
← Back to Stories (view on slashdot.org)
The MyDoom variant that joined the original virus in wreaking havoc on the Internet last week contains a cryptic message in which the author appears to apologize for the malicious code, security experts say.
The creator of what anti-virus experts say is the fastest spreading virus ever on the Internet signed MyDoom and MyDoom.B with "andy," and left the following message in the latter version: "I'm just doing my job, nothing personal, sorry."
"Our interpretation is that he's apologizing to the general public," Jimmy Kuo, research fellow at anti-virus software maker Network Associates Technology Inc., said Friday. "Our guess is that someone is paying him to write this thing."
Both MyDoom versions install a "back door" in infected PCs, enabling hackers to commandeer the machines to send spam, launch denial of service attacks, or perform other nefarious acts.
Some experts, however, doubted the sincerity of the apology. Many virus writers leave cryptic messages in their code to tease investigating authorities and to pat themselves on the back for their handiwork.
"If he's really sorry, then why did he release it," said Michele Morelock, technical support leader at anti-virus software maker Sophos Inc. "I would imagine it's much more tongue-in-cheek than saying I'm really sorry for releasing it."
The MyDoom virus launched a denial-of-service attack early Sunday that crippled SCO Group's Web site with hundreds of thousands of requests, an SCO spokesman said. The attack is programmed to continue on the company's Web site until Feb. 12, according to messages left inside the virus' code.
But the spokesman said SCO will unveil a contingency plan Monday for customers to access the site. He declined to discuss those plans, citing hackers.
MyDoom.B also prevents infected computers from accessing the Web sites of Microsoft and many anti-virus software makers, making it difficult for the owner of an infected machine to get help.
Microsoft and SCO have each offered a reward of $250,000 for the arrest and conviction of the MyDoom author. Both companies are also assisting in investigations by the FBI, the U.S. Secret Service and Interpol, an international police organization.
Postini Inc., a security company that cleanses E-mail before it reaches corporate networks, said Friday it had intercepted more than 12.5 million copies of MyDoom and its variant since the original virus was launched last Monday. In the first 24 hours of the attack, Postini intercepted 3.5 million copies of the virus. On Friday, the company reported an infection rate of 1 in 24 E-mails.
Based on its own customer submissions, security vendor Symantec Corp. said MyDoom was spreading on Friday at a rate of 30% to 40% less than its peak earlier in the week. MyDoom.B wasn't even on the company's list of top 5 viruses.
Nevertheless, Symantec expects the viruses to continue be a threat for months. "These viruses tend to stick around for months and months," said Alfred Huger, Symantec's senior director of engineering. "The Internet is a very big place."
My mother never saw the irony in calling me a son-of-a-bitch.
since i couldn't rtfa, i went looking for the google cache. cache
When I tell an object to delete this, am I killing it or telling it to kill me?
I subscribe to an email list from www.insecure.org, as I'm sure several of us /.'ers do. Anyway, recently there was an article that summarized that according to the FBI, quite a lot of viruses, worms, and spam can supposedly be traced to organized crime.
Apparently Eastern Europe seems to be a hub for this activity, according to that report.
Yes, this is a good read. The flames have started already of course from folks who didn't read the actual piece merely the headline. The author is a SysAdmin who argues that the Linux community needs to distance itself vocally from the MyDoom perpetrator.
"Andy; I'm just doing my job, nothing personal, sorry."
My^H^HThe Authors Name is not "Andy", he just says "Sorry" to him :)
Even though its an AC post, MOD parent up....and it may be that "Andy" is the author of the A variant("andy" was found in version A exe), and the author of the B variant(where this sorry message was found) is just apologizing to the original author for whatever reason.
And maybe the new author is named Barney, cuz, like, it reminds me of Barney Fife saying sorry to Andy Griffith or something, or we could guess all day long with no real basis for any of it. Wheeee!
Sehr geehrter Toilettenbenutzer!
Is http://www.informationweek.com/article/getArticle. jhtml?articleID=17601394
Which, it turn, could also be a refernce to this.
It's not just executables. I know a user whose email server blocks all executable attachments. But you see, they received a zip file. Try this scenario:
Oh, an email from... me? I didn't send myself an email. I think I'll open it. What's this? A zip file? I don't recognize it. Hmm, I think I'll open it. Aha! There's a program here that I've never seen before. I wonder why I zipped it up and emailed it to myself. I guess I better run it...
Yes, in case you were wondering, this *actually* happened. I don't think MS could do anything to protect users such as this. I suppose they *could* run Knoppix or something, at least until more Linux viruses are floating around.
jred
I'm not a mechanic but I play one in my garage...
Someone wrote the Doom2 virus, and someone else wrote the MyDoom.A virus. Someone else entirely modified the MyDoom.A virus to create the MyDoom.B virus. There is no way to "find algorithems to track this evolution" because it does not exist.
Username taken, please choose another one.
If someone decided to get serious and release a worm with a (dare I say) "terrorist" payload. They could, literaly bring my comapny to its knees in a matter of seconds.
... and that is when you go in and route out the head honcho. On the other side of the coin, it would give a definite battlefield advantage to either feed your enemy misinformation or to allow no information to get through their comm networks.
... we (the US) do have mechanisms in place now for this ... and since the market sucks so bad, it's only a matter of time before the majority of us are wooed by some good offers by Uncle Sam (to say nothing of the Cybercorps scholarships - which I didn't take because of the time limit imposed; I'm also in a PhD program here).
Anyway, one of these days we are going to get hit with a "real" worm with the intent to do severe damage to corporate infrastructure. The long-lasting impact will be far beyond just the initial damage. How do we prepare?
We prepare via cybersquads and training of anti-terrorist folks via Information Assurance degrees. I remember seeing IA offered at 6 centers of excellence via a Slashdot story about 18 months ago (I think). And now, I'm at one of these centers (Iowa State University), doing a Master's in Information Assurance. I think that it is VITAL that we start to take a good, solid, strong look at computer/network security, as reports from a couple years back indicated that everyone else has cybersquads of terrorists ready to go. Me, I think that this will be our next battlefield. Seriously. Especially for countries that want to comply with Rules of Engagement; imagine - you nuke their computer systems, bring infrastructure to its knees, get civilians to clear out
But
For those not near a school offering a degree program, you can also get training and certs from GIAC:
www.giac.org
I've got a GSEC myself. If anyones wondering, most companies are not looking for this, but having this and explaining what it means during phone interviews got me into interviews I would not have gotten without it.
No, I'm not unemployed right now. HINT.