Slashdot Mirror

← Back to Stories (view on slashdot.org)

Author signs MyDoom virus

Posted by CmdrTaco on from the now-thats-just-stupid dept.

Mikoca writes "Information Week carries the story of how its author signed it "andy" and left the message "I'm just doing my job, nothing personal, sorry." Thanks, Andy!"

18 of 629 comments (clear)

  1. sorry for what by mr_tommy · · Score: 5, Insightful

    This guy isn't sorry. Sticking in things like this merely give the virus more media attention, and diverts attention from the real issue here : insecurity, and user failure to patch up.

    1. Re:sorry for what by leifm · · Score: 5, Insightful

      What exploit does MyDoom take advantage of, other than user stupidity?

      --

      "Windows Me offers tremendous reliability and stability improvements..." -- Paul Thurott
    2. Re:sorry for what by jarran · · Score: 2, Insightful

      The "exploit" is the feature of dumb Microsoft mail clients which makes it so easy to execute random programs which arrive by e-mail.

      Why not just remove this feature? How many people would really be inconvenienced if it was impossible to execute a program that arrived by e-mail?

      It's possible that many users would still be stupid enough to save executables and run then anyway. In which case, the executables should be tagged as "Insecure" when they arrive by e-mail. If users then save them and try to run them, a big scary looking warning box should pop up, suggesting that the user probably doesn't really want to run the program.

      This wouldn't eliminate the problem. You can never totally prevent users being stupid. But if users have to think for longer than it takes to double click on an icon, the damage caused by these virus would be geratly reduced.

      (DISCLAIMER: I haven't actually used Outlook for years, so maybe it does something like this already, in which case I withdraw this comment and admit I'm wrong. :) )

    3. Re:sorry for what by sweatyboatman · · Score: 4, Insightful

      MyDOOM takes advantage of the user's ability to run executables directly from his/her email client.

      why would you ever want to do this? i can't even think of the last time I got an executable attachment that wasn't a virus.

      all email programs should disable the feature that allows you to double click on an icon and launch a virus. because:
      A) no one needs a "feature" like this. Save to Disk and then run if neccesary.
      B) icons are designed to be clicked. as desktop users, we're trained to click on things. it's how we interact with our computer.
      C) a warning dialog after the double-click is useless. The person has already decided to run the program, to them it just seems like annoying interference from their stupid computer.

      --
      It breaks my pluginses, my precious!
  2. Worse than spam by ericwb · · Score: 2, Insightful

    Thanks, Andy for 30 messages per day of ~30 ko, not to mention all the "transaction failed" pseudo-return messages and what not. Waste of time, energy and bandwidth.

  3. News need a story by glassesmonkey · · Score: 3, Insightful

    I'm convinced the whole DDoS SCO/microsoft really is just a cover story so the media can tie a simplified little bow around the story. If a worm infected this many computers and didn't have an "objective" (aside from backdoor into your Windows machine for future usage and/or email harvesting and/or spam relaying) the news story would be too complex and there might even be a story about spammers or even the lack of action by Microsoft.

    The real story is that these worms and viruses have become big business and the only people who profit from them are software vendors selling anti-virus, Microsoft through services, and spammers.

  4. Yeah, whatever, 'Andy'... by octaene · · Score: 1, Insightful

    I can't believe that the news organizations are reporting this as if it is the gospel truth. Because I'm sure that the virus author is gonna put in his real name...

  5. Re:Real Player by Anonymous Coward · · Score: 1, Insightful

    That and the apology in Quicktime for Windows that keeps asking to upgrade to Pro. If I didn't want it the first 50 times I clicked "Later" then I surely don't want it now. Wouldn't it be nice if they had an option that said I will never send another penny to Apple after my 5300C.

  6. Just for statement clarification... by PoisonousPhat · · Score: 2, Insightful
    Mikoca writes "Information Week carries the story of how it's author signed it "andy" and left the message "I'm just doing my job, nothing personal, sorry." Thanks, Andy!"
    Is this saying that Mikoca is thanking Andy for inserting his name into the code, or thanking Andy for writing the virus? I'm under the assumption that it is the former, but just to be sure... I'd hate to see, of all links submitted regarding this news item (and I'm sure there were quite a few), that this one was approved by the Slashdot staff for its double meaning. I have no love for SCO and IANAL, but PLEASE be careful how you word things, everyone.
    --
    Losers choose to abuse the use of "loose".
  7. Re:Don't blame Andy! by Captain+Tripps · · Score: 4, Insightful

    Why do people have to be so elitist about this? These viruses exploit people's false expectations of security when launching email attachments, so the proper solution is make things work like people expect. When a user opens an executable attachment (and this includes things like Word docs with macros) it should run with restricted priviledges. If it wants to touch systems files, or spawn background processes, or edit the registry to run itself at startup, the user must okay it. This is ought happen rarely enough that users will take it seriously, rather than the current policies, which are so restrictive they just get disabled.

  8. Re:It's pretty clear what kind of person this is by sglane81 · · Score: 2, Insightful

    I doubt he wrote this for profit. He might be part of a government organization or his family may be held hostage until the virus is delivered. Believe it or not, this does happen. Software developers are the new mercenaries in this day and age and are hired more often than you would think by criminal and government organizations.

    --
    This is the Internet. You can say "fuck" here. - AC
  9. Re:HEY! Doom's ancestry? by Anonymous Coward · · Score: 2, Insightful

    It's not so much evolving as recycling. See where all that reusable stuff get's us?

  10. safe exec by jrexilius · · Score: 2, Insightful

    all the discussions around email and attachments has got me wondering. Do any mail clients have a VM environment in which to handle attachments?

    I am thinking that Ximian could have capability to create a temprorary sandboxed wine VM to deal with attachements. I am sure someone could do the same for that legacy OS that stupid people run. Every time you double click on an attachment, or actually even open email it is doing it in a sandboxed VM or something along thos lines...

  11. DOING HIS JOB???!!! by swordgeek · · Score: 4, Insightful

    Doesn't anyone see the writing on the wall yet?

    Viruses are turning computers into spam relays. Other viruses are DoSing various anti-spam blackholes. Yeah, this one happened to hit SCO and Microsoft, but the payload is easily changed, now that the virus framework is out there.

    Viruses are being PROFESSIONALLY written to HELP SPAMMERS! Go read some recent comments from Symmantec folks, and you'll see the same conclusion: Spam and viruses are being funded and run by organised crime.

    Will Microsoft stop them? Nope! The US government? Not a chance. AOL? Laughable.

    I quite believe that the author (whether Andy or not) was doing exactly what he said--his job, that he was no doubt being paid very well for.

    --

    "People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
  12. Re:HEY! Doom's ancestry? by timjdot · · Score: 2, Insightful

    The interview transcipt at http://www.cnn.com/TRANSCRIPTS/0107/28/cnncom.00.h tml mentions variants. I suppose an "official" taxonomy does not use the name "MyDoom" and the names are referring to something found in the virus? The bad thing about viruses is we see quotes like "cntained the name Andy" but never see the source. Analysis without analyzing the primary source is always, at best, suspect. Could have been some bit vector or shifted struct for all we know.
    Symantec as of June 02 still was suggesting a taxonomy: http://www.scmagazine.com/scmagazine/sc-online/200 2/article/29/article.html. And current papers are using similarity rather than possible revisions/evolution: http://portal.acm.org/citation.cfm?id=948190&dl=AC M&coll=portal.

    My point was the comparison algorithm is similar to the new image search algorithms. How to find all images of a ball? That's not easy. Likewise for viruses. Some similarity assessment with known viruses could lead to faster detection. Surely the virus writers are re-using each other's work?

    Of course, one day someone will marry file formats and evolutionary algorithms to make an evolving virus. Then the taxonomy may not even be appropriate. Obviously they are not evolving as the rate of evolution has to be matched to the host reproduction so one would surely expect a "killer" virus. Interestingly, the current viruses that dominate, Doom2, soBig etc. do not destroy the OS and, in this respect, clearly mimic the successful viruses of nature. BTW, life form viruses are also not classified by evolution as only in the last few years has the computer power begun to be significant enough to allow this analysis. Of course the assumption is the same as with computer viruses that similar structure implies similar evolution.

    Tim
    P.S> I ran a virus scan on my computer and apparently had lots. I cleaned them all but still get pop-ups unrelated to the web page when I use IE! Just don't remember how to track down those ActiveX controls so I use myIE2. I can turn off all ActiveX controls in IE but it gives me no way to select certain ones.

    --
    Expect Freedom.
  13. Re:Andy... sure! by dustmite · · Score: 2, Insightful

    FBI reports have in the past tended to sometimes be ridiculously loaded with over-exaggerations for purposes of lobbying the US government to increase (a) their funding and (b) their powers. Recall, even some years before the US invaded Iraq, reports of the Iraqi government (and there were reports of the Cuban government too) having a vast network of computers and computer hackers dedicated to creating major hacking threats to the US's 'IT infrastructure'. Dubious links to "national security risks". E.g. see http://www.landfield.com/isn/mail-archive/2003/Jan /0094.html. More similar propaganda about China: http://www.mail-archive.com/marxism@lists.panix.co m/msg21238.html.

    Although there is often some mild hacking activity from countries like this, the FBI sometimes WILDLY distorts the facts, and obviously it is in their interest to do so, since the result is the Senate assigning them ever greater funding and greater powers.

  14. Your scrotum will pay for your refusal... by myowntrueself · · Score: 3, Insightful

    "Personally, I'd rather be unemployed than be paid by someone with the ethics to deliberately release software like this."

    Unemployed, maybe, but would you rather be hung upside down from a tree by your scrotum?

    Thats what you get when you say 'no' to the right (wrong) people, dude. Where have you been living?

    --
    In the free world the media isn't government run; the government is media run.
  15. Re:well.. by LunarOne · · Score: 2, Insightful
    I work for a company and dont always have the choice to release or not. his boss just ordered him.

    That's what many Nazis used as a defense. It didn't work then, and it doesn't work now.

    Okay, that's a little harsh. Still, we all have a choice when faced with ethical decisions, it just comes down to whether or not we have the guts to make the right choice.

    --

    Read my sig if you like, but I'll never see yours, thanks to Discussions, Viewing, Disable sigs...