Slashdot Mirror
BBC Links Linux To MyDoom
minus_273 writes "It seems the BBC has a story on their front page titled 'Linux cyber-battle turns nasty', very specifically linking Linux users to the MyDoom virus. Some lines to note: 'If anyone's anger has no measure, it is the wrath of internet zealots who believe that code should be free to all (open source). So, it seems likely that the perpetrators of the MyDoom virus and its variants are internet vandals with a specific grudge.'"
It has attacked a company based in Utah called SCO, bringing down its website with a barrage of emails sent from countless computers into which the worm had been insinuated, unbeknownst to the users.
It was HTTP GET requests. Problem is most PHB listen to people like him but they can't even get the freaking details right on small shit like that. Yes they were probably hit bad with MyDoom email viruses but so my 6 user server. HTTP GET DDOS was targeted at them but that has been zero proof of a Linux Zealot targeting them. Let me know when you get evidence not just some speculation.
So, the BBC aren't actually saying that Linux users are behind it. They're saying that it is a theory that many people give weight to!
http://news.bbc.co.uk/1/hi/help/3281777.stm
The bbc accepts feedback on stories. It is worth letting them know that there is no evidence to suggest the involvement of members of the linux community, they may be involved or they may be a handy group to frame. If this wasn't 'scary computers viruses' the media would be be more sceptical of the obvious conclusion.
0daymeme.com: Great stuff.
I'm going to get flamed for this for sure, but if you think this had nothing to do with Linux users, you're an idiot.
Just my opinion, of course...
TheHustler
http://www.elmarko.org/ - Useless bilge
http://www.asylum-games.co.uk/ - Co-Founder
/. is not a news site. We are not journalists. We are not paid to give an informative unbaised opinion. The BBC however are,we (brits) pay them to give us the facts, the truth.
The Hutton report was complete whitewash. (Note: Hutton is a *Labour* peer, appointed by guess who? Yep, Tony Blair.
The only thing the BBC did wrong was not take their lawyer's advice that his report was legally flawed and wide-open to judicial review.
Bad analogies are like waxing a monkey with a rainbow.
In the case of spammers (as the easiest example to use) it's when a spammer sets the From: address to be from an anti-spammer, or just someone they don't like, so they get all the bounces and complaints.
It can also be where the spammer sends out spam for another web site, which was unrequested - giving that site a bad image.
Then you'd be wrong. Take a look at the code sometime, it is definately original.
I used yours as a model and wrote my own additions, corrections, and so forth around yours because I liked yours very much. :)
Here's mine:
Thanks!
Like what I said? You might like my music
My Feedback to the Beeb
"It's just that the reasoning isn't easy for most of the rest of us to understand."
Apart from the stray apostrophe, this paragraph betrays a complete lack of knowledge about the underlying technology of viruses, such as the desire to open email relays and collect passwords through the use of keyloggers.
"If anyones anger has no measure, it is the wrath of internet zealots who believe that code should be free to all (open source)."
Again, 'open source' is about having the source code available to compile, modify and/or extend rather than it being 'free', although this has been the aim of the FOSS rather than promoting insecure, closed source operating systems.
"So, it seems likely that the perpetrators of the MyDoom virus and its variants are internet vandals with a specific grudge."
They are Russian spammers trying to create a number of spam relays. The other payload, and the B-variant payload that produce a 'http get DDOS' (Essentially the same as hitting 'refresh' on the browser over and over) were a blind, and something particularly easy to circumvent using DNS. Microsoft lost no service. SCO lost service three days _BEFORE_ the trigger date that looks highly suspicious. www.groklaw.net has more information.
"SCO is the big, bad company that violates one of their sacred principles, as they would see it."
I wouldn't speak for the community unless you speak to the community and sort out some of these really silly ideas. SCO is suing IBM; the Linux question is thrown out to journalists to strengthen their position, which is currently one of not showing any evidence. IBM is also a big bad company, along with Novell (Go look up their net worth, please) that have so far failed to engage in a slanderous low-level warfare that saw SCO fined by a German court. Please, go look at the evidence for SCOs case before actually pointing a finger at that being the basis for a worm outbreak on the _WINDOWS_ platform.
"Despite the law-suits against users by SCO"
There are no lawsuits. Everyone has been waiting for the lawsuits because they would be fraudulent without a ruling from the courts.
"It represents a new degree of viciousness in internet warfare: a wickedly ingenious programme persuades thousands of computers to bombard a single website on a particular date."
Only if you'd not seen anything on the subject for the last ten years. DDOS is fairly old. However, logging all the keystrokes on the target machine is relatively new, and ignored by the press that prefer the idea of a new war to cover.
"It's hard to see how any website could withstand that kind of clever evil."
Change your DNS entries from the targeted IP address to a new IP address, and shift it sideways. It's extremely easy, and was undertaken by SCO (although fluffed slightly) according to the reports which you can see on Netcraft. You might want to have a word with them, because I'm fairly sure that they would put this into perspective for you.
Quite frankly I'm dismayed that Stephen Evans appears to have been pulled from childrens TV to cover this, and as North American Business Desk, I would have thought that he'd be following the SCO story rather than sensationalising a virus outbreak.
"It is about malice not money."
Actually it's about money. If Evans had been reading anything recently on technology, he might have noticed recently that gangs are targetting vulnerable businesses with threats to expose or destroy their data. You need access for this. Keylogging is the fastest way to do it, and having some open email relays is a mild bonus as your spam (rapidly becoming illegal) can be sent with any traceback ending with some poor dufus who thinks that anti-virus software is something you install once.
I couldn't be civil all the way through.
Oddly Draconis
Too cynical to live, too stubborn to die.
newsonline.complaints@bbc.co.uk
The SCO website was taken down by SCO before the attack (see all the posts about DNS changes).
And later ...
Which is it, Mr. Evans?
The sum is three billion dollars Stephen.
You might be interested in another UK news outlet's take on the story, here.
The BBC, although trusted and mostly accurate, is becoming more and more tabloidy. Just look at how many of their main stories are 'in quotes like this'; a sure sign they are reporting second hand news, press releases and suppositions.
The Guardian has always offered a fairly good view of issues, and I would happily recommend it to those in the US who are keen for an outsider's view of the US.
The Slashdot Paradox: "100% Overrated"
I sent some feedback on the original article, and pointed out the serious errors in the story, as well as the fact that they mentioned a "computer programme[sic]"; even here in England we say "program".
I also mentioned that their description of SCO receiving millions of emails bringing down their website was incorrect.
I just checked their site again, and both of those errors have been corrected. Sadly, the factual errors remain.
Except that the PCC is for newspapers and magazines and doesn't cover the BBC.
"You know you want me baby!" - Crow T Robot
That fact seems to have escaped a lot of the posters so far.
Sure, it was riddled with inconsistancies and I'm by no means excusing the author but don't criticise the beeb, criticise the author of this piece of editorial.
I would like to make a rather strong complaint regarding Stephen Evans's article "Linux cyber battle turns nasty", as featured as a front-page article on the 5th of Feburary.
/ 28worm.html
This article is presented as a factual piece, not an opinion column, and draws patently incorrect conclusions. Whilst the MyDoom virus does indeed target SCO and (in it's -B varient) Microsoft, the main payload of this virus is a spam gateway.
As someone whos main source of income deeply involves computer security, I find it insulting that Mr. Evans has apparantly made no attempt to research the history of these forms of virii, nor has he apparantly contacted any reputable anti-virus company regarding it. Meanwhile he postulates claims such as "it [revenge] must be one of the theories at the top of any investigator's list", and "in the case of the MyDoom computer worm, the motivation seems clearer". I find it very bad reporting that these claims are made WITHOUT actually asking any of the investigators opinion of the virus. It is a widely expressed opinion (see 'references' at the end of this message) by these security professionals that the Denial of Service attack is the SECONDARY function of the virus, and not at all related to it's true purpose. A simple search on Google, let alone contacting even local London-based security firms such as mi2g, would easily prove how factually incorrect this article is. In fact, to be harsh, it is a downright lie against common knowledge and opinion.
It is current common understanding in the anti-virus community that this virus is indeed designed specifically to facilitate commercial spammers, and that the inbuilt Denial of Service attack against SCO and Microsoft are a secondary effect and not intended as part of the original design.
Current monitoring of activity through infected machines indicate that the spamming functionality appears to be used by a very organised group of individuals, indicating the virus was possibly contract-coded. Current belief holds that the Denial of Service payload was added by said contracted coder.
As such, I do not belief it fair, nor good reporting, to use a proproted factual article to attribute the secondary (and in my opinion far easily avoidable!) of the virus as it's "purpose". The secondary effects may indeed by the result of a Linux user seeking revenge, but is currently understood to be more of a diversion from the viruses demonstratable true intent. There is a long tradition of this type of 'smoke screen' in many viruses intended for commercial benefit, as Mr. Evans would no doubt have discovered if he had researched the article more instead of using it as a pure propeganda platform and drawing unconfirmed conclusions.
I request that the article either be re-labeled as an OPINION piece, removed, or an more factually correct article be posted.
References:
These other news sites, containing articles by researchers willing to do actual research, contain quotes from reputable security and virus research firms confirming the opinion above:
http://thewhir.com/marketwatch/myd012704.cfm
- Contains opinion by London-based firm mi2g
http://www.msnbc.msn.com/id/4113278/
- Contains quotes from researchers at well-known antivirus developer F-Secure and Symantec
http://www.ajc.com/business/content/business/0104
- Contains quotes from various other computer security researchers
I'm not surprised to read that this piece was written by Stephen Evans, the BBC's North America correspondent. Evans has been for some time a shill on behalf of big business - anyone in Britain who has had to endure his relentlessly pro-MPAA and RIAA pieces will be aware of this.
Take for example this piece where Mr Evans comments: "Many students seem to think, apparently, that the internet is a law free zone." Oh yeah?
I think this guy is talking through a hole in his head - he doesn't follow the Linux or Spam industries at all. He is not competent to make a statement.
Here are some links to his other stories....
Here
They are mainly about Globalisation, and misconceptions about it... sort of funny really given his own mistaken view of who might have carried out the MyDoom attacks and why.
However the same guy won an award for writing about 911...
Reporting on 911
But Evans is not an expert on the motivation of Linux programmers. I'm no conspiracy freak - and don't quite buy the idea that SCO brought it on themselves. However - it is more likely the work of spammers wishing to deflect attention from themselves. The fact that Mr Evans doesn't quite understand the link between spam, worms and virii means that his comments should be ignorred.
The only trouble is that similarly ignorant people will not. I think the focus of our concern should be the wider misunderstanding in the media.
We so often make it difficult for the media to understand the issues. The media needs to be educated enough to be able to avoid such misinformation in the future.
Not an easy task...
Excellent....
s tm
There is also this 'Have Your Say Form' : -
http://news.bbc.co.uk/2/hi/talking_point/2804227.
Unfortunately, while not coming from the main stream OSS community, acts like the MyDoom virus or publishing Darl McBride's phone number on slashdot slander the OSS movement. It just looks bad. It's also not right.
Whatever you think of Darl McBride and SCO, they are proceeding down a *legal* path of action. Sure, it's irritating, and the claims are as unsettling as much as they appear patently false, but it is the standard form of dispute resolution that we have set up in this country.
Stepping outside of the standard approach to engage in personal, vicious, and sometimes illegal attacks is simply not right. It also leads to the whole OSS movement being tarred with a brush of hot-headedness.
The OSS movement should loudly disavow activities such as MyDoom and publishing McBride's home address. Slashdot moderators should mod down laughing comments about how inconvenienced Mr. McBride is. OSS notables should emphasize the positive nature of the community.
This is all happening to some extent, but needs to continue in a stepped up fashion without cease.
2) On the WEB, the top of the page, does not clearly state, "OPIONION" or "EDITORIAL" - but the author, Stephen Evans, is an editorial columnist.
Thus our complains will go to the bit-bucket, and those whom are mis-led to believe that Linux Zealots are responsible, will have no way of knowing the difference between a news story, and an editorial column.
Your story "Linux cyber-battle turns nasty", by Stephen Evans, has to be the most misinformed and misguided piece on the topic I have yet read, and I have unfortunately read a substantial volume.
Despite initial suspicions that the MyDoom worm might have been created to target SCO as revenge for their attacks on Linux, it is widely accepted among security analysts who have monitored the worm that (1) it originated in Russia, (2) its real motive is to plant a trojan key-capture program to steal user's personal information, and (3) the attacks on SCO and MS are a smokescreen.
I expect this kind of credulous gulping of SCO's press releases from CNN, but thought better of the BBC.
Trouble making decisions? Just flip for it.
Greetings,
I am writing in about Steven Evan's piece on the MyDoom virus reported on 2/5/2004. I find in reading this piece an uncharacteristically charlatanistic approach to journalism, as well as a genuine disregard for the facts. While Mr. Evan's piece reveals his opinions on the matter, he overlooks several key facts that I am sure you have already heard from other commentors such as myself, but including:
This virus runs on the Windows platforms. While this does not exclude Linux hardcore programmers, it goes a long way to debunking the idea that someone with such viral expertise on Windows is also a Linux guru.
This virus' DOS attack against SCO is, in my opinion and the opinion of many others, a smokescreen to hide the fact that this virus is primarily a SPAM gateway. This fact is completely ignored in Mr. Evans article, which begs the question of whether or not you require reporters to do any research whatsoever.
This article is presented as fact. Since there is precisely zero pieces of factual evidence mentioned in the article, I find it on par with the level of assertion put forth by holocaust deniers and area 51 pundits.
I get a very large portion of my news from the BBC, and I respect your institution immensely. This article reflects very poorly on your integrity as a news agency.
Just so it is known, I am not a Linux programmer, but a Windows programmer, so there is no unbridled rage at hearing Linux get beaten up. I really could care less. I do, however, take umbrage to the idea that the public should be subjected to baseless opinion pieces represented as the truth without any eveidence to back up the position.
Regards,
~A!
It's all about the game. There is nothing else. http://watchingthewatchers.org
~MadScie
While I've got no time for SCO or their shenanigans, the article isn't stating as a fact that the author was someone from the Linux community. Like the author of the article, however, I do feel it's the most likely explanation, certainly much more likely than the bizarre conspiracy theories I've heard in the last week. I think more harm is done to the community by coming out with incredible theories than by merely stating that whoever wrote the virus is to be condemned - Irrespective of their OS preferences.
If you follow the major news, you'd know that they are very fast loosing their reputation as a source of information and are becoming regarded as a source of opinion.
British media, in general, seems to have the worst intgerity of all "free" press.
Feel free to mod me as a Troll before reading my sources.Any guest worker system is indistinguishable from indentured servitude.
Dear Sir
Thanks for your e-mail.
I have noted the points you made - as well as the vigorous debate on Slashdot.org about this article.
Well, Stephen Evan's weekly "stateside" column is not a news story, but an analytical look at major events and business trends in the United States.
It is, of course, debatable whether MyDoom/Novarg/Shimgapi was written just to bring down the SCO website, or whether the installation of spamming tools on numerous computers was an additional - or even the main - motive.
That was not the point of Stephen's article.
In his piece he wanted to draw the attention of BBC News Online's audience - many of whom are unlikely to know the ins and outs of the Open Source debate - to the rapid spread of Linux as a commercial application, SCO's attempts to cash in on this fact, and the deep anger that SCO has caused within the Linux community through its legal actions.
Stephen is not the first to draw the link between MyDoom and SCO's actions over Linux - plenty of others have done that before, including virus experts.
Regards,
Tim Weber
Business Editor
BBC News Interactive - www.bbc.co.uk/businessnews
"It's free. It works. Doh."
That should be:
"It's free. It works. Duh!" -- Paul Nelson, Riverdale High School (Oregon)
The interjection makes a lot of difference to the meaning.
Of course, what it really shows is the abysmal ignorance of the author of this disgraceful article, of what his employer is actually doing, and probably ignorance also of what Linux, and open source in general, actually is. He will probably be confusing Tony B. Liar with a Socialist, or Dubya with an elected president, next.....
One dot is the current directory.
/. would be... the root directory.
Two dots is the parent directory.
/ is the root directory.
DOS actually has the exact same notation, except that each drive has its own root, and the slashes are backwards of course.
Yup, same thing here. While I'd love to have believed that my email to them was just so damn moving that it warranted a personal response from the business editor of the BBC, I can't say it is surprising. I'm sure they got many, many responses, and not just from those of the Slashdot crowd. I suppose it is a bit misleading, but it does say "Dear Sir" and so isn't very convincing as a personal reponse.
Dear Sir Thanks for your e-mail. I have noted the points you made - as well as the vigorous debate on Slashdot.org about this article. Well, Stephen Evan's weekly "stateside" column is not a news story, but an analytical look at major events and business trends in the United States. It is, of course, debatable whether MyDoom/Novarg/Shimgapi was written just to bring down the SCO website, or whether the installation of spamming tools on numerous computers was an additional - or even the main - motive. That was not the point of Stephen's article. In his piece he wanted to draw the attention of BBC News Online's audience - many of whom are unlikely to know the ins and outs of the Open Source debate - to the rapid spread of Linux as a commercial application, SCO's attempts to cash in on this fact, and the deep anger that SCO has caused within the Linux community through its legal actions. Stephen is not the first to draw the link between MyDoom and SCO's actions over Linux - plenty of others have done that before, including virus experts. Regards, Tim Weber Business Editor BBC News Interactive - www.bbc.co.uk/businessnews
Bad analogies are like waxing a monkey with a rainbow.
I did too and while my wording is not as articulated as some of the other posts (kudos to them), I found some more errors (basicly about the lawsuit).
So, here's mine :
The article written by Stephen Evans about MyDoom is factual incorrect.
Error 1) "run-of-the-mill geeks who wreak damage on the unsuspecting computer user"
If, Mr. Evans had any knowledge of the domain, he would know that today most viruses are NOT written by computer geeks, but by professional spammers that use the infected computers to send spam. Their motivation is money.
Error 2) "It has attacked a company based in Utah called SCO, bringing down its website with a barrage of data"
This is completly wrong. http://sco.com is alive and serving data. www.sco.com is not resolvable. That means, that SCO *themself* decided to take www.sco.com out of the DNS-System. SCO made their website invisible, granted, to avoid handling the bandwidth possibly generated by virus, but it was SCO who took their website off the net, NOT the virus.
By the way, nobody knows for sure if the virus really does make an attack against www.sco.com, some people suggested that the A-Variant only looks up www.sco.com to make sure that the infected computer is connected to the net, but now that SCO made their site invisible, we will never now.
The B-Variant, however, appears to really make an attack against www.sco.com and www.microsoft.com.
Error 3) "There seems little doubt that SCO was targeted [...] because it has enraged many people devoted to the Linux operating system."
WRONG again.
First, several antivirus researchers are convinced that this virus is also written by spammers and that the SCO part is just there to hide the true nature of the virus.
After all, if the virus was from a Linux enthusiast, why would it leave an open backdoor on the infected computers?
Second, this is a succesful virus and therefor the author needs to have inside knowledge of Windows system programming to make it small and efficient.
Linux zealots generally wont even touch anything Windows, so where does this knowledge should come from and on who's computer was the virus tested?
Error 4) "Two years ago, SCO claimed ..."
Actually, this was one year ago.
Error 5) "On top of that, SCO has sued IBM, accusing it of infringing on SCO intellectual property in the way it uses Linux."
Wrong. SCO has sued IBM for *contract violations*, not IP infringing.
Actually, SCO's argument is something like this : IBM developped JFS for AIX, therefor - even though JFS is IBM's intellectual property - SCO argues that IBM has no right to put JFS into Linux due to some obscure contract obligation.
This has nothing to do with SCO's intellectual property and everything with a complicated contract between AT&T and IBM, where the AT&T side is now represented by SCO.
Error 6) "For good measure, SCO is seeking at least a billion dollars from IBM."
Actually, the one billion dollar was in the first filing, since then SCO had changed it to three billions dollars.
Error 7) "Meanwhile the court dispute between SCO and Linux users"
Wrong. While SCO claims that it will sue "one prominent Linux user" "anytime soon now," the current court dispute is between SCO and IBM only. NOT between SCO and "linux users."
Inaccuracy 8) " It's hard to see how any website could withstand that kind of clever evil."
This is not the first time it happens.
Half a year ago, there was the Blaster virus that made a similar attack against windowsupdate.com.
Microsoft bougth help from a specialized hosting company and resisted the attack.
SCO however, doesnt even care about his website. They dont use their website to make business, this is done by their resellers (This is their own claim). Basicly, they only use their website to post their press releases that they own Linux. Therefor they choose to abandon their site in
I have discovered a truly remarkable proof for my post which this sig is too small to contain.
I have noted the points you made - as well as the vigorous debate on Slashdot.org about this article.
Well, Stephen Evan's weekly "stateside" column is not a news story, but an analytical look at major events and business trends in the United States.
It is, of course, debatable whether MyDoom/Novarg/Shimgapi was written just to bring down the SCO website, or whether the installation of spamming tools on numerous computers was an additional - or even the main - motive.
That was not the point of Stephen's article.
In his piece he wanted to draw the attention of BBC News Online's audience - many of whom are unlikely to know the ins and outs of the Open Source debate - to the rapid spread of Linux as a commercial application, SCO's attempts to cash in on this fact, and the deep anger that SCO has caused within the Linux community through its legal actions.
Stephen is not the first to draw the link between MyDoom and SCO's actions over Linux - plenty of others have done that before, including virus experts.
Trolling is a art!