Slashdot Mirror

← Back to Stories (view on slashdot.org)

Latest MyDoom Variant Gives Google Problems

Posted by simoniker on from the down-and-out dept.

Devil's BSD writes "It seems like the latest MyDoom worm variant has caused a bit of an Internet storm. Google, at this time (12:28 EDT), is returning 503 errors on all queries submitted from certain locations. The MyDoom variant searches the user's address book for email domains (i.e. @yahoo.com) and searches various engines (such as Google) for email addresses in that domain."

22 of 607 comments (clear)

  1. i was wondering by The+Other+White+Boy · · Score: 2, Informative

    i was getting errors when trying to search, but people i was talkin to online elsewhere in the country were fine. my whole office was screwin up.

    gmail still works tho, hrm.

  2. Only Google web search down? by sup191 · · Score: 2, Informative

    Everything else seems to be ticking ok (news, images, Froogle, etc...)

  3. Yup by Anonymous Coward · · Score: 3, Informative

    I'm getting "
    Server Error
    The service you requested is not available at this time.
    Service error -27
    "
    for all of my search attempts.

  4. Google key by xenostar · · Score: 2, Informative

    To use the Google API you need a key generated by Google, which requires a small registration, so, while of course, if the perpetrator did fill it out, he probably put in fake information, it would still be a good place to start looking.

    1. Re:Google key by Anonymous Coward · · Score: 1, Informative

      It doesn't use the google API. The virus just connects to www.google.com and sends something like:

      Host: www.google.com
      GET /search?q=email+example.com&start=0&start=0&ie=utf -8&oe=utf-8 HTTP/1.0

      Then parses the result. Just like a human using a browser would.

  5. What locations? by ErichTheWebGuy · · Score: 4, Informative

    is returning 503 errors on all queries submitted from certain locations

    Is that geographic locations, IP blocks, or what? I can use Google just fine at the moment, but have heard of trouble in California (I am in Colorado). TFA gives no details. Anyone have answers?

    --
    bash: rtfm: command not found
    1. Re:What locations? by LearnToSpell · · Score: 2, Informative

      I can search from home (SSH), but not from work (~15 miles away), in NY.

      --
      Haida Manga
    2. Re:What locations? by Anonymous Coward · · Score: 1, Informative
      Is that geographic locations, IP blocks, or what?
      It's almost certainly IP blocks from which offending queries have been coming. A lot of people have been posting that they can search Google fine from home, but not from work, this is probably because some idiot in the office is infected.
  6. Queries blocked by GoRK · · Score: 3, Informative

    The query that google seems to block in order to work around this problem is a query for "mailer-daemon@domain.com" where "domain.com" is pretty much anything.

  7. Google is doing fine for regular searches... by stienman · · Score: 5, Informative

    Perhaps I'm simply 'located' better, but I can do regular google searches just fine.

    But when I ask for "email slashdot.org" it returns a forbidden search page.

    So it looks like Google is primarily stopping searches that are typical of this virus, but they may also have automated filtering that stops searches which are too many from IPs and netblocks. This part is probably something they implemented long ago.

    But google is going slower for me today, and sometimes it stalls (some of the frontend machines dropping out a bit more frequently than usual?)

    -Adam

    1. Re:Google is doing fine for regular searches... by duffster · · Score: 2, Informative

      I've tried several tests and Google seems to be filtering out any query that contains the phrase "mail" and a ".", hence catching "email slashdot.org", "mailer-daemon@domain.com", "mailman frontdoor.org" etc.

  8. well. com(mercial) is bad anyways by Keruo · · Score: 4, Informative

    use mirrors instead:

    http://www.google.co.jp/
    http://www.google.fr/
    http://www.google.se/
    http://www.google.fi/
    http://www.google.ca/

    all above seem to be responsive atleast to me

    --
    There are no atheists when recovering from tape backup.
  9. Re:Google is doing fine for regular searches...No! by Warpedcow · · Score: 3, Informative

    I can't do any searches, and I tried both of the ones you referred to, and they both give this error message.

    --
    moo
  10. Re:Strange WHOIS result though by Roguelazer · · Score: 2, Informative
    Actaully, that's not the whois on google.com, that's the whois on google.com.sucks.find.crackz.with.search.gulli.com . Here's the full story:
    $ whois google.com

    Whois Server Version 1.3

    Domain names in the .com and .net domains can now be registered
    with many different competing registrars. Go to http://www.internic.net
    for detailed information.

    Server Name: GOOGLE.COM.SUCKS.FIND.CRACKZ.WITH.SEARCH.GULLI.COM
    IP Address: 80.190.192.24
    Registrar: GANDI
    Whois Server: whois.gandi.net
    Referral URL: http://www.gandi.net

    Server Name: GOOGLE.COM.HAS.LESS.FREE.PORN.IN.ITS.SEARCH.ENGINE .THAN.SECZY.COM
    IP Address: 209.187.114.130
    Registrar: INNERWISE, INC. D/B/A ITSYOURDOMAIN.COM
    Whois Server: whois.itsyourdomain.com
    Referral URL: http://www.itsyourdomain.com

    Domain Name: GOOGLE.COM
    Registrar: ALLDOMAINS.COM INC.
    Whois Server: whois.alldomains.com
    Referral URL: http://www.alldomains.com
    Name Server: NS2.GOOGLE.COM
    Name Server: NS1.GOOGLE.COM
    Name Server: NS3.GOOGLE.COM
    Name Server: NS4.GOOGLE.COM
    Status: REGISTRAR-LOCK
    Updated Date: 03-oct-2002
    Creation Date: 15-sep-1997
    Expiration Date: 14-sep-2011

    >>> Last update of whois database: Mon, 26 Jul 2004 08:37:55 EDT <<<

    Registrant:
    Google Inc. (DOM-258879)
    2400 E. Bayshore Pkwy Mountain View CA 94043 US

    Domain Name: google.com

    Registrar Name: Alldomains.com
    Registrar Whois: whois.alldomains.com
    Registrar Homepage: http://www.alldomains.com

    Administrative Contact:
    DNS Admin (NIC-1340142) Google Inc.
    2400 E. Bayshore Pkwy Mountain View CA 94043 US
    dns-admin@google.com +1.6503300100 Fax- +1.6506181499
    Technical Contact, Zone Contact:
    DNS Admin (NIC-1340144) Google Inc.
    2400 E. Bayshore Pkwy Mountain View CA 94043 US
    dns-admin@google.com +1.6503300100 Fax- +1.6506181499

    Created on..............: 1997-Sep-15.
    Expires on..............: 2011-Sep-14.
    Record last updated on..: 2003-Apr-07 10:42:46.

    Domain servers in listed order:

    NS3.GOOGLE.COM 216.239.36.10
    NS4.GOOGLE.COM 216.239.38.10
    NS1.GOOGLE.COM 216.239.32.10
    NS2.GOOGLE.COM 216.239.34.10
    Sorry for having to delete all the notices, but this lameness filter is very lame. It decided that lal the legal notices were "junk characters". Likewise, it's now decided that I have too few characters per line, so I need to write this little explainatory paragraph.
    --
    My Systems
  11. Re:An Example by Prof.Phreak · · Score: 2, Informative

    also, doing whois google.com, returns:

    Whois Server Version 1.3

    Domain names in the .com and .net domains can now be registered
    with many different competing registrars. Go to http://www.internic.net
    for detailed information.

    Server Name: GOOGLE.COM.SUCKS.FIND.CRACKZ.WITH.SEARCH.GULLI.COM
    IP Address: 80.190.192.24
    Registrar: GANDI
    Whois Server: whois.gandi.net
    Referral URL: http://www.gandi.net

    Server Name: GOOGLE.COM.HAS.LESS.FREE.PORN.IN.ITS.SEARCH.ENGINE .THAN.SECZY.COM
    IP Address: 209.187.114.130
    Registrar: INNERWISE, INC. D/B/A ITSYOURDOMAIN.COM
    Whois Server: whois.itsyourdomain.com
    Referral URL: http://www.itsyourdomain.com

    Domain Name: GOOGLE.COM
    Registrar: ALLDOMAINS.COM INC.
    Whois Server: whois.alldomains.com
    Referral URL: http://www.alldomains.com
    Name Server: NS2.GOOGLE.COM
    Name Server: NS1.GOOGLE.COM
    Name Server: NS3.GOOGLE.COM
    Name Server: NS4.GOOGLE.COM
    Status: REGISTRAR-LOCK
    Updated Date: 03-oct-2002
    Creation Date: 15-sep-1997
    Expiration Date: 14-sep-2011

    >>> Last update of whois database: Mon, 26 Jul 2004 08:37:55 EDT

    --

    "If anything can go wrong, it will." - Murphy

  12. Re:Ah hah by gmuslera · · Score: 5, Informative
    AllTheWeb and Teoma are good alternatives, as far I remember, and do some things in a smarter way than Google. MSN search is supposed to be improved in a beta URL (there was an history here about it some weeks ago)

    And you have also metasearchers, that not only search google, but also others. If you want almost the opposite of google in simplicity, you can try Kartoo, where you can have graphs with aggrupations on search results, flash animations and things like that.

    Last, but not least, there are a search engine that you can use to find search engines very close to you. If its good enough, probably there is a Slashdot article on it, so slashdot search is a good first step if all the other search engines you know are down but you still can access slashdot.

  13. Virus Text by kevman42 · · Score: 2, Informative

    We've received a copy of the virus (stopped at the gateway, of course), but here's the text of it for those who are curious:

    Dear user xxxxx@domain.com, administration of domain.com would like to inform you

    Your email account has been used to send a large amount of junk e-mail during the recent week. We suspect that your computer was compromised and now runs a hidden proxy server.

    We recommend that you follow instruction in the attachment in order to keep your computer safe.

    Best regards, The domain.com team.

    The virus is then attached at the bottom of the message.

  14. You keep using that word.. by aziraphale · · Score: 4, Informative

    ... I do not think it means what you think it means.

    i.e. is an abbreviation for the Latin id est, "that is". It's a synonym for "in other words", "that is to say", or (sort of) "specifically". It does NOT mean "for example", or "such as". For those expressions, you're looking for the Latin abbreviation e.g. - exempli gratia, which means "for example".

    Saying this virus "searches your machine for email domains, i.e. yahoo.com", you're actually saying that it "searches for email domains, in other words yahoo.com". This implies that yahoo.com is the only email domain it searches for (or that you are an idiot, and honestly believe that 'email domains' is synonymous with 'yahoo.com'), which makes it seem like a rather pointless search, to say the least.

    I.e./e.g. confusion seems to be increasingly common, which surprises me, because it doesn't seem to me that their meanings are at all similar. It seems rather like confusing the phrases 'In spite of which' and 'since Thursday'. Since Thursday, people still seem to do it.

    If you really can't remember whether you mean i.e. or e.g., then just write out 'for example' or 'in other words' in full... it doesn't take that much longer.

  15. How-to bypass the block by CHICK543 · · Score: 2, Informative

    If you still want to use google, but are getting blocked (like me), try using Google Personalized

    Works like a charm. (but a little bit slow)

  16. Re:Fool me once ... fool me 14 times??? by jon787 · · Score: 2, Informative

    Thats why corporate anti-virus software requires a password to disable it, even temporarily.

    --
    X(7): A program for managing terminal windows. See also screen(1).
  17. Re:503/service error -27 by monique · · Score: 2, Informative

    try adding "&num=0" to the search url.

    --
    -monique
  18. Re:Ah hah by Winkhorst · · Score: 2, Informative

    Have you considered buying a dictionary? You can get them at Amazon or your local bookstore. That's the place where they sell those old-fashioned paper thingies that have words printed on paper.

    --
    "Is this Winkhorst a nova criminal?" "No just a technical sergeant wanted for interrogation."