Slashdot Mirror


Latest MyDoom Variant Gives Google Problems

Devil's BSD writes "It seems like the latest MyDoom worm variant has caused a bit of an Internet storm. Google, at this time (12:28 EDT), is returning 503 errors on all queries submitted from certain locations. The MyDoom variant searches the user's address book for email domains (i.e. @yahoo.com) and searches various engines (such as Google) for email addresses in that domain."

5 of 607 comments (clear)

  1. Browser Specific by nsingapu · · Score: 5, Interesting

    Webmasterworld has an interesting thread which details the problems are user agent and locality specific (for me in SoCal IE and Firefox are borked, Konqueror is working, but others report no problem with Mozilla or no problems in certain locals).

  2. Re:Google is doing fine for regular searches... by RobertB-DC · · Score: 4, Interesting
    But when I ask for "email slashdot.org" it returns a forbidden search page.

    I got the "forbidden search" error as well. I'm curious what the apparently encrypted string at the bottom of the page contains? The page says to include it in any correspondence to the Head Googlers. If another person runs the search, will they get a different string? I'd think so -- it probably includes referrer-ID and IP address.

    It starts and ends with a string of "/+" characters that give the Slashdot Lameness Filter fits.
    2r0A6dsI7ZSqFcXMcZGaqVp9OyBGpRpEx8zC0r2-fDqTp9VRX
    Oa5KPnpeHBfPq5nCWFmRKN0EGLyQNyT_Jpi2w_Gph5Lmj8QTC
    I2ARob9EUpW81ypiueUArxRWXxACzVAiOlt4-1b-k4fXoLYu6
    hgf9EwNsXjUpPHOy7iTskkZaA8BvJjCPZIo70EWJtQ5FEGtIO
    ao9GoeUBxkRmSkIPqlxvhdGEkOx_YYAK2FgokfoRJtqZlutIr
    NFHKoo6EF0wTy4dfsHMPmsLbK49OLE5m_kM-FQw0q7LyFhAnj
    e4leVjmnj0cWa_PQeUJ8aO4MRUb2C2fY0_v77HgHDY9xlor-A
    Ql-39IKKfb8HbhFAhq0E4SZnnSCg04auFL9mEwFZgvxWqp5by
    lCpv5si-pNNiqJQP9su0iWzbo7yJbMVTbJz_ybYBhZH3JS457
    yYrCD6UChKOOjrQIrjl7Eg0kAUX2ccg0ltL4r_S8q_qBwJ0J_
    iHzYhTqqMvEns0j4t36BT1JflAsS9oi4woy-fMDNTDsudkOhC
    THiBBVCdmOGK9_HiQxD0Fi24U-TpBKMdTFpHb_XOAniaZ-NYe
    7zqPtGbeNdI29RoS-05tacoKoQTf35KCDmFta02ScliFdsAlL
    fdnzvKvUexgaESG1ftpW1jO9PxuTGzx1xX5pe0Gr8V4XDRSzm
    wKpdcCiYqGYB78liF3QQkWzcw-WV-yVWXHHYLyehLEtPVyGq_
    -SArq48RQPekPgDhdlf6Rm1DxHJax5O_yxWppP8jrBnxtmgW9
    r2gCjxljRXnvTtE2iASBXPiMQMJzKcBOPYHdVccEy-Y55NFhe
    AFgJ-8-2FY-m3xk8tEejD6b1nKgrRcY34XcA4Lo0uZnAJuSeE
    SZROpKsEjO8zK9h2heG8hc5T5q-ahPtD1SAjjnllE=
    Notice the text string "taco" about 2/3 of the way through the file. Coincidence?
    --
    Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
  3. Timing is a little too close to be coincidence by Thagg · · Score: 5, Interesting

    There have been many reports recently of virus writers attempting to blackmail companies. Having this virus, an obvious DDoS attack on Google, happen the same day that Google announced the price of its IPO shares is just what you would expect if the Google didn't pay the blackmail.

    I don't know how we'll ever be able to test this hypothesis, but I think that something stinks here.

    thad

    --
    I love Mondays. On a Monday, anything is possible.
  4. Re:Alright, this means war by didde · · Score: 5, Interesting

    This is the 403 Forbidden I get when submiting a gmail address... The most thourough 403 I've ever seen.

    Forbidden
    Your client does not have permission to get URL /search?q=anything@gmail.com&ie=UTF-8&oe=UTF-8 from this server. (Client IP address: [xx.xx.xx.xx])

    Please see Google's Terms of Service posted at http://www.google.com/terms_of_service.html

    If you believe that you have received this response in error, please send email to forbidden@google.com. Before sending this email, however, please make sure to take a look at our Terms of Service (http://www.google.com/terms_of_service.html). In your email, please send us the entire code displayed below. Please also send us any information you may know about how you are performing your Google searches-- for example, "I'm using the Opera browser on Linux to do searches from home. My Internet access is through a dial-up account I have with the FooCorp ISP." or "I'm using the Konqueror browser on Linux to search from my job at myFoo.com. My machine's IP address is 10.20.30.40, but all of myFoo's web traffic goes through some kind of proxy server whose IP address is 10.11.12.13." (If you don't know any information like this, that's OK. But this kind of information can help us track down problems, so please tell us what you can.)

    We will use all this information to diagnose the problem, and we'll hopefully have you back up and searching with Google again quickly!

    Please note that although we read all the email we receive, we are not always able to send a personal response to each and every email. So don't despair if you don't hear back from us!

    Also note that if you do not send us the entire code below, we will not be able to help you.

    [long-ass-code removed]


    ... Otherwise the service works as usual here in Scandinavia.

  5. Google can probably take this in stride by 0x0d0a · · Score: 4, Interesting

    Google has a lot of computer scientists and techies, and all they need to do is write a quick regex to match these "banned" searches, slap a 72-hour ban on any IP that's the source of more than, say, 1000 "banned" searches in a day, reply with a static page that says "SOL, your request came from an infected computer, contact your sysadmin" and then start looking for a more fundamental and elegant solution for a long-term fix.

    They'll have this patched over in less than 24 hours, for certain.