Slashdot Mirror

← Back to Stories (view on slashdot.org)

Latest MyDoom Variant Gives Google Problems

Posted by simoniker on from the down-and-out dept.

Devil's BSD writes "It seems like the latest MyDoom worm variant has caused a bit of an Internet storm. Google, at this time (12:28 EDT), is returning 503 errors on all queries submitted from certain locations. The MyDoom variant searches the user's address book for email domains (i.e. @yahoo.com) and searches various engines (such as Google) for email addresses in that domain."

36 of 607 comments (clear)

  1. Alright, this means war by Anonymous Coward · · Score: 5, Funny

    Virus writers want to attack Microsoft or SCO, fine... but this... this is war! YOU DO NOT ATTACK THE GOOGLE!!!

    1. Re:Alright, this means war by aardwolf204 · · Score: 4, Funny

      Ahem, its TEH GOOGLE! get it right

      --
      Im dreaming ofa big bndwdth, That can resist the /.crowd.May ur days b merry & bright & may al
    2. Re:Alright, this means war by didde · · Score: 5, Interesting

      This is the 403 Forbidden I get when submiting a gmail address... The most thourough 403 I've ever seen.

      Forbidden
      Your client does not have permission to get URL /search?q=anything@gmail.com&ie=UTF-8&oe=UTF-8 from this server. (Client IP address: [xx.xx.xx.xx])

      Please see Google's Terms of Service posted at http://www.google.com/terms_of_service.html

      If you believe that you have received this response in error, please send email to forbidden@google.com. Before sending this email, however, please make sure to take a look at our Terms of Service (http://www.google.com/terms_of_service.html). In your email, please send us the entire code displayed below. Please also send us any information you may know about how you are performing your Google searches-- for example, "I'm using the Opera browser on Linux to do searches from home. My Internet access is through a dial-up account I have with the FooCorp ISP." or "I'm using the Konqueror browser on Linux to search from my job at myFoo.com. My machine's IP address is 10.20.30.40, but all of myFoo's web traffic goes through some kind of proxy server whose IP address is 10.11.12.13." (If you don't know any information like this, that's OK. But this kind of information can help us track down problems, so please tell us what you can.)

      We will use all this information to diagnose the problem, and we'll hopefully have you back up and searching with Google again quickly!

      Please note that although we read all the email we receive, we are not always able to send a personal response to each and every email. So don't despair if you don't hear back from us!

      Also note that if you do not send us the entire code below, we will not be able to help you.

      [long-ass-code removed]

      ... Otherwise the service works as usual here in Scandinavia.

  2. Ah hah by suso · · Score: 4, Funny

    I thought I was going nuts, I've never had google give me problems.

    I found it hard to remember the names of other search engines that I could use though.

    1. Re:Ah hah by boredMDer · · Score: 4, Funny

      Other....search engines?

      Do explain such a foreign concept as this.

      Google is the one, the almighty.

    2. Re:Ah hah by Jim+Hall · · Score: 5, Funny

      I found it hard to remember the names of other search engines that I could use though.

      You could do a Google search for them, I suppose... :-)

    3. Re:Ah hah by gmuslera · · Score: 5, Informative
      AllTheWeb and Teoma are good alternatives, as far I remember, and do some things in a smarter way than Google. MSN search is supposed to be improved in a beta URL (there was an history here about it some weeks ago)

      And you have also metasearchers, that not only search google, but also others. If you want almost the opposite of google in simplicity, you can try Kartoo, where you can have graphs with aggrupations on search results, flash animations and things like that.

      Last, but not least, there are a search engine that you can use to find search engines very close to you. If its good enough, probably there is a Slashdot article on it, so slashdot search is a good first step if all the other search engines you know are down but you still can access slashdot.

    4. Re:Ah hah by skinfitz · · Score: 4, Funny

      What's a search engine?

      I tried googling for it but it just took me to the home page. I think it's broken.

    5. Re:Ah hah by TimeZone · · Score: 4, Funny
      I tried to google "Service Error -27" to find out what the problem was.

      It took about 10 seconds for me to realize I was a dumbass.

      TZ

  3. Shouldn't that be easy to fix? by ggvaidya · · Score: 4, Insightful

    If MyDoom uses certain search strings, you just dump all such searches? Worse case, just dump any search for anything which looks like an e-mail account?

  4. What a day to have problems! by AKAImBatman · · Score: 4, Insightful

    CNN is on behind me, and they've been talking about nothing but Google's IPO. Seems like really bad timing for Google. :-(

    --
    Javascript + Nintendo DSi = DSiCade
  5. The end of the world! by Jamori · · Score: 5, Funny

    Google is down ... the world is ending! The beginning of the apocalypse! (I can't even check if I spelled that right without google)

  6. Nostradomus predicted this right? by craenor · · Score: 5, Funny

    Google going down is the first sign of the apocalypse. Now if my wife asks me for sex (the second sign), I'll know the world is going to end...

    1. Re:Nostradomus predicted this right? by Anonymous Coward · · Score: 5, Funny

      she asked me for sex - does that count? :)

    2. Re:Nostradomus predicted this right? by craenor · · Score: 4, Funny

      Sadly, that's not a sign of the Apocalypse, that's the sign that it's Monday.

    3. Re:Nostradomus predicted this right? by Gilmoure · · Score: 4, Funny

      craenor's wife has never asked me for sex on Monday...

      --
      I drank what? -- Socrates
    4. Re:Nostradomus predicted this right? by Atario · · Score: 4, Funny
      Google going down is the first sign of the apocalypse. Now if my wife asks me for sex (the second sign), I'll know the world is going to end...
      I can't believe you didn't make the obvious joke there. I mean, c'mon. Think about it. "Going down"..."my wife"...Jebus! It fairly slaps you in the face! And you call yourself a Slashdotter...
      --
      "A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
  7. Time for a new error by Quasar1999 · · Score: 5, Funny

    503? screw that... why not have a new error number designated specifically for MS infected systems... error 999: The operating system you are using is insecure and has been exploited... you are partially responsible for bringing this server to its knees... Now go in the corner and think about what you've done.

    --

    ---
    Programming is like sex... Make one mistake and support it the rest of your life.
    1. Re:Time for a new error by drmellow · · Score: 4, Funny

      999? No, make it 666. That'll be more fun.

  8. What locations? by ErichTheWebGuy · · Score: 4, Informative

    is returning 503 errors on all queries submitted from certain locations

    Is that geographic locations, IP blocks, or what? I can use Google just fine at the moment, but have heard of trouble in California (I am in Colorado). TFA gives no details. Anyone have answers?

    --
    bash: rtfm: command not found
  9. No Problem... by Pirogoeth · · Score: 5, Funny

    ...just use Google's alternate search form...

    --
    Happiness is like peeing yourself. Everybody can see it but only you can feel its warmth.
  10. Google is doing fine for regular searches... by stienman · · Score: 5, Informative

    Perhaps I'm simply 'located' better, but I can do regular google searches just fine.

    But when I ask for "email slashdot.org" it returns a forbidden search page.

    So it looks like Google is primarily stopping searches that are typical of this virus, but they may also have automated filtering that stops searches which are too many from IPs and netblocks. This part is probably something they implemented long ago.

    But google is going slower for me today, and sometimes it stalls (some of the frontend machines dropping out a bit more frequently than usual?)

    -Adam

    1. Re:Google is doing fine for regular searches... by RobertB-DC · · Score: 4, Interesting
      But when I ask for "email slashdot.org" it returns a forbidden search page.

      I got the "forbidden search" error as well. I'm curious what the apparently encrypted string at the bottom of the page contains? The page says to include it in any correspondence to the Head Googlers. If another person runs the search, will they get a different string? I'd think so -- it probably includes referrer-ID and IP address.

      It starts and ends with a string of "/+" characters that give the Slashdot Lameness Filter fits.
      2r0A6dsI7ZSqFcXMcZGaqVp9OyBGpRpEx8zC0r2-fDqTp9VRX
      Oa5KPnpeHBfPq5nCWFmRKN0EGLyQNyT_Jpi2w_Gph5Lmj8QTC
      I2ARob9EUpW81ypiueUArxRWXxACzVAiOlt4-1b-k4fXoLYu6
      hgf9EwNsXjUpPHOy7iTskkZaA8BvJjCPZIo70EWJtQ5FEGtIO
      ao9GoeUBxkRmSkIPqlxvhdGEkOx_YYAK2FgokfoRJtqZlutIr
      NFHKoo6EF0wTy4dfsHMPmsLbK49OLE5m_kM-FQw0q7LyFhAnj
      e4leVjmnj0cWa_PQeUJ8aO4MRUb2C2fY0_v77HgHDY9xlor-A
      Ql-39IKKfb8HbhFAhq0E4SZnnSCg04auFL9mEwFZgvxWqp5by
      lCpv5si-pNNiqJQP9su0iWzbo7yJbMVTbJz_ybYBhZH3JS457
      yYrCD6UChKOOjrQIrjl7Eg0kAUX2ccg0ltL4r_S8q_qBwJ0J_
      iHzYhTqqMvEns0j4t36BT1JflAsS9oi4woy-fMDNTDsudkOhC
      THiBBVCdmOGK9_HiQxD0Fi24U-TpBKMdTFpHb_XOAniaZ-NYe
      7zqPtGbeNdI29RoS-05tacoKoQTf35KCDmFta02ScliFdsAlL
      fdnzvKvUexgaESG1ftpW1jO9PxuTGzx1xX5pe0Gr8V4XDRSzm
      wKpdcCiYqGYB78liF3QQkWzcw-WV-yVWXHHYLyehLEtPVyGq_
      -SArq48RQPekPgDhdlf6Rm1DxHJax5O_yxWppP8jrBnxtmgW9
      r2gCjxljRXnvTtE2iASBXPiMQMJzKcBOPYHdVccEy-Y55NFhe
      AFgJ-8-2FY-m3xk8tEejD6b1nKgrRcY34XcA4Lo0uZnAJuSeE
      SZROpKsEjO8zK9h2heG8hc5T5q-ahPtD1SAjjnllE=
      Notice the text string "taco" about 2/3 of the way through the file. Coincidence?
      --
      Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
  11. Browser Specific by nsingapu · · Score: 5, Interesting

    Webmasterworld has an interesting thread which details the problems are user agent and locality specific (for me in SoCal IE and Firefox are borked, Konqueror is working, but others report no problem with Mozilla or no problems in certain locals).

    --
    How do I keep track of people who are fingering
  12. well. com(mercial) is bad anyways by Keruo · · Score: 4, Informative

    use mirrors instead:

    http://www.google.co.jp/
    http://www.google.fr/
    http://www.google.se/
    http://www.google.fi/
    http://www.google.ca/

    all above seem to be responsive atleast to me

    --
    There are no atheists when recovering from tape backup.
  13. The influence of Google in the world by Darth+Beto · · Score: 4, Insightful

    I'm in Mexico and Google is still not working! It is amazing that we're so tied to Google that we forget the others search engines (in fact when I couldn't search into Google I thought "well I'll wait a couple of minutes" instead of using another search engine like Yahoo!)

    --
    Free iPods, no trick, no steal, (almost) no pain:
  14. I fear for zeitgeist by ILikeRed · · Score: 5, Funny
    Talk about a boring upcoming Zietgeist...

    Top query in US:
    joejob@yahoo.com

    Top query in UK:
    joejob@yahoo.com.uk

    Browsers used to access Google:
    Internet Explorer ... 41%
    MyDoom ... 54%
    Other ... 05%

    I think they are just trying to keep Mozilla's percentage down.
    --
    I have come to a conclusion that one useless man is a shame, two is a law firm, and three or more is a congress -J Adams
  15. Re:Why the unevenness? by WormholeFiend · · Score: 5, Funny

    I tried google.fr and I saw that it had surrendered to the virus.

  16. My productivity... by Junta · · Score: 4, Funny

    has gone to hell.

    My coworkers may realize I really don't know anything if I can't google up answers real soon now...

    --
    XML is like violence. If it doesn't solve the problem, use more.
  17. Fool me once ... fool me 14 times??? by shrubya · · Score: 5, Funny
    I can accept ordinary computer illiteracy. People who don't know their mouse has multiple buttons, or who don't know how to quit a program, it's okay. I'm sure they're good at something else. But as long as they aren't complete intentional morons, EVEN ILLITERATES CAN BE TRAINED TO USE COMPUTERS PROPERLY.

    But here we are at MyDoom.N, which is the 14th virus in a series that requires the user to:

    1. receive an infected email
    2. read the email and believe its contents
    3. download the attachment
    4. unzip the attachment, often password protected
    5. run the resulting executable

    After ignoring 13 previous warnings, I must move from sympathy to malice. For the sake of all humanity, I beg the author(s) of the MyDoom series and other viruses, in your next version, please include the following instructions:

    1. locate a nearby table lamp with the light on
    2. remove pants
    3. break the bulb while it is glowing
    4. insert testicles into bulb socket
    If they're dumb enough to get fooled by MyDoom again, they're dumb enough to get themselves out of the gene pool.
    1. Re:Fool me once ... fool me 14 times??? by Maul · · Score: 4, Funny

      Insert the following (since I've seen it before many times):

      3a. User is told by their AV software that the attachment has a virus.

      3b. User disables AV software in order to open the attachment.

      --

      "You spoony bard!" -Tellah

  18. Re:i was wondering by poptix_work · · Score: 5, Funny

    They sent out the email to.. not open your email

    How amazingly typical.

    --
    Just because you disagree doesn't make it offtopic or flamebait.
  19. Re:Why the unevenness? by Tackhead · · Score: 5, Funny
    > Google is BIG. VERY VERY BIG.

    "You just won't believe how vastly, hugely, mindbogglingly big it is. I mean, you may think it's a long way down the OC-3 to boobies.chemist.com, but that's just peanuts to Google. Listen...", and so on.

    (After a while the style settles down a bit and it begins to tell you things you really need to know, like the fact that Google has different DNS entries depending on which server you look them up from, which is only a partial solution to the bandwidth problem -- so that despite the DNS tricks, any net imbalance between the packets you send to Google and the packets Google sends back to you, must be surgically removed from your pipe: so every time you type "natalie portman hot grits" into images.google.com, it is vitally important to get a receipt.)

  20. Timing is a little too close to be coincidence by Thagg · · Score: 5, Interesting

    There have been many reports recently of virus writers attempting to blackmail companies. Having this virus, an obvious DDoS attack on Google, happen the same day that Google announced the price of its IPO shares is just what you would expect if the Google didn't pay the blackmail.

    I don't know how we'll ever be able to test this hypothesis, but I think that something stinks here.

    thad

    --
    I love Mondays. On a Monday, anything is possible.
  21. You keep using that word.. by aziraphale · · Score: 4, Informative

    ... I do not think it means what you think it means.

    i.e. is an abbreviation for the Latin id est, "that is". It's a synonym for "in other words", "that is to say", or (sort of) "specifically". It does NOT mean "for example", or "such as". For those expressions, you're looking for the Latin abbreviation e.g. - exempli gratia, which means "for example".

    Saying this virus "searches your machine for email domains, i.e. yahoo.com", you're actually saying that it "searches for email domains, in other words yahoo.com". This implies that yahoo.com is the only email domain it searches for (or that you are an idiot, and honestly believe that 'email domains' is synonymous with 'yahoo.com'), which makes it seem like a rather pointless search, to say the least.

    I.e./e.g. confusion seems to be increasingly common, which surprises me, because it doesn't seem to me that their meanings are at all similar. It seems rather like confusing the phrases 'In spite of which' and 'since Thursday'. Since Thursday, people still seem to do it.

    If you really can't remember whether you mean i.e. or e.g., then just write out 'for example' or 'in other words' in full... it doesn't take that much longer.

  22. Google can probably take this in stride by 0x0d0a · · Score: 4, Interesting

    Google has a lot of computer scientists and techies, and all they need to do is write a quick regex to match these "banned" searches, slap a 72-hour ban on any IP that's the source of more than, say, 1000 "banned" searches in a day, reply with a static page that says "SOL, your request came from an infected computer, contact your sysadmin" and then start looking for a more fundamental and elegant solution for a long-term fix.

    They'll have this patched over in less than 24 hours, for certain.

    --
    May we never see th