However the default should be not to send any automated notice at all! Don't we already have too much mails clogging our poor servers?
I think autoresponders suck ass, but people seem to love them for some reason, I think they should at least not repond to viruses that spoof the address. Optimally auto-responders should have never been invented.
I wonder if we (as a community) should draft an RFC that governs such things as naming conventions and the like.
perhaps define all types of viruses give them a designation as to what platform and what they do. The names would sort of be a mixture of all the major vendors.
Something like
$PLATFORM/$VIRUS.$VERSION@$PAYLOAD-STYLE
So you'd need a simpl draft coming up with a platform name Win32 for 32-bit windows Mac for mac's yadda yadda, a Virus naming convention so that everyone would be able to tell from looking at the virus as to what it's name should be, $version.A.B.C etc, and a convention for payload style. Mydoom was a mass mailer that also was meant for use in a DDOS.
So perhaps mydoom should be
Win32/Mydoom.A@MM@DD
-or-
Win32/Happy99.a@M
just thoughts and ideas, what's everyone else think?
As well as defining in the RFC that, if a worm is known to spoof the From: field then skip the auto-reponder notice altogether.
not quite the fastest CPU, the on in the GC pumps out 10.5 gflops. The dvd is a plus, but really, when you can pick up a decent dvd for your tv for $40 then it becomes less of an issue. Why not just buy a regular dvd and get a remote for it?;-)
Sorry to troll but gamecube is way better anyway. Don't beleive me? Compare yourself: Nintendo xbox
The only real plus is the internal drive makes things convenient.
But at $5 for a memory card for GC it's not that big of an issue.
Besides that, Zelda's wind waker is worth it anyway.;-)
Cool. I read your post carefully and all that seemed clear to me is you hadn't spotted any port 80 traffic via your proxy, which didn't surprise me in the least. Thanks for the report.
This doesn't mean much it just means my preliminary (i use preliminary liberally because I'm not going to test further) tests show nothing...but who knows maybe the PC's are busted (they are windows don't ya know!) --hehe
in case you are too busy too read the post you replied too, it says "i've been testing". So while I have not been living in the future, the test machines have.:-)
MyDoom doesn't accomplish its stated goal of DDOSing SCO at all!
I've done some testing here either. I have yet to see 1 single packet move from the infected machines. I had some infected yesterday, and after checking my squid logs (ALL port 80 traffic gets forced through the squid proxy) I saw not 1 not 2 but ZERO traffic generated by the virus (mass emailing aside).
Maybe it's busted? Was all the hype for nothing?
Anyone have a.torrent for this? I imagine the server is going to slow down a lot.
and to be a little offtopic...how do yo umake.torrents? Perhaps we can just make one? OR is that possible?
I thought that might be what you meant. Sorta like the honor system virus where when you get the email you just delete a bunch of random files yourself and forward the email.
Ah, so you run IIS? *cough*sounds like a safe web server*cough*...
A couple of my servers run IIS sadly, most of them run apache on either linux or BSD. The thing about installing them on my servers was jsut a joke......or was it?;-)
People.. seriously. If you want to DDOS SCO, use wget and grab the whole site to/dev/null/. Sure, it's not anything special, but it works, and you dont have to load a virus which massmails and fucks up filesharing..
That's just a DOS, the first D is for Distibuted. Now how better to do that than with a virus??;-)
By the way, feel free to pound the parent mirror. It's on a T1 that won't be used for much till Monday. I will be pulling the mirror then though. Till then...have fun!
Slashdot Mirror
If I hadn't seen it with my own two eyes I would not have beleived it. There it is though. Thanks for the link that is hysterical.
However the default should be not to send any automated notice at all! Don't we already have too much mails clogging our poor servers?
I think autoresponders suck ass, but people seem to love them for some reason, I think they should at least not repond to viruses that spoof the address. Optimally auto-responders should have never been invented.
I wonder if we (as a community) should draft an RFC that governs such things as naming conventions and the like. perhaps define all types of viruses give them a designation as to what platform and what they do. The names would sort of be a mixture of all the major vendors.
.A .B .C etc, and a convention for payload style. Mydoom was a mass mailer that also was meant for use in a DDOS.
Something like
$PLATFORM/$VIRUS.$VERSION@$PAYLOAD-STYLE So you'd need a simpl draft coming up with a platform name Win32 for 32-bit windows Mac for mac's yadda yadda, a Virus naming convention so that everyone would be able to tell from looking at the virus as to what it's name should be, $version
So perhaps mydoom should be
Win32/Mydoom.A@MM@DD
-or-
Win32/Happy99.a@M
just thoughts and ideas, what's everyone else think?
As well as defining in the RFC that, if a worm is known to spoof the From: field then skip the auto-reponder notice altogether.
bi-endians don't like to be called that, please refer to them as homosexual.
well in that case what about this! ;-)
who needs 'em just follow these simple rules
1>Call you company mikerowesoft 2>sell it to microsoft 3>...? 4>profit!!!
not quite the fastest CPU, the on in the GC pumps out 10.5 gflops. The dvd is a plus, but really, when you can pick up a decent dvd for your tv for $40 then it becomes less of an issue. Why not just buy a regular dvd and get a remote for it? ;-)
"Market saturation" I think that you can.
;-)
Sorry to troll but gamecube is way better anyway.
Don't beleive me? Compare yourself:
Nintendo
xbox The only real plus is the internal drive makes things convenient.
But at $5 for a memory card for GC it's not that big of an issue. Besides that, Zelda's wind waker is worth it anyway.
Cool. I read your post carefully and all that seemed clear to me is you hadn't spotted any port 80 traffic via your proxy, which didn't surprise me in the least. Thanks for the report.
This doesn't mean much it just means my preliminary (i use preliminary liberally because I'm not going to test further) tests show nothing...but who knows maybe the PC's are busted (they are windows don't ya know!) --hehe
in case you are too busy too read the post you replied too, it says "i've been testing". So while I have not been living in the future, the test machines have. :-)
MyDoom doesn't accomplish its stated goal of DDOSing SCO at all!
I've done some testing here either. I have yet to see 1 single packet move from the infected machines. I had some infected yesterday, and after checking my squid logs (ALL port 80 traffic gets forced through the squid proxy) I saw not 1 not 2 but ZERO traffic generated by the virus (mass emailing aside). Maybe it's busted? Was all the hype for nothing?
all your constants are belong to us
but what are they going to do with the $2 or $3 million left after that?
Use it to pay Microsoft support to figure out why their machines are crashing. Then they will have to buy $3bn in upgrades to fix the crashing.
"Slashdotted" nothin', I just released Yourdoomed.zip into the "wild". We'll see what that does.
Someone turn him in, that's all the money SCO has left. This'll bankrupt them!
Anyone have a .torrent for this? I imagine the server is going to slow down a lot.
and to be a little offtopic...how do yo umake .torrents? Perhaps we can just make one? OR is that possible?
sadly belongs with IIS ;-)
I'm not so sure, this was obviously done by a WINDOWS hacker.
Except that a windows hacker wouldn't give a rat's ass about SCO.
I thought that might be what you meant. Sorta like the honor system virus where when you get the email you just delete a bunch of random files yourself and forward the email.
Damn it, they don't make enough Mac compatible viruses.
:-p
I'm right there with ya. I'm making a port of it for linux, you run OS X? I could use a beta tester.
Ah, so you run IIS? *cough*sounds like a safe web server*cough*...
;-)
A couple of my servers run IIS sadly, most of them run apache on either linux or BSD. The thing about installing them on my servers was jsut a joke......or was it?
People.. seriously. If you want to DDOS SCO, use wget and grab the whole site to /dev/null/. Sure, it's not anything special, but it works, and you dont have to load a virus which massmails and fucks up filesharing..
;-)
That's just a DOS, the first D is for Distibuted. Now how better to do that than with a virus??
"Second, it can perform a denial-of-service against www.sco.com."
;-)
Initial investigation on the Snort mailing list, seems to suggest that it opens up 63 threads that request sco's index page once every 300ms.
I just installed it on all of my servers
By the way, feel free to pound the parent mirror. It's on a T1 that won't be used for much till Monday. I will be pulling the mirror then though. Till then...have fun!
Apparently his server is made out of Lego too...
here's a mirror.