SCO Xenix was a product of The Santa Cruz Operation (they of the $100 support questions and crappy UUCP implementations on 286s).
On the other hand, The SCO Group (they of the bogus lawsuits, numerous slashdot articles and $699 Unix IP licenses) is actually a different company and not the SCO of Xenix times. (You have to wade through pages and pages of junk before you get to the appropriate lines - sorry about the google cache but www.sco.com seems to be down!)
2001 On May 7, Caldera Systems completes the acquisition of SCO's Server Software and Professional Services Divisions, becoming Caldera International (Caldera) and providing the world's largest Linux/UNIX channel.
2002 Caldera names a new CEO, Darl McBride.
2002 Caldera changes its name to The SCO Group (SCO), returning to the SCO brand.
I have to agree with your original comments though - The SCO Group is SO full of it and they are LAME
I questioned the 50,000 to 75,000 number as it seemed totally bogus and unrelated to the number of source IPs I'm seeing scanning my two class Cs. How can I see 10-15 different source IPs every 5-10 minutes if only 50,000 computers are infected worldwide?
ISC and dshield are showing the number of sources scanning port 3127 building up at an alarming rate. The number of sources seems to be increasing by about 2000 every 10 minutes, which is much more in line with the number of sources I'm seeing scanning my backwater.
The javascript looks pretty innocuous. You can use the samspade safe browser if you really want to look at the original page (and the javascript).
Some AV programs throw a warning about Bt.ow/btg when they see the pattern "Second Part to Hell" and the page includes the text "(c) 2002-2004 by Second Part To Hell" so it may be a false positive.
If you are concerned, more information about Bt.ow/btg is here and here
Re:Complain (Score:5, Funny)
by kinnell (607819) on Thursday February 05, @08:41AM (#8187078)
Keep it civil, folks
Screw that! Someone write a mydoom variant which targets the BBC. That'll teach them to bad mouth linux zealots.
I don't even want to guess how you see this one.
I don't think you can really justify pathetic journalism because of a few funny jibes on slashdot. SCO is trying to commandeer the work of others. Why shouldn't people make fun of them and hope them harm? Its not like they haven't tried their hardest to piss people off.
If ill informed idiots in the press choose to write articles riddled with errors and specious claims, that is their problem. They'll get their "facts" from somewhere else, at least funny comments on slashdot are entertaining to lots of people - more power to someonehasmyname, Anonymous Coward and Geek of Tech - love your work guys.
Wow, what an article, it brings journalistic research and factual accuracy to new lows with some baseless assertions thrown in for good measure. I thought the BBC just got spanked over poor journalism.
Factual Errors:-
1. "bringing down its website with a barrage of emails"
The MyDoom virus used a barrage of HTTP requests to bring the www.sco.com website down. Websites and mail systems are different, they use different protocols, ports and servers. The virus spread by email, it *did not* use email to perform a DDOS on www.sco.com.
2. "Two years ago, SCO claimed that it owned more than 800,000 lines of the system which had always been available for free and to anyone since its invention in 1991."
This is actually a few errors in one, bravo!
"Two years ago" - This is incorrect, SCO first claimed that Linux contained improperly contributed Unix code in early 2003, this is not two years ago! At that time it did not claim "more than 800,000 lines" that came later.
"...claimed 800,000" - SCO expanded its PR claims in mid 2003 to include the "more than 800,000 lines" quote. This is only 6-7 months ago, not two years ago.
"since 1991" - SCO has claimed that contributions to the Linux kernel post v2.4 impinge on its rights - this is not the code from 1991. It has not yet claimed rights to any of the 1991 code!
3. "On top of that, SCO has sued IBM, accusing it of using SCO property because it too uses Linux."
SCO has sued IBM over a contract dispute, it has not sued IBM because it uses Linux! SCO has claimed that IBM has used Unix methods and trade secrets improperly in its contributions to Linux (SCO claims it is a succesor in interest to Unix copyrights, methods and trade secrets which Novell sold to Tarantella - this is also in dispute).
4. "Despite the law-suits against users by SCO,"
SCO has not sued any Linux users. It has sued IBM, it has been counter sued by IBM, Red Hat has sued SCO, SCO has sued Novell. At no time has SCO sued a Linux user.
5. "Meanwhile the court dispute between SCO and Linux users (rather than the cyberspace war between SCO and the hackers) is scheduled for next year in a court in Utah."
There is no court dispute between SCO and Linux users (see above).
So most of the article is factually incorrect, and then he casts baseless assertions with a follow up disclaimer.
"There seems little doubt that SCO was targeted - illegally and unacceptably, lest anyone be in any doubt - because it has enraged many people devoted to the Linux operating system"
"There's no proof, of course, but it must be one of the theories at the top of any investigator's list."
What sort of journalism is this? This should be in a crappy tabloid not a government owned and respected news service.
The Nachi worm and Code Green were attempts to fix Blaster and Code Red. They caused more damage than they fixed - especially Nachi which is still flooding everyone with ICMP echo requests. I am also surprised that you have never seen it suggested before - hint use Google
Closing open relays is a great first step and I hope this program has some effect.
If spammers are driven to using trojaned home computers to send their junk then there will be much more pressure bought to bear on ISPs to do port 25 egress filtering which will stop the trojans dead in their tracks
When setting virus notification messages on Trend it helpfully asks if you want to apply the same settings to the Notification to Admin, Notification to Sender and Notification to Recipient. I assume most people want to set a Notification to Admin message - so unless you click around the default "Apply to All" you'll also end up sending notifications to the "sender" and recipient of the virus.
Also, with attachment blocking Trend will try to send a message to All the recipients of the message - so when someone sends a garbage executable to one of my users and inlcudes a hundred people in the To field, Trend will helpfully try to send an Attachment Blocked message to those 99 other people who it actually didn't block the attachment for! Telling my users that attachments were stripped from their mails is helpful, but incorrectly telling 100s of other people negates this usefulness.
To hell with Edgar Allen Poe and Lewis Carrol, I can live without them, but not Beer. A spammer (at 206.169.149.77) sent me this to disrupt my filters!:-( How evil are these people?
"Unix Beer Comes in several different brands in cans ranging from 8 oz to 64 oz Drinkers of Unix Beer display fierce brand loyalty even though they claim that a ll the different brands taste almost identical Sometimes the pop tops break off when you try to open them so you have to have your own can opener around for tho se occasions in which case you either need a complete set of instructions or a f riend who has been drinking Unix Beer for several years BSD stout Deep hearty an d an acquired taste The official brewer has released the recipe and a lot of hom e brewers now use it Hurd beer Long advertised by the popular and politically ac tive GNU brewery so far it has more head than body The GNU brewery is mostly kno wn for printing complete brewing instructions on every can which contains hops m alt barley and yeast not yet fermented Linux brand A recipe originally created b y a drunken Finn in his basement it has since become the home brew of choice for
impecunious brewers and Unix beer lovers worldwide many of whom change the reci pe POSIX ales Sweeter than lager with the kick of a stout the newer batches of a
lot of beers seem to blend ale and stout or lager Solaris brand A lager intende d to replace Sun brand stout Unlike most lagers this one has to be drunk more sl owly than stout Sun brand Long the most popular stout on the Unix market it was discontinued in favor of a lager SysV lager Clear and thirst quenching but lacki ng the body of stout or the sweetness of ale"
Of the 1452 spam I received in my 3 accounts this weekend there are 157 references mentioning compliance with the Can-Spam act. Twenty of these said that they complied by including a valid reply address, a valid postal address and a working removal mechanism. The only one which actually met all of these criteria was from hurricane-map.com sent to an administrative address - 69.6.58.0/23 is blocked to everything else but to this address:-(.
So Scott Richter, one of the most infamous spammers on the planet, doesn't seem to be complying with Rule #1, what is the world coming to?
As other people have mentioned bouncing undeliverable mail is what mail systems are meant to do. But in this day and age where every second mail has a forged sender address, sending NDRs to the sender address is somewhat anti-social. The best solution is to reject undeliverable mail in the first place and not send NDRs at all.
It seems that AOL is aware of the problems they cause by bouncing mail to forged sender addresses and are changing their system so that it will no longer be a two stage proxy which accepts all mail and then sends NDRs for undeliverable addresses. They will simply reject mail to bogus AOL addresses during the SMTP greeting.
But based on the hundreds of bounces to forged addresses I receive from systems which are trying to send spam to AOL and which AOL has blacklisted I don't think this is going to slow down the bounces!:-( At least I can reject *ALL* traffic from these f-ing misconfigured/abused systems.
Do you have any idea what range of people use spamcop, what they report and what IPs get listed on spamcop? Have you heard of SPAM-L, yeah their double opt-in confirm at every step process doesn't stop idiots from reporting SPAM-L mails as spam to spamcop and getting the IPs of people who contribute to SPAM-L blacklisted. Here is one for you.
There is no doubt that some idiots prefer to use spamcop as an unsubcribe service rather than to try to unsubscribe from mailing lists that THEY have subscribed to. This is obviously pretty effective as they certainly cause the owners of the lists enough grief that they will be removed and never allowed back on. As long as spamcop can be abused in this way many list admins will be pissed off and think poorly of it.
But I must just be a spammer right? Everyone who sends mailers is a f***ing spammer contibuting to the crapflood of spew thats killing email. WTF?
Even if the GM fish were succesful and all the goldfish were killed, won't the foolish/careless people just reintroduce more foreign species again? Maybe you need to GM the fishermen with a new improved clue gene.
These Indian spammers think its legal. order@imark-india.com (202.63.171.243):-
"Since India has no anti-spamming law.."
"This e-mail message may contain confidential, proprietary or legally privileged information. It should not be used by anyone who is not the original intended recipient. If you have erroneously received this message, please delete it immediately and notify the sender. Since India has no anti-spamming law, we follow the US Unsolicited Electronic Mail Act of 2000, which states that mail cannot be considered Spam if it contains contact / removal information, which this mail does. If you want to be removed from the mailing list then you must reply to this mail with "Remove" in the subject line and e-mail for faster response and action
This is an SMTP AUTH problem and any mail server which permits relaying using SMTP AUTH and doesn't filter by source IP is open to this type of abuse. Exchange is more susceptible to this attack than other mail servers because there are predictable account names which can be brute forced and SMTP AUTH is enabled by default. It is simple to turn this off.
What is the big deal?
It looks like thinkcomputer has an ulterior motive "Microsoft telephone support is not available without the risk of paying a relatively high per incident fee. Therefore, we recommend contacting Think Computer via e-mail at info@thinkcomputer.com for more information about the issues discussed in this White Paper."
It takes one complainant - that means only one person needs to make a complaint.
Spamcop requires two complaints from ONE person within seven days to blacklist a site.
This is not FUD, this is how Spamcop works and why Spamcop is easily abused. ONE person is able to get a site blacklisted - just ask samspade.org, monkeys.com, etc - supporting evidence/complaints from others is not required and ALL complaints are assumed as valid.
Main Entry: complainant Pronunciation: k&m-'plA-n&nt Function: noun Date: 15th century : the party who makes the complaint
Spamcop only requires one complainant and since it is fully automated any mail can be used to blacklist a site.
More and more people are being affected by both spam and blacklists. Usually people are only aware of blacklists when they block legitimate mail - as with most things in computing when something works well there is very little comment, but when there are a few small problems all you hear are complaints.
You seem to like spamcop reports and have entertained the thought of automatically banning people by parsing the spam reports you receive. This should be treated with a great deal of caution unless you want to be responsible for fiascos like this or this.
Relying upon some of the kooks who use spamcop to make the determination as to which of your users should be "killed" is not wise and I think your management has made the right decision. Certainly automating the process of sorting the complaints into wheat or chaff and cross referencing them to user accounts is worthwhile, but this should be an aid to human review and not an end in itself.
Having scripts which automatically hit the kill button is open to abuse - so it will be abused.
Slashdot Mirror
Does this new version still use "LOCKSMITH" for the backdoor password? Or has it been changed to something else?
On the other hand, The SCO Group (they of the bogus lawsuits, numerous slashdot articles and $699 Unix IP licenses) is actually a different company and not the SCO of Xenix times. (You have to wade through pages and pages of junk before you get to the appropriate lines - sorry about the google cache but www.sco.com seems to be down!)
- 2002 Caldera changes its name to The SCO Group (SCO), returning to the SCO brand.
I have to agree with your original comments though - The SCO Group is SO full of it and they are LAMEI questioned the 50,000 to 75,000 number as it seemed totally bogus and unrelated to the number of source IPs I'm seeing scanning my two class Cs. How can I see 10-15 different source IPs every 5-10 minutes if only 50,000 computers are infected worldwide?
ISC and dshield are showing the number of sources scanning port 3127 building up at an alarming rate. The number of sources seems to be increasing by about 2000 every 10 minutes, which is much more in line with the number of sources I'm seeing scanning my backwater.
The javascript looks pretty innocuous. You can use the samspade safe browser if you really want to look at the original page (and the javascript).
Some AV programs throw a warning about Bt.ow/btg when they see the pattern "Second Part to Hell" and the page includes the text "(c) 2002-2004 by Second Part To Hell" so it may be a false positive.
If you are concerned, more information about Bt.ow/btg is here and here
I don't think you can really justify pathetic journalism because of a few funny jibes on slashdot. SCO is trying to commandeer the work of others. Why shouldn't people make fun of them and hope them harm? Its not like they haven't tried their hardest to piss people off.
If ill informed idiots in the press choose to write articles riddled with errors and specious claims, that is their problem. They'll get their "facts" from somewhere else, at least funny comments on slashdot are entertaining to lots of people - more power to someonehasmyname, Anonymous Coward and Geek of Tech - love your work guys.
Wow, what an article, it brings journalistic research and factual accuracy to new lows with some baseless assertions thrown in for good measure. I thought the BBC just got spanked over poor journalism.
Factual Errors:-
1. "bringing down its website with a barrage of emails"
The MyDoom virus used a barrage of HTTP requests to bring the www.sco.com website down. Websites and mail systems are different, they use different protocols, ports and servers. The virus spread by email, it *did not* use email to perform a DDOS on www.sco.com.
2. "Two years ago, SCO claimed that it owned more than 800,000 lines of the system which had always been available for free and to anyone since its invention in 1991."
This is actually a few errors in one, bravo!
"Two years ago" - This is incorrect, SCO first claimed that Linux contained improperly contributed Unix code in early 2003, this is not two years ago! At that time it did not claim "more than 800,000 lines" that came later.
"...claimed 800,000" - SCO expanded its PR claims in mid 2003 to include the "more than 800,000 lines" quote. This is only 6-7 months ago, not two years ago.
"since 1991" - SCO has claimed that contributions to the Linux kernel post v2.4 impinge on its rights - this is not the code from 1991. It has not yet claimed rights to any of the 1991 code!
3. "On top of that, SCO has sued IBM, accusing it of using SCO property because it too uses Linux."
SCO has sued IBM over a contract dispute, it has not sued IBM because it uses Linux! SCO has claimed that IBM has used Unix methods and trade secrets improperly in its contributions to Linux (SCO claims it is a succesor in interest to Unix copyrights, methods and trade secrets which Novell sold to Tarantella - this is also in dispute).
4. "Despite the law-suits against users by SCO,"
SCO has not sued any Linux users. It has sued IBM, it has been counter sued by IBM, Red Hat has sued SCO, SCO has sued Novell. At no time has SCO sued a Linux user.
5. "Meanwhile the court dispute between SCO and Linux users (rather than the cyberspace war between SCO and the hackers) is scheduled for next year in a court in Utah."
There is no court dispute between SCO and Linux users (see above).
So most of the article is factually incorrect, and then he casts baseless assertions with a follow up disclaimer.
"There seems little doubt that SCO was targeted - illegally and unacceptably, lest anyone be in any doubt - because it has enraged many people devoted to the Linux operating system"
"There's no proof, of course, but it must be one of the theories at the top of any investigator's list."
What sort of journalism is this? This should be in a crappy tabloid not a government owned and respected news service.
The Nachi worm and Code Green were attempts to fix Blaster and Code Red. They caused more damage than they fixed - especially Nachi which is still flooding everyone with ICMP echo requests. I am also surprised that you have never seen it suggested before - hint use Google
Closing open relays is a great first step and I hope this program has some effect.
If spammers are driven to using trojaned home computers to send their junk then there will be much more pressure bought to bear on ISPs to do port 25 egress filtering which will stop the trojans dead in their tracks
When setting virus notification messages on Trend it helpfully asks if you want to apply the same settings to the Notification to Admin, Notification to Sender and Notification to Recipient. I assume most people want to set a Notification to Admin message - so unless you click around the default "Apply to All" you'll also end up sending notifications to the "sender" and recipient of the virus.
Also, with attachment blocking Trend will try to send a message to All the recipients of the message - so when someone sends a garbage executable to one of my users and inlcudes a hundred people in the To field, Trend will helpfully try to send an Attachment Blocked message to those 99 other people who it actually didn't block the attachment for! Telling my users that attachments were stripped from their mails is helpful, but incorrectly telling 100s of other people negates this usefulness.
To hell with Edgar Allen Poe and Lewis Carrol, I can live without them, but not Beer. A spammer (at 206.169.149.77) sent me this to disrupt my filters! :-( How evil are these people?
"Unix Beer Comes in several different brands in cans ranging from 8 oz to 64 oz
Drinkers of Unix Beer display fierce brand loyalty even though they claim that a
ll the different brands taste almost identical Sometimes the pop tops break off
when you try to open them so you have to have your own can opener around for tho
se occasions in which case you either need a complete set of instructions or a f
riend who has been drinking Unix Beer for several years BSD stout Deep hearty an
d an acquired taste The official brewer has released the recipe and a lot of hom
e brewers now use it Hurd beer Long advertised by the popular and politically ac
tive GNU brewery so far it has more head than body The GNU brewery is mostly kno
wn for printing complete brewing instructions on every can which contains hops m
alt barley and yeast not yet fermented Linux brand A recipe originally created b
y a drunken Finn in his basement it has since become the home brew of choice for
impecunious brewers and Unix beer lovers worldwide many of whom change the reci
pe POSIX ales Sweeter than lager with the kick of a stout the newer batches of a
lot of beers seem to blend ale and stout or lager Solaris brand A lager intende
d to replace Sun brand stout Unlike most lagers this one has to be drunk more sl
owly than stout Sun brand Long the most popular stout on the Unix market it was
discontinued in favor of a lager SysV lager Clear and thirst quenching but lacki
ng the body of stout or the sweetness of ale"
Of the 1452 spam I received in my 3 accounts this weekend there are 157 references mentioning compliance with the Can-Spam act. Twenty of these said that they complied by including a valid reply address, a valid postal address and a working removal mechanism. The only one which actually met all of these criteria was from hurricane-map.com sent to an administrative address - 69.6.58.0/23 is blocked to everything else but to this address :-(.
So Scott Richter, one of the most infamous spammers on the planet, doesn't seem to be complying with Rule #1, what is the world coming to?
As other people have mentioned bouncing undeliverable mail is what mail systems are meant to do. But in this day and age where every second mail has a forged sender address, sending NDRs to the sender address is somewhat anti-social. The best solution is to reject undeliverable mail in the first place and not send NDRs at all.
:-( At least I can reject *ALL* traffic from these f-ing misconfigured/abused systems.
It seems that AOL is aware of the problems they cause by bouncing mail to forged sender addresses and are changing their system so that it will no longer be a two stage proxy which accepts all mail and then sends NDRs for undeliverable addresses. They will simply reject mail to bogus AOL addresses during the SMTP greeting.
But based on the hundreds of bounces to forged addresses I receive from systems which are trying to send spam to AOL and which AOL has blacklisted I don't think this is going to slow down the bounces!
AOL says they'll stop sending you bounces if you don't want them, have you tried phoning them?
WTF? I really mean WTF?
Do you have any idea what range of people use spamcop, what they report and what IPs get listed on spamcop? Have you heard of SPAM-L, yeah their double opt-in confirm at every step process doesn't stop idiots from reporting SPAM-L mails as spam to spamcop and getting the IPs of people who contribute to SPAM-L blacklisted. Here is one for you.
There is no doubt that some idiots prefer to use spamcop as an unsubcribe service rather than to try to unsubscribe from mailing lists that THEY have subscribed to. This is obviously pretty effective as they certainly cause the owners of the lists enough grief that they will be removed and never allowed back on. As long as spamcop can be abused in this way many list admins will be pissed off and think poorly of it.
But I must just be a spammer right? Everyone who sends mailers is a f***ing spammer contibuting to the crapflood of spew thats killing email. WTF?
Even if the GM fish were succesful and all the goldfish were killed, won't the foolish/careless people just reintroduce more foreign species again? Maybe you need to GM the fishermen with a new improved clue gene.
These Indian spammers think its legal. order@imark-india.com (202.63.171.243):-
"Since India has no anti-spamming law.."
"This e-mail message may contain confidential, proprietary or legally privileged information. It should not be used by anyone who is not the original intended recipient. If you have erroneously received this message, please delete it immediately and notify the sender. Since India has no anti-spamming law, we follow the US Unsolicited Electronic Mail Act of 2000, which states that mail cannot be considered Spam if it contains contact / removal information, which this mail does. If you want to be removed from the mailing list then you must reply to this mail with "Remove" in the subject line and e-mail for faster response and action
...if there had been no Al Gore, there would be no internet as we know it today
So let me get this straight. Without Al Gore I wouldn't have a mailbox full of p0rno spam everyday? Well thanks a lot Al Gore.
minimum two reports from separate users.
Noooo, minimum two reports from one user within seven days is enough for a blacklisting
This is an SMTP AUTH problem and any mail server which permits relaying using SMTP AUTH and doesn't filter by source IP is open to this type of abuse. Exchange is more susceptible to this attack than other mail servers because there are predictable account names which can be brute forced and SMTP AUTH is enabled by default. It is simple to turn this off.
What is the big deal?
It looks like thinkcomputer has an ulterior motive "Microsoft telephone support is not available without the risk of paying a relatively high per incident fee. Therefore, we recommend contacting Think Computer via e-mail at info@thinkcomputer.com for more information about the issues discussed in this White Paper."
It takes one complainant - that means only one person needs to make a complaint.
Spamcop requires two complaints from ONE person within seven days to blacklist a site.
This is not FUD, this is how Spamcop works and why Spamcop is easily abused. ONE person is able to get a site blacklisted - just ask samspade.org, monkeys.com, etc - supporting evidence/complaints from others is not required and ALL complaints are assumed as valid.
Main Entry: complainant
Pronunciation: k&m-'plA-n&nt
Function: noun
Date: 15th century
: the party who makes the complaint
Spamcop only requires one complainant and since it is fully automated any mail can be used to blacklist a site.
More and more people are being affected by both spam and blacklists. Usually people are only aware of blacklists when they block legitimate mail - as with most things in computing when something works well there is very little comment, but when there are a few small problems all you hear are complaints.
You seem to like spamcop reports and have entertained the thought of automatically banning people by parsing the spam reports you receive. This should be treated with a great deal of caution unless you want to be responsible for fiascos like this or this.
Relying upon some of the kooks who use spamcop to make the determination as to which of your users should be "killed" is not wise and I think your management has made the right decision. Certainly automating the process of sorting the complaints into wheat or chaff and cross referencing them to user accounts is worthwhile, but this should be an aid to human review and not an end in itself.
Having scripts which automatically hit the kill button is open to abuse - so it will be abused.