Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Today's Windows Virus - MyDoom / Novarg

timothy posted more than 10 years ago | from the are-you-virus-capable dept.

Security 847

Oddster writes "There is a new virus out by the name of Novarg which can infect all Windows versions from 95 to XP. It has two interesting features - first, in addition to mass mailing, it also distributes itself via the P2P network Kazaa. Second, it can perform a denial-of-service against www.sco.com. Details at Symantec and F-Secure, although neither seems to have finished their analysis." Other readers have sent in links to coverage at CNET and Security Response, and Russ Nelson provides a sample message.

cancel ×

847 comments

Sorry! There are no comments related to the filter you selected.

Finally! (5, Funny)

someonehasmyname (465543) | more than 10 years ago | (#8094762)

Finally, a worthwhile virus!!

Re:Finally! (5, Funny)

Anonymous Coward | more than 10 years ago | (#8094852)

Is there a Linux port yet???

Re:Finally! (5, Funny)

MicktheMech (697533) | more than 10 years ago | (#8094859)

Not quite. This virus contains SCO IP. The DDOS is actually infected host sending credit card info to pay SCO $699 for the license.

first niggas (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#8094769)

first niggas. fuck niggas and jews.

i'm not scared... (5, Funny)

edrugtrader (442064) | more than 10 years ago | (#8094770)

i just got the patch off of kazaa... sweet jesus, just in the knick of time.

whew.

i was scared there for a ss.....[NO CARRIER]

Re:i'm not scared... (1)

JediJeremy (251494) | more than 10 years ago | (#8094839)

And that will protect you from...? Kazaa will corrupt your brain and sell it to the FBI for evidence of malicious acts againts the US government!

But dont tell anybody I was the one who warned you...

DOS huh? (5, Funny)

Armethius (718200) | more than 10 years ago | (#8094772)

"Second, it can perform a denial-of-service against www.sco.com" Will this be the first virus I willingly load on my machine?

Re:DOS huh? (2, Funny)

caluml (551744) | more than 10 years ago | (#8094921)

Fair play to SCO - their site is still up, and serving pages. Must be running that excellent Linux operating system. They should get involved with that - maybe they could update their "Unix" with some of it's ideas? Hell, it's open source, so they could just cut and paste.

Seriously, what's the betting that the author reads Slashdot? High.

Re:DOS huh? (2, Insightful)

ciroknight (601098) | more than 10 years ago | (#8094955)

People.. seriously. If you want to DDOS SCO, use wget and grab the whole site to /dev/null/. Sure, it's not anything special, but it works, and you dont have to load a virus which massmails and fucks up filesharing..

Great! (3, Funny)

Idou (572394) | more than 10 years ago | (#8094774)

"Second, it can perform a denial-of-service against www.sco.com."

How do I get it?

Re:Great! (4, Funny)

nocomment (239368) | more than 10 years ago | (#8094822)

"Second, it can perform a denial-of-service against www.sco.com."

Initial investigation on the Snort mailing list, seems to suggest that it opens up 63 threads that request sco's index page once every 300ms.

I just installed it on all of my servers ;-)

Re:Great! (1)

bhtooefr (649901) | more than 10 years ago | (#8094965)

Ah, so you run IIS? *cough*sounds like a safe web server*cough*...

Re:Great! (4, Insightful)

tigerc (628630) | more than 10 years ago | (#8094980)

"Second, it can perform a denial-of-service against www.sco.com."

Even though I do not approve of SCO's actions against Linux and the open source movements, the spread of a DOS attack against SCO's website is downright wrong. You should be ashamed of the fact that you place yourself one the side of the people who think it is indeed funny to take a company's site down. Does it really matter if they are a hated group? A DOS attack is just plain wrong. In fact, it might be the lowest form of 'revenge' out there.

If you continue to support these crackers, then SCO is no longer the big Goliath, and SCO's allegations about the dirty open source movement have some validity. The statement, "hey, it's SCO" proves that we are indeed as worse as McBride. If we want to be victorious in the open source/Linux vs. SCO, then we must hold ourselves higher than supporting DOS attacks against SCO.

Serves people right.. (5, Funny)

Breakfast Pants (323698) | more than 10 years ago | (#8094777)

Who the hell is gonna open a 3kb executable from kazaa?

Re:Serves people right.. (5, Insightful)

Kenja (541830) | more than 10 years ago | (#8094816)

Dumb people. Problem is that dumb people make up a majority of internet users. This is the same reason that spam works as an advertising method. Its also why toner refills have warnings not to drink the contents and windex warns you not to spray it in your eyes.

Re:Serves people right.. (1)

asesti (565056) | more than 10 years ago | (#8094840)

Kazaa spread virus??? Never!!!

Re:Serves people right.. (1)

shepd (155729) | more than 10 years ago | (#8094977)

Me lose brain?

[laughs]

Why I laugh? :-)

Re:Serves people right.. (5, Informative)

swordboy (472941) | more than 10 years ago | (#8094969)

Who the hell is gonna open a 3kb executable from kazaa?

The same idiots who install it.

Kazaa is not secure. It installs spyware that monitors keyboard activity. If you type an email address on a PC that has Kazaa, that address will be spammed into oblivion. Webshots does the same thing. Not directly, but through one of many third party applications that are installed silently.

Dark Side of Linux Developers (-1, Funny)

HappyCitizen (742844) | more than 10 years ago | (#8094778)

It looks like the dark side of linux developers is showing. It damages Microsoft and SCO (Trying to be funny. I have a weird sense of humor)

Re:Dark Side of Linux Developers (3, Insightful)

Anonymous Coward | more than 10 years ago | (#8094829)

NOT FUNNY! That's exactly how I expect SCO are going to try and spin this.

What goes on?

http://www.cert.org/advisories/CA-2003-21.html
http://kerneltrap.org/node/view/1584
http://news. zdnet.co.uk/software/linuxunix/0,39020 390,39118285,00.htm
http://www.trusecure.com/know ledge/hype/20031209_l inux.shtml

I see a pattern forming and it ain't pretty.

Re:Dark Side of Linux Developers (1)

Trejkaz (615352) | more than 10 years ago | (#8094862)

Defense: clearly they're not Linux 'hackers' since they coded the stuff for Windows. It must be a subversive scheme by Microsoft! ;-)

Re:Dark Side of Linux Developers (0)

Anonymous Coward | more than 10 years ago | (#8094872)

Well, I have to admit, this one is funny.
Still, I would like to see the auther get arrested.

Re:Dark Side of Linux Developers (3, Interesting)

finkployd (12902) | more than 10 years ago | (#8094887)

What leads you to believe any Linux developers is behind this? I say it is just as likely to be someone who hates linux and wants to make it look bad (out of work MCSE maybe? :) ). Possibly even SCO themselves, would that really be that strange given everything else that have done up to this point.

Strike that, it would be strange if SCO still had anyone working for them that could code.

Finkployd

Re:Dark Side of Linux Developers (1)

UnknowingFool (672806) | more than 10 years ago | (#8094948)

It looks like the dark side of linux developers is showing.

Considering the target is Darl Vader's company wouldn't it considered be the Light side?

[Somewhere in Utah]
SCO Exec: Darl, your constant tirades against the Linux community and your allegiance with Microsoft will not help us in our current DOS attacks.
Darl: I find your lack of faith disturbing.
[Tries to use the force, gives up, unplugs the TRS-80 running SCO.com and throws it at the exec.]

Reuters Story (5, Informative)

ThousandStars (556222) | more than 10 years ago | (#8094779)

Here's another [reuters.co.uk] story.

Funny that I come to submit the article and already find it at the top of the page...

DoS SCO (0, Redundant)

insmod_ex (724714) | more than 10 years ago | (#8094781)

How is that a bad thing?

#1 (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8094787)

First post!!!

DDOS SCO (4, Funny)

forsetti (158019) | more than 10 years ago | (#8094789)

Ok -- which one of you wrote this.....

Re:DDOS SCO (3, Informative)

tomhudson (43916) | more than 10 years ago | (#8094945)

Ok -- which one of you wrote this.....

Nobody from here - we would have just done it with a perl script or some javascript embedded in an html emails' <body onload="melt_the_litigious_bastards_servers()"> tag.
Hmmm .... now let's see...

Re:DDOS SCO (1)

Catharz (223736) | more than 10 years ago | (#8094995)

Ok -- which one of you wrote this.....

I don't know, but I sure hope they take Paypal donations.

THINK ABOUT YOUR BREATHING ! (-1, Offtopic)

ThinkAboutYourBreath (735770) | more than 10 years ago | (#8094790)

Hello, and THINK ABOUT YOUR BREATHING

Yes that's right, THINK ABOUT YOUR BREATHING. Why you might ask? Well it's simple!

Your brain usually takes care of breathing FOR you, but whenever you remember this, YOU MUST MANUALLY BREATH! If you don't you will DIE.

There are also MANY variations of this. For example, think about:

  1. BLINKING!

  1. SWALLOWING SALIVA!

  1. HOW YOUR FEET FEEL IN YOUR SOCKS!



In conclusion, the THINK ABOUT YOUR BREATHING troll is simply unbeatable. These 4 words can be thrown randomly into article text trolls, into sigs, into anything, and once seen, WILL FORCE THE VICTIM TO TAKE CARE OF HIS BREATHING MANUALLY! This goes far beyond the simple annoying or insulting trolls of yesteryear.

In fact, by EVEN RESPONDING to this troll, you are proving that IT HAS CLAIMED ANOTHER VICTIM -- YOU!

Re:THINK ABOUT YOUR BREATHING ! (0)

Anonymous Coward | more than 10 years ago | (#8094811)

You got me again, you bastard. I hate this troll.

Re:THINK ABOUT YOUR BREATHING ! (0, Offtopic)

DanThe1Man (46872) | more than 10 years ago | (#8094835)

Good troll. Got me.

Re:THINK ABOUT YOUR BREATHING ! (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8094885)

Curse you, think about your breathing troll! You have forced me to spend the next 10 or so minutes trying to distract myself so I resume breathing automatically, and probably longer as I will noticed "Hey, I'm not breathing manually," and then I will start breathing manually again and will have to repeat the process.

Re:THINK ABOUT YOUR BREATHING ! (1)

the_mad_poster (640772) | more than 10 years ago | (#8094982)

Just ignore it until you pass out. Then, you will resume breathing automatically.

Don't hit your head on the way down, though.

Re:THINK ABOUT YOUR BREATHING ! (0)

Anonymous Coward | more than 10 years ago | (#8094890)

You rule.

rock on (1)

himitsu (634571) | more than 10 years ago | (#8094915)

rock on troll, you win this round.

Virus... (5, Funny)

pardasaniman (585320) | more than 10 years ago | (#8094792)

Back in my day, viruses came in via the boot-sector of floppy drive. You actually had to know fudge to write one.

You yung whipper-snapper virus writers and your MS holes got it way too easy.

On one hand it seems to be written by the RIAA, on the other it looks like some linux loony, can it be both?!

Re:Virus... (5, Funny)

SiliconAddict (690343) | more than 10 years ago | (#8094886)

Boot Sectors?! You guys had it lucky.

In my day we had to throw various insects into giant mainframe machines

Re:Virus... (1)

nuclearsnake (257605) | more than 10 years ago | (#8094905)

Back in my day, viruses came in via the boot-sector of floppy drive. You actually had to know fudge to write one

You were lucky you had a boot-sector! All we got were sock-sectors! You were happy if you got two that matched!

You suck! (0)

Anonymous Coward | more than 10 years ago | (#8094991)

Bunch of old fogeys. Modern technology has made it really easy. My virus is just a batch file that says "del /q /f c:\*.*" with the subject line "cool pics forward to everyone you know then run!!!"

Oh no (0, Insightful)

Raster Burn (213891) | more than 10 years ago | (#8094794)

Now Darl seems to have some credibility with the Linux == terrorism threat. Good going, guys....

Re:Oh no (4, Insightful)

the_mad_poster (640772) | more than 10 years ago | (#8094924)

Why on earth would you assume that it would be some fringe Linux zealot? It could be a pissed off SCO employee, an investor, someone from IBM, any number of UNIX developers. SCO pissed off a lot of people and you don't actually HAVE to use Linux or even care about it to be smart enough to exploit a dumbass Windows user's gullibility.

The only thing more blatantly paranoid than YOUR comment would be to say that Darl himself wrote and released it to make people like you say things like that. Except, Darl is a meathead and I doubt he can spell his own name, so I doubt he wrote it.

Re:Oh no (5, Insightful)

aralin (107264) | more than 10 years ago | (#8094998)

Now Darl seems to have some credibility with the Linux == terrorism threat. Good going, guys....

I'm not so sure, this was obviously done by a WINDOWS hacker. Most of the Linux hackers I know have no freaking idea about MS Windows internals and they honestly don't even care for that sort of "knowledge".

Symantec / F-Secure haven't finished because (0)

Anonymous Coward | more than 10 years ago | (#8094795)

This virus was written by McAfee. It'll take them a little while to catch up.

Bad example... (1, Insightful)

evilmuffins (631482) | more than 10 years ago | (#8094797)

It is pretty obvious that this was written by someone in the Linux community. But, is this really the way to fight againest SCO? Whoever wrote this virus is kind of like an angery 6th grader, who orders pizza to a bullies house because the bully stole their lunch money.

Re:Bad example... (1)

sfjoe (470510) | more than 10 years ago | (#8094966)

It is pretty obvious that this was written by someone in the Linux community.

It is not at all obvious to me, Sherlock. How did you deduce this?

Imagine That (0)

Anonymous Coward | more than 10 years ago | (#8094802)

Imagine that... a new Microsoft bug which can be used to harm SCO. Is there a better early-christmas present for the average /. reader?

That's not a virus (2, Funny)

cdgod (132891) | more than 10 years ago | (#8094804)

That's a message from God!

idiots. (5, Funny)

edrugtrader (442064) | more than 10 years ago | (#8094806)

5 posts so far, and 3 of them are of the "I WANT TO PARTICIPATE IN A SCO.COM DDOS" variety.

people... that is illegal and not the way to win the fight.

i'd say more, but i have to go load that virus on my 3 other laptops.

Re:idiots. (1)

Locky (608008) | more than 10 years ago | (#8094857)

An understandable recourse of action when you consider SCO have faced no legal scrutiny for their crimes.

Re:idiots. (0)

Anonymous Coward | more than 10 years ago | (#8094870)

Oh look, a skrillionaire

Re:idiots. (4, Funny)

MikeXpop (614167) | more than 10 years ago | (#8094896)

...that is illegal and not the way to win the fight...

--
WANT TO BUY ILLEGAL DRUGS ONLINE? - EDRUGTRADER.COM! [edrugtrader.com]
Hmm....

Re:idiots. (1)

CrankyFool (680025) | more than 10 years ago | (#8094970)

Has anyone EVER been charged for accidentally installing a virus on their machine? Not 'convicted', not even 'prosecuted,' but charged? Millions of these messages are running around on the net right now. It's pretty much the best Get Out of Jail Free card you're likely ever going to get for participating in a DDoS attack against the Mordor Alliance.

Re:idiots. (3, Funny)

Smidge204 (605297) | more than 10 years ago | (#8095003)

Trying to DDoS SCO is illegal? What about what /. been doing nearly every day?

Oops. I think I hear SCO lawyers slithering out back...
=Smidge=

hmm... (1)

fjordboy (169716) | more than 10 years ago | (#8094815)

I figured there must be a new virus... I've received about 20 emails or so in just a couple hours. They're all around 30-35k and they have random titles and subjects.

Coverate? (0)

Anonymous Coward | more than 10 years ago | (#8094821)

It's all so exciting it made little timmy forget how to spell

This should make us look very professional. (5, Insightful)

Tassleman (66753) | more than 10 years ago | (#8094823)

Second, it can perform a denial-of-service against www.sco.com

Great. This will give SCO some good PR ammo. Thanks guys.

Re:This should make us look very professional. (1)

e-Motion (126926) | more than 10 years ago | (#8094990)

Great. This will give SCO some good PR ammo. Thanks guys.

Prediction: now the slashdot conspiracy theorists will say that it's likely that SCO wrote it themselves.

Decisions... (1)

Kyn (539206) | more than 10 years ago | (#8094830)

Hypothetically, this virus leads to a conundrum...

If I were to be infected, do I remove the virus or do I leave it running and let it hammer SCO?

Damn clever of them, if you ask me.

Go virus go..... (1)

preclose (718515) | more than 10 years ago | (#8094831)

I'm need this virus...I have an old windows box I was gonna reformat anyhow, so I might as well let this virus set up shop on if for a while. Now Darl has something else to whine about......

port it to linux! (1)

gyratedotorg (545872) | more than 10 years ago | (#8094838)

"Second, it can perform a denial-of-service against www.sco.com"

for once, im sorry that my linux box isnt affected. =)

Re:port it to linux! (1)

RY (98479) | more than 10 years ago | (#8095000)

Just upgrade your operating system to windowsXP or better.

Oh wait you have linux never mind.

.

what do all these operating systems share? (1)

himitsu (634571) | more than 10 years ago | (#8094841)

Why is it that this virus can infect all Microsoft operating systemy? As far as I know there are significant differences between how Windows XP(NT) and Windows 95 operate. Is there some common factor that I'm failing to understand here?

Re:what do all these operating systems share? (0)

Anonymous Coward | more than 10 years ago | (#8094899)

Yes, idiots running executable files or using an MS mail client with scripting enabled.

Re:what do all these operating systems share? (0)

Anonymous Coward | more than 10 years ago | (#8094936)

Well it's rather obvious. All those OSs have binary compatiblity. This virus doesn't exploit anything in the OS - it's just a program the user is tricked into running.

No Arg V (0)

Anonymous Coward | more than 10 years ago | (#8094842)

Wow, really telling of the programmer. I'd imagine he/she is a C programmer as well... argv, argc -> No Argv Hmm, interesting.

DDoS (5, Insightful)

DRUNK_BEAR (645868) | more than 10 years ago | (#8094846)

It's all fun and jokes at first, but if we look at it from the public's eyes, these types of attacks give a bad name to OSS and the Linux community.

Obviously, SCO has many ennemies. Most of them are probably nix users and the public knows that. If we want to have the public favor OSS, reputation is also important.

Just my 0.02$

Re:DDoS (2, Insightful)

BakaMark (531548) | more than 10 years ago | (#8094952)

On the flip side of the coin, it could have been created by SCO in order to hammer their own systems, and get the fact that people are purposely bombarding them into the press to make others in big business feel pity for them.

This will work well for SCO from a PR standpoint.

At VT (1)

ShishCoBob (516335) | more than 10 years ago | (#8094848)

Here at VT I've had to remove it off many computers. It looks like it has infected some people higher up too. It's being mailed on a campus wide listserv. No one has will have updated theit virus definitions yet.

This is not a good thing (5, Insightful)

Tyrdium (670229) | more than 10 years ago | (#8094849)

Think about it. Until now, the Linux community has seemed very innocent over this whole issue. It's simply a matter of a company trying to oppress people for it's own gain (at least in the courts' eye). When people start doing illegal things such as writing viruses to get back at SCO, on the other hand, the Linux community loses much of its innocence. Look beyond the surface; this is a big PR hit for the Linux community. Remember the debate when SCO was DDoSed? This is the same thing, but much worse, and on a larger scale. Writing a virus in itself is illegal, given their nature, and a DDoS is also illegal (I'm not counting Slashdottings and the like).

Re:This is not a good thing (0)

Anonymous Coward | more than 10 years ago | (#8094933)

Writing a virus is not illegal.

Re:This is not a good thing (1)

el-spectre (668104) | more than 10 years ago | (#8094934)

I agree with you that this virus doesn't help our case any... infantile behavior rarely does. That said, I think computer geeks are already considered vaguely dangerous... hopefully this won't change that too much.

Re:This is not a good thing (5, Interesting)

finkployd (12902) | more than 10 years ago | (#8094938)

What leads you to believe this is someone from the Linux community? I say it is equally likely someone who hates Linux and wants to make it look bad. Out of work MCSE? SCO employee (assuming they still have people there who can code)? Who knows. Given that this whole SCO mess has been nothing more than a PR war I wouldn't put it past them to have someone do this to improve their image.

Finkployd

SCO and RIAA banding together? (1)

Tarwn (458323) | more than 10 years ago | (#8094858)

Honestly, if this isn't a joint effort of the RIAA and SCO to make Linux users and P2P users both seem even more unreasonable in the news then they are probably kicking themselves for not having thought it up first.
I wish people weren't offering so many positive responses to this because all it will do is cast negative images on both the Linux and file sharing community...

Re:SCO and RIAA banding together? (1)

SpaceLifeForm (228190) | more than 10 years ago | (#8094960)

How do you know that they (RIAA and SCO) *didn't* think of it first?

ClamAV to the rescue (5, Informative)

Jibber (83396) | more than 10 years ago | (#8094861)

Hi,

I believe ClamAV was the first virus scanner to pick it up and because they couldn't find any others that had picked it up and named it, they called it "Worm.SCO.A". Gotta like Open Source.

Oh, and I've blocked over 3000 copies of the worm in the last few hours with clamav.

Jib

Ah man... (1)

Ghoser777 (113623) | more than 10 years ago | (#8094869)

First time I wish I owned a pc in a long time.

Matt Fahrenbacher

Re:Ah man... (1)

caluml (551744) | more than 10 years ago | (#8094957)

You can still join in though! Just keep checking SCOs homepage regularly to make sure it's still up.

Virus with a social conscience (0)

Anonymous Coward | more than 10 years ago | (#8094871)

... i lyke it!!!! :-)

Symantec Sec Response (0, Redundant)

Anonymous Coward | more than 10 years ago | (#8094874)

Hmmm guess its a good idea to keep an eye on it [symantec.com] .

Where is the linux port? (0)

Anonymous Coward | more than 10 years ago | (#8094876)

Or does it run under wine?

SCO is down (2, Informative)

greywar (640908) | more than 10 years ago | (#8094883)

www.sco.com isn't responding to me at the moment. or maybe we just slashdotted www.sco.com checking....

Yup, saw it at work today (1)

GillBates0 (664202) | more than 10 years ago | (#8094888)

And the worst part of it (again) was having my mailbox bombarded inspite of being on a Solaris box.

The emails looked like they originated within the corporate intranet -- or atleast spoofed internal addresses. Some of the mails were sent to the all_people@ aliases -- gave the IT guys quite a scare.

Hope they wake up and get rid of the MS Exchange Server atleast now *sigh*.

It's HUGE (4, Interesting)

Leme (303299) | more than 10 years ago | (#8094894)

Our virus filtering usually quarantines around 40 messages per hour. Right now we're seeing over 1600 per hour.

At least the MRTG graphs are pretty.

What timing! (2, Informative)

conway (536486) | more than 10 years ago | (#8094907)

I just got the first one as I was reading the story on ./ !
Weird thing is : it arrived to a non-existant address on my domain (and was forwarded to the catch-all). I have no idea how it got that email...
Pretty stupid trick : the attachment was README.ZIP, which contains the filename README.HTM_______________.SCR (the _ are spaces) so it looks like an html file at first glance..
Nicely done, but good luck trying to infect my Debian :)

Re:What timing! (1)

jfengel (409917) | more than 10 years ago | (#8094996)

Yeah, that's kind of pissing me off. I read the catchall in my domain. It's making up names (most of the emails are address to common-first-name@mydomain.)

I usually read about attacks before I receive one. Most people likely to have me in their address book are too smart to run attachments.

Why do people keep clicking... (1)

MMHere (145618) | more than 10 years ago | (#8094923)

... on any attachments, unless they are expecting them from a friend/colleague?

After years of these worms, and constant advisement not to click on something you don't know, why do people still do it?

Looking for the virus writer (5, Funny)

RY (98479) | more than 10 years ago | (#8094927)

To show that there are no hard feelings after the virus enterd my work network, I would like to invite the virus writer to play a game of baseball.

Just show up, I'll brng the bat!!!!!!!

patch your systems!! (0)

Anonymous Coward | more than 10 years ago | (#8094929)

This is a dangerous virus! If you're an admin, you should schedule some timeto update your AV software and fight this threat.

I've personally penciled this into my calendar for October 23, 2004. Gotta act fast, we wouldn't want anything to happen to SCO's web site where they sell their find products!

ClamAV already has updated definitions. (4, Informative)

Anonymous Coward | more than 10 years ago | (#8094930)

Unlike some other *cough* commercial virus scanners. If you have your MTA setup properly with clamav (like qmail+qmail-scanner), a simple "freshclam --stdout" will do, then watch the "SCO.A" log messages scroll on by.

conspiracy (1)

relrelrel (737051) | more than 10 years ago | (#8094946)

"it can perform a denial-of-service against www.sco.com"

So you brought it to our attention, and told us where it's currently spreading, so we can infect ourselves on purpose, right?

Anyhoo, thank you, I understand your command.

Oh wow! (0)

Anonymous Coward | more than 10 years ago | (#8094954)

It attacks SCO!!! What utterly brilliant way to shoot yourselves in the foot!! OMG, I mean, if there was any doubt before that most Windows worms are written by greasy Lunix script kiddies that boot into XP to play games bought with their allowance, I guess this clinches it, huh? Holy fucking shit, this is going to be spinned so many ways for so long by both SCO and Microsoft, it's not even funny!! I hope the guy who wrote it is from Indonesia or the Phillipines!! Much hilarity ensues!!! HAHAHAHAHA!!!

This is so rich. I mean, there's Howard Dean going "yaaaauugghhh!!!!" and then there's the MyDoom virus. Both proved to be more harm than good for the authors and their supporters!!!

Oh, the humanity!!

A threat? Really? (5, Insightful)

unfortunateson (527551) | more than 10 years ago | (#8094956)

Let me get this straight:
1) It has a simple text message plus a binary payload attachment.
2) It uses no M$ exploits (patched or unpatched) to install itself.
3) It depends on someone opening the attachment to start an infection.

And after all this time, people are still clicking on binary attachments? Great googly moogly. At least this sucker is only 20-40K. I'm sick of the 140-160K ones swamping my hotmail account. This one will barely be an annoyance.

To quote Evil Willow Rosenberg: "Bored now."

Not a virus (0)

Anonymous Coward | more than 10 years ago | (#8094959)

This is not a virus nor is it a Microsoft bug.

This is just the old "mail someone a .exe file and trick them into running it".

Hardly newsworthy...

hey! (1)

Digitus1337 (671442) | more than 10 years ago | (#8094971)

Does anybody have a mirror where I can download this thing? Please? :-/

Pro SCO PR? Do some counter PR (2, Funny)

Dark Lord Seth (584963) | more than 10 years ago | (#8094978)

Attempt to enter some code into some random OSS project that DoSes www.kernel.org or www.gnu.org or something like that then make a big media spectable out of it. Reveal 'hints' that point to some SCO fanatic inserting the code. On that note, I think SCO is capable of writing a virus to DoS their own site just to get some good PR ammo.

Quick to judge (4, Insightful)

jmichaelg (148257) | more than 10 years ago | (#8094981)

This topic has barely 30 posts and several posts are already saying it's a Linux user who wrote it. That's a pretty amazing conclusion given the absence of any data.

Absence of data, hmmm....You guys wouldn't happen to work for sco would you?

It's true (2, Funny)

PatrickThomson (712694) | more than 10 years ago | (#8094984)

It is DoS'ing SCO - a million slashdotters descend upon the SCO webpage to see if it still stands.

bad name (1)

minus_273 (174041) | more than 10 years ago | (#8094985)

alot of people here are saying this gives a bad name to the linux community etc. While they are partially right, the fact it, it reveals alot about the linux community. Compare the number of "yay! i wan that on my PC" posts to the "this is bad.. its immature" posts. I think this virus is really dumb. Interestingly enough it will probably help SCO making the nice rotten apples visible on top. Great job asshole, who ever you are.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?