Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

MyDoom Windows Worm DDoSing SCO

CmdrTaco posted more than 10 years ago | from the now-thats-just-not-cool dept.

Caldera 694

We mentioned the myDoom Worm just a few hours ago, but more information is available now, mainly that its ultimate goal is apparently to DDoS SCO. You can see some more detail at NetCraft. Obviously SCO has a lot of enemies out there right now, but it's always sad to watch someone stoop to this level.

cancel ×

694 comments

Sorry! There are no comments related to the filter you selected.

I never thought I'd say this... (0, Funny)

Anonymous Coward | more than 10 years ago | (#8098796)

Quick, disable your AV software, and get some Windows boxes on the internet!

Re:I never thought I'd say this... (5, Funny)

swordboy (472941) | more than 10 years ago | (#8098842)

Better yet, go here [sco.com] and keep clicking refresh - maybe you'll be the first to see the DDoS taking place!

Re:I never thought I'd say this... (-1, Redundant)

Anonymous Coward | more than 10 years ago | (#8098848)

No need to, there are enough LUSERS "clicking" on the attachment. *sigh*

I already got about two dozen copies of this worm today...

Re:I never thought I'd say this... (0, Funny)

Anonymous Coward | more than 10 years ago | (#8098888)

Can someone email the virus please?

Reminds me of a joke... (4, Funny)

mirko (198274) | more than 10 years ago | (#8098911)

A young boy walks into a whorehouse dragging a crushed frog on a string. He goes up to the madam and says, "
I'd like to have the service of one of your young ladies, but she's gotta have herpes."

The madam, taken aback by the boy, asks him, "Little boy, why on earth would you want to ruin your life at such an early age?"

The boy says, "I don't want to explain, Either you help me out or I'll go somewhere that will!"

The madam figures his money is better spent here than somewhere else, and takes him into the back to meet his lady.

About an hour later the boy, still dragging the frog, tries to pay for his time.

"Keep your money", said the Madam, "but I've just got to know why a boy your age wants herpes so badly. Won't you please tell me?"

The boy takes a deep breath and sighs. "Ma'am, you see this frog? When I go home tonight, mom and dad are going out, and the babysitter will come over. And the babysitter will get the herpes. Then mom and dad will come home, dad will take the babysitter home, and dad will get herpes. When mom and dad go to bed tonight, mom will get herpes. Tomorrow, I'll go to school, dad will go to work, and the milkman will get herpes.
And the milkman,
" the boy sobbed, "the milkman is the son of a bitch who ran over my frog!"


Now, with a proper sed'ing :
A young skr1pt k1dd13z walks into a whorehouse dragging a crushed computer on a string. He goes up to the spammer and says, "
I'd like to have the service of one of your young bulkers, but she's gotta have MyDoom."

The spammer, taken aback by the skr1pt k1dd13z, asks him, "Little skr1pt k1dd13z, why on earth would you want to ruin your life at such an early age?"

The skr1pt k1dd13z says, "I don't want to explain, Either you help me out or I'll go somewhere that will!"

The spammer figures his money is better spent here than somewhere else, and takes him into the back to meet his bulker.

About an hour later the skr1pt k1dd13z, still dragging the computer, tries to pay for his time.

"Keep your money", said the spammer, "but I've just got to know why a skr1pt k1dd13z your age wants MyDoom so badly. Won't you please tell me?"

The skr1pt k1dd13z takes a deep breath and sighs. "Spammer, you see this computer? When I go home tonight, proxy server and exchange server are going out, and the mail gateway will come over. And the mail gateway will get the MyDoom. Then proxy server and exchange server will come home, exchange server will take the mail gateway home, and exchange server will get MyDoom. When proxy server and exchange server go to bed tonight, proxy server will get MyDoom. Tomorrow, I'll go to school, exchange server will go to work, and Darl will get MyDoom.
And Darl,
" the skr1pt k1dd13z sobbed, "Darl is the son of a bitch who ran over my computer!"

Re:I never thought I'd say this... (3, Funny)

Pollux (102520) | more than 10 years ago | (#8098974)

Obviously SCO has a lot of enemies out there right now, but it's always sad to watch someone stoop to this level.

Quick, disable your AV software, and get some Windows boxes on the internet!

You know, this reminds me of one time when an apartment building in our neighborhood was burning. Sure, you felt sorry to see it burn, and you felt sorry to see the people who lived there get hurt, but man, it's really fun to watch a building burn!

Really, there was one guy in the group who came out in a lawn chair with a six pack and watched it all happen. Raised his beer with a "Hell yea!" when the wooden frame structure collapsed.

Who cares? (-1, Offtopic)

Nameles (122260) | more than 10 years ago | (#8098797)

yaay.

i'm sick of all this sco news, who gives a fuck?

SCO probably wrote it (3, Insightful)

corebreech (469871) | more than 10 years ago | (#8098803)

Given their history of underhanded dealings this wouldn't surprise me one bit. This attack only helps SCO. They get sympathy. What do the worm writers get?

Nothing.

Re:SCO probably wrote it (3, Insightful)

markom (220743) | more than 10 years ago | (#8098814)

If worm writers work for SCO -- everything :-)

Re:SCO probably wrote it (4, Insightful)

Saven Marek (739395) | more than 10 years ago | (#8098845)

...they get to give SCO a great fat middle finger

No, not all of us support actions like this against SCO. It does drag people down to their level acting like this, but in the end, frustration does that to people. Not everyone, but some.

SCO has now, for a full 12 months, made threat after threat, claim after claim, that they can't backup, but there's no way to stop them. People get frustrated by their continuous whining.

A fly buzzing around my head annoys me. Usually, I'll slap it and kill it. That's taking me down to far below its level, but it's satisfying. Given several hundred million people annoyed with SCO, I'm surprised more haven't acted this way towards them.

Re:SCO probably wrote it (5, Funny)

Simon Lyngshede (623138) | more than 10 years ago | (#8098873)

Well maybe they didn't write it, but Im sure there is some SCO code in it.

Re:SCO probably wrote it (5, Funny)

jimicus (737525) | more than 10 years ago | (#8098900)

Anyone whose computer is infected with this worm is violating our IP! You must pay $699 for a license!

But, damn it! (3, Interesting)

Short Circuit (52384) | more than 10 years ago | (#8098878)

This is going to be a serious blow to the moral credibility of the OSS community, not just Linux users.

We seriously need some sort of petition stating we do not support Linux or OSS, but not underhanded tactes like DDOSing and viruses.

SCO Reichstagsbrand! (0)

Anonymous Coward | more than 10 years ago | (#8098887)

Yes, I know, Godwyn will turn around in his grave, but it needed to be said!

They do get something. They get spam relays. (4, Interesting)

Vintermann (400722) | more than 10 years ago | (#8098933)

I think the real purpose of this worm is to enable spammers to work more comfortably and safely. The attack at SCO conveniently distracts attention from this, and on to the spam-hating linux community.

Re:SCO probably wrote it (4, Insightful)

ConversantShogun (227587) | more than 10 years ago | (#8098953)

It does seem odd that the worm has a trigger to stop spreading on Feb 12. If SCO were to unleash a self-attacking worm, wouldn't they likely include such a provision?

Film at 11. (1)

AVee (557523) | more than 10 years ago | (#8098961)

Well, since SCO seems to prefer a world full of Windows, why else whould they try to destroy Linux, they are given a sneak peek of what it whould bring them. This will cause them to give MS back all the money they got from them, because they are enabling terrorist actions against them. It is a Windows virus after all. They will find out how wrong they were. They will convert and tomorrow we will seem Darl hugging Linus and all will be well again.

Maybe...

Change domain (5, Funny)

Anonymous Coward | more than 10 years ago | (#8098807)

Maybe theyll change their domain name like M$ did to bastards.sco.com instead of sco.com/bastards

Re:Change domain (2, Funny)

julesh (229690) | more than 10 years ago | (#8098949)

Assuming you're talking about the Windows Update DDOS, you probably mean bastards.com.

sad? (0)

Anonymous Coward | more than 10 years ago | (#8098808)

Obviously SCO has a lot of enemies out there right now, but it's always sad to watch someone stoop to this level.

no it's not!!!!!

It may be wrong on some level... (3, Funny)

r0xah (625882) | more than 10 years ago | (#8098812)

This may not be the most appropriate way to attack SCO, but after all the FUD they have released and the actions they have taken it puts a smile on my face to see something like this come about. I hope their server gets toasted. Bring on the worms!

Re:It may be wrong on some level... (-1)

Anonymous Coward | more than 10 years ago | (#8098875)

Considering your user name is r0xah, your childish reaction doesn't surprise me in the slightest.

Re:It may be wrong on some level... (1)

r0xah (625882) | more than 10 years ago | (#8098923)

Childish? I notice that you posted Anonymous Coward because you don't even want to back your comment. My user name is r0xah because I was bored and didn't know what else to put. I back my statement because I dislike what SCO has done and have followed the news since the beginning. Unlike you I probably could be affected by them somehow winning a lawsuit because I work for a university who runs many Linux based systems. Oh yeah one more point... I said this may not be the correct way to go, but yes it does make me smile once again.

Re:It may be wrong on some level... (-1)

Anonymous Coward | more than 10 years ago | (#8098958)

Considering your user name is r0xah, your childish response doesn't surprise me in the slightest.

Re:It may be wrong on some level... (0)

Anonymous Coward | more than 10 years ago | (#8098973)

My user name is r0xah because I was bored

Why the fuck does everyone use that as an excuse for everything? So you're sitting around trying to think of something to do...and you decide to create a slashdot account with a shitty name? That doesn't make any goddamn sense. Everytime some asswipe does something stupid his excuse is "well...I was bored." Can't you fucking shitheads come up with a better goddamn excuse? IT DOESN'T MAKE ANY SENSE.

Re:It may be wrong on some level... (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#8098894)

> but it's always sad to watch someone stoop to this level.

No, it's called `rise to the challenge`. It'll have no effect on the lawsuits, and if it pissed SCO off and causes them some trouble, then good.

Call the schoolmaster! (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8098943)

Good morning, The Worm, Your Honor.
The Crown will plainly show,
The prisoner who now stands before you,
Was caught red-handed showing feelings.
Showing feelings of an almost human nature.
This will not do.
Call the schoolmaster!

Workers (5, Interesting)

turtlexit (720052) | more than 10 years ago | (#8098815)

SCO ought to start getting hit hard today as office workers and the like start checking their email today starting around 9 Eastern, and running the virus. It'll be interesting to see what SCO's reaction will be. Almost like the calm before the storm ;-)

Re: Understand though... (2, Informative)

Quantum-Sci (732727) | more than 10 years ago | (#8098946)

The hammering of SCO doesn't start until Feb 1 though. Supposed to be Feb 1-12.

I received three of these yesterday, and it's been ages since I received anything with a virus. Must be massive.

hmm. (-1, Troll)

termos (634980) | more than 10 years ago | (#8098821)

Wasn't there just a story [slashdot.org] on this?

Re:hmm. (-1)

Anonymous Coward | more than 10 years ago | (#8098844)

Someone tell me why I didn't read the article.

Re:hmm. (1)

Bigman (12384) | more than 10 years ago | (#8098858)

Yes, I imagine that's why CmdrTaco said
We mentioned the myDoom Worm just a few hours ago,

No?

Infect me!! (0, Troll)

Anonymous Coward | more than 10 years ago | (#8098823)

Oh please infect me! PLEASE!! INFECT ME!!!

I want to get infected.

Fuck SCO.

Re:Infect me!! (-1)

Anonymous Coward | more than 10 years ago | (#8098907)

If you f*** SCO, then you get infected in a different way ....

Sad? (-1)

Anonymous Coward | more than 10 years ago | (#8098824)

It's not sad, it's absolutely fucking hilarious! And just goes to show.

Is the source available on GPL? (3, Funny)

Bigman (12384) | more than 10 years ago | (#8098827)

Lol
Seriously, its is a shame, it will only fuel Darl's paranoia.

Re:Is the source available on GPL? (0, Funny)

Anonymous Coward | more than 10 years ago | (#8098930)

Is the source available on GPL?

No, but you can buy the SDK here [amazon.co.uk] .

hmm (-1, Redundant)

beredon (454896) | more than 10 years ago | (#8098829)

Just got my old laptop (windows) up and running. I'm doing my bit.

Cool! (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8098830)

Good to see the Linux community is up to their old tricks. DOSing people they don't like and attacking Microsoft all in one.

And people wonder why some people don't take Linux seriously...

(Not a troll, just an observation)

Something Doesn't Add Up (4, Interesting)

nathanh (1214) | more than 10 years ago | (#8098831)

I thought the worm was set to start the DDOS on February 1. So why is SCO showing a DDOS right now?

Was the February 1 thing made up? I've not yet received the virus in my email so I can't check the code for myself.

Or (I consider this more plausible) has SCO taken their own site down with the intention of blaming the "Linux terrorists", but they stupidly took it down 3 days too early.

Re:Something Doesn't Add Up (1, Informative)

GrenDel Fuego (2558) | more than 10 years ago | (#8098870)

SCO has been under repeated DDOS attacks for months now. Netcraft is most likely showing details on those ones.

Re:Something Doesn't Add Up (1, Funny)

Anonymous Coward | more than 10 years ago | (#8098874)

I've not yet received the virus in my email

What's your address? I can send it to you...

Re:Something Doesn't Add Up (5, Insightful)

T-Punkt (90023) | more than 10 years ago | (#8098891)

I asked that myself.

Could be some PCs with badly set clocks. Well, you know those windows users, they don't set their system clocks, have 00:00 blinking on their VCRs, use outlook and click on every fscking single attachements that made it into their mailbox.

Re:Something Doesn't Add Up (3, Interesting)

julesh (229690) | more than 10 years ago | (#8098905)

I've not yet received the virus in my email so I can't check the code for myself.

Good god, man, don't complain when you've been that lucky. I got into the office this morning to find 550 unread messages, mostly copies of this, or messages saying that copies I had supposedly sent hadn't been delivered...

Re:Something Doesn't Add Up (5, Insightful)

crawling_chaos (23007) | more than 10 years ago | (#8098948)

I got into the office this morning to find 550 unread messages, mostly copies of this, or messages saying that copies I had supposedly sent hadn't been delivered.

Preach on, brother. I wish some sysadmins would get a clue and realize that with viruses spoofing the From: address, there is no fscking point in sending the "you sent me a virus" panic mail. All it does is bother the wrong people.

Re:Something Doesn't Add Up (0, Funny)

Anonymous Coward | more than 10 years ago | (#8098917)

> I thought the worm was set to start the DDOS on February 1. So why is SCO
> showing a DDOS right now?

I guess some people have been playing with their system clocks to get around lame trial-period software?

Re:Something Doesn't Add Up (1)

Thrakkerzog (7580) | more than 10 years ago | (#8098963)

who sets it forward in time?

SCO Self attack vs. RIAA camouflage (2, Interesting)

JumperCable (673155) | more than 10 years ago | (#8098962)

Or (I consider this more plausible) has SCO taken their own site down with the intention of blaming the "Linux terrorists", but they stupidly took it down 3 days too early.

Not that I don't think your idea is a serious possibility, but SCO is probably being slashdotted by all the people who want to see if it is down.

Tinfoil Hat idea #3: Since this is being spread by Kazaa, perhaps the RIAA is trying to scare file traders off of the Kazaa networks but ensure the virus is blamed on someone else. SCO haters are a dime a dozen.

Enough for now, I've got to finished rereading Catcher in the Rye.

So, for once, Netcraft really confirms? (1)

Pac (9516) | more than 10 years ago | (#8098835)

Is SCO finally dying? Will the two stories a day torture end in silent dismissal?

All I can say (-1, Troll)

negacao (522115) | more than 10 years ago | (#8098837)

is HAHAHAHAHAHAHAHAHAHA.

spam is next (0)

dkode (517172) | more than 10 years ago | (#8098839)

ok guys, whoever created the worm went about it all wrong...what we really need is to just subscribe every e-mail address at SCO to every pr0n newsletter known to man.

I know that would piss me off more than any virus.

Killing two ugly birds with one stone (4, Funny)

G4from128k (686170) | more than 10 years ago | (#8098840)

Seems like this is Linux's ultimate weapon of mass destruction because:

1. The virus makes M$ operating systems look bad.
2. The DDoS attack goes after every Linux lover's most hated target, SCO.

But I do feel sorry for the people forced to used Windows by PHBs or who are novice users that don't know better than to run e-mailed executables.

Re:Killing two ugly birds with one stone (5, Funny)

ArseneLupin (743401) | more than 10 years ago | (#8098959)

Seems like this is Linux's ultimate weapon of mass destruction because:

Didn't you get it? There are no weapons of mass destruction! It was all made up by Darl and his cronies!

Re:Killing two ugly birds with one stone (1, Insightful)

ThogScully (589935) | more than 10 years ago | (#8098960)

1. The virus makes M$ operating systems look bad.

No, it makes the hacker community, which the with the marketing power of SCO and Microsoft may as well be synonomous with the OSS or FS communities, look bad. From the layman's perspective viruses aren't the fault of Windows - they are glad Microsoft is around to release patches to fix what the hackers broke.

2. The DDoS attack goes after every Linux lover's most hated target, SCO.

Yeah, it does and more than a few people are at least smiling to themselves here that SCO is finally getting punished in some way when they've been doling out the threats, extortion policies, etc for so long seemingly unchallenged. But it's still the wrong way to do it and the right way will come.

Patience is a virtue. Viruses are more likely to hurt the Linux community than Microsoft. Even in terms of monetary losses, this virus has just pushed my companies bandwidth usage over the monthly maximum - it's gonna cost me and I wouldn't touch a Windows machine with a 10 foot pole.
-N

This stinks - easy PR for SCO (5, Insightful)

Captain Kirk (148843) | more than 10 years ago | (#8098841)

Within a week, Darl will be equating Linux developers with virus writers - "both are called hackers and both hate me" he'll say and some 'respectable' journalists will report it as true.

ed (5, Funny)

ballpoint (192660) | more than 10 years ago | (#8098843)

but it's always sad to watch someone stoop to this level

s/is/eir

I don't get the joke... (0)

Anonymous Coward | more than 10 years ago | (#8098916)

I'm just a Windows user and I don't get the joke. Can somebody please explain it to me?

Damn those ignorant anti-virus idiots! (5, Insightful)

Anonymous Coward | more than 10 years ago | (#8098847)

FFS, if you know that a worm forges the sender address, DON'T send bounces to that address. Worms are relatively easy to filter, but the crap from the virus-scanners comes in seemingly endless variations. Some even have the nerve to advertise their anti-virus solution, followed by a copy of the worm-mail, binary attachment included. Yeah right, moron, you just sent a copy of the worm to me and you expect me to buy your anti-virus product???

A dupe within 8 articles of each other (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#8098850)

is this a record?

Maybe, maybe not (5, Interesting)

AndroidCat (229562) | more than 10 years ago | (#8098851)

It's still unclear what the real goal of this worm is. While it does DDoS SCO, it also installs a proxy that can be used by spammers. Long after sco.com is smoking rubble, this will probably be relaying Make P3n1s Fast! spam.

It's too early to call this one. Relax and pass the popcorn.

Re:Maybe, maybe not (1)

negacao (522115) | more than 10 years ago | (#8098901)

"Make P3n1s Fast!" == "Make Penis Fast!"

You know, I can't I've gotten that one thus far...

ummmm a good virus? (3, Interesting)

k.ellsworth (692902) | more than 10 years ago | (#8098854)

is actually, nice to have SCO.com messsed around. just because they will be forced to use LINUX/APACHE to survive the attack... i guess SCO stock will fall, again just because will be needing to hire akamai server just like microsoft did. linux to save their enemies. ironic

Re:ummmm a good virus? (0)

Anonymous Coward | more than 10 years ago | (#8098926)

is actually, nice to have SCO.com messsed around. just because they will be forced to use LINUX/APACHE to survive the attack

According to NetCraft [netcraft.com] , they already do use Linux/Apache on their web server :-)

Please, stop it with the "holier than thou"... (-1, Troll)

rokzy (687636) | more than 10 years ago | (#8098855)

...attitude. They deserve this. It's not like anybody is being physically hurt or anything.

Re:Please, stop it with the "holier than thou"... (2, Insightful)

turtlexit (720052) | more than 10 years ago | (#8098903)

This is simply, dumb. In addition to DDoS'ing SCO, the worm reportedly installs a backdoor, giving full access to the computer. We all know what this means... possible stolen identities, banking information, spam relays, new targeted DDoS attacks, etc.

No worm is a good worm, even if it does happen to also attack the (other) company we all love to hate.

Re:Please, stop it with the "holier than thou"... (4, Insightful)

Artifex (18308) | more than 10 years ago | (#8098968)

...attitude. They deserve this. It's not like anybody is being physically hurt or anything.


They deserve to have their claims refuted in a court of law, and hopefully they will have to pay damages, court costs, and issue full and public apologies, before going bankrupt. If it can be proved that they deliberately lied in these claims, they also deserve criminal charges brought against them.

Vigilanteeism, however, is just malice operating under false pretenses.

Welcome to my foes list.

Re:Please, stop it with the "holier than thou"... (1)

Halo1 (136547) | more than 10 years ago | (#8098970)

And do I deserve to get all these fsckin virus mails (and bounced virus mails) sent to me and the mailing lists I administer? Virus writers suck.

I wonder if this DDOS is due to... (4, Interesting)

calebb (685461) | more than 10 years ago | (#8098857)

...millions of people checking sco.com to see if it's still up? or...
...computers with clocks that aren't set correctly? or...
...the virus analysts misinterpreting the taskmon.exe when they decompiled it?

Not so different from SETI? (5, Funny)

orty78 (707288) | more than 10 years ago | (#8098859)

This is very similar to the SETI@Home project. I'd like to try it out and run it for a while. How and where do I sign up?

Re:Not so different from SETI? (1, Funny)

Anonymous Coward | more than 10 years ago | (#8098937)

Here's the great thing about it, you don't have to, you get invited!

Re:Not so different from SETI? (3, Funny)

julesh (229690) | more than 10 years ago | (#8098969)

You're in luck. Just run your standard Windows e-mail client, publish your e-mail address on a web page, and start running all those nice screen savers people will e-mail to you. No sign up required.

Conspiricy! (3, Interesting)

The Real Chrisjc (576622) | more than 10 years ago | (#8098861)

Maybe this is all just a big conspiricy by SCO to make the open-source community seem like a bunch of immature wotsits? I mean, think of all the positive sco publicity they could milk out of this, not to mention maybe using it in the courts? Trying to associate the open-source community with the scum that writes virus' and worms etc.

I'll put my tin-foil hat on now I think. .

Chris

Not sad! (0)

Anonymous Coward | more than 10 years ago | (#8098862)

Scripture says that you will reap the fruit that you sow. SCO has pissed in so many pools that I don't think I'm capable of feeling sorry for them any more. Yes, a DDOS is probably illegal, but how many of SCO's recent actions have skirted the bounds of illegality also? They've leveled dozens of accusations at Fortune 500 companies without producing a single shred of evidence to back them up. The Linux community may not have the billions of dollars and huge legal team that Microsoft has, but that does not mean that we are a force to be taken likely. I suspect that SCO is slowly starting to figure this out.

Really, people (1, Funny)

dkleinsc (563838) | more than 10 years ago | (#8098865)

If you really wanted to DoS SCO, why not just use the Slashdot Effect, like this: litigous bastards [sco.com]

Re:Really, people (1)

Charion (708831) | more than 10 years ago | (#8098879)

Hah, agreed. That would take out sco faster than any else *Rolls Eyes*

According to Symantec... (3, Informative)

no_nicks_available (463299) | more than 10 years ago | (#8098866)

the DOS isn't supposed to start until Feb 1. Maybe this is related to some sort of network "hardening" in preparation. More info [symantec.com]

lol... (1)

REBloomfield (550182) | more than 10 years ago | (#8098867)

Netcraft confirms: SCO's servers are dying ;)

Re:lol... (1)

Short Circuit (52384) | more than 10 years ago | (#8098942)

I wish we knew a lot about their servers...this would be a great oppertunity to do a real-life stress test of a web server and Apache. Anyone run the latest nmap on them yet? (The one that determines version numbers, etc?) Netcraft's data is incomplete.

Why I think this virus is written by SCO (0)

Anonymous Coward | more than 10 years ago | (#8098869)

It is possible SCO may have written this virus. After all, a virus writer who truly hates SCO would have written a virus that identifies and disables/attacks SCO boxes on the net so that way companies would be afraid of going with SCO (causing a real impact on SCO financially).

A virus that targets the sco.com domain only gets them sympathy.

Yah, reeeeal sad. (-1, Troll)

Mulletproof (513805) | more than 10 years ago | (#8098877)

"Obviously SCO has a lot of enemies out there right now, but it's always sad to watch someone stoop to this level."

Always sad, huh? Now would you be singing the same tune with, say, Microsoft??

dupe (1, Informative)

CGP314 (672613) | more than 10 years ago | (#8098880)

Here is the origional story on slashdot:

There is a new virus out by the name of Novarg which can infect all Windows versions from 95 to XP. It has two interesting features - first, in addition to mass mailing, it also distributes itself via the P2P network Kazaa. Second, it can perform a denial-of-service against www.sco.com. Details at Symantec and F-Secure, although neither seems to have finished their analysis." Other readers have sent in links to coverage at CNET and Security Response, and Russ Nelson provides a sample message.

So tell me again, what new information did we learn between now and then. Looks like slashdot just loves SCO stories to me, even if they are repeats.

--
In London? Need a Physics Tutor? [colingregorypalmer.net]

American Weblog in London [colingregorypalmer.net]

Oh man (1)

Abit667 (745465) | more than 10 years ago | (#8098883)

Even the windows noobs are owning SCO now.

I wish people would stop with the DoSing of SCO (3, Insightful)

mewyn (663989) | more than 10 years ago | (#8098884)

I hate SCO as much as the next guy, but doing a DoS attack on them is not the answer. Sure, they are a bunch of low-life scumbags that want to lock up everything, and have a chunk of the profit, but doing massively illegal acts like this make the whole OSS and free software communities look like a bunch of script kiddies. This makes it very hard for us to take the moral high-ground here when it looks like we are doing this crap.

Mewyn Dy'ner

New tactics? (4, Funny)

CaptainAlbert (162776) | more than 10 years ago | (#8098890)


Seems like it's about time SCO came up with a new business model. Here's my suggestion:

FROM: Mr. Darl McBride
Santa Cruz Organisation
Lindon, Utah

Dear Sir:

I have been requested by the Santa Cruz Organisation to contact you for assistance in resolving a matter. The Santa Cruz Organisation has recently concluded a large number of dubious security trades. These pump-and-dump operations have immediately produced moneys equalling US$75,000,000. The Santa Cruz Organisation is desirous of setting up business in other parts of the world, however, because of certain regulations of the U.S. Government, it is unable to move these funds to another region.

Your assistance is requested as a non-U.S. citizen to assist the Santa Cruz Organisation in moving these funds out of the U.S. If the funds can be transferred to your name, in your Swedish account, then you can forward the funds as directed by the Santa Cruz Organisation. In exchange for your accomodating services, the Santa Cruz Organisation would agree to allow you to retain 10%, or US$7.5 million of this amount.

However, to be a legitimate transferee of these moneys according to U.S. law, you must hold at least one license for Santa Cruz Organisation Intellectual Property, which are available at a cost of US$699.

If it will be possible for you to assist us, we would be most grateful. We suggest that you meet with us in person in Lindon, and that during your visit I introduce you to the representatives of the Santa Cruz Organisation.

Please call me at your earliest convenience. Time is of the essence in this matter; very quickly the U.S. Government will realize that the Federal Reserve is maintaining this amount on deposit, and attempt to levy certain depository taxes on it.

Yours truly, etc.

Darl McBride

YESSSSSSS. (0, Funny)

-Maurice66- (728513) | more than 10 years ago | (#8098892)

Where can I download the virus?

I'll do everything to bug sco.

M

Link Please... (0)

Anonymous Coward | more than 10 years ago | (#8098893)

Certainly a story about a DDOS of SCO [sco.com] deserves a link.

My conclusion (1)

Vintermann (400722) | more than 10 years ago | (#8098896)

Obviously there isn't a "linux guy" behind this, at least not anyone marginally into the open source/free software philosophy.
Also, I don't believe in conspiracy theories. You know what I mean.

Lately, we've seen worms released by spammers in order to increase their zombie hordes. This worm sets up a backdoor, I think spreading spam is the main reason it's been set loose. The punch at SCO is probably just to draw attention from this, and to annoy antispammers running linux (most do).

Funny, I think: (5, Informative)

cockroach2 (117475) | more than 10 years ago | (#8098898)

On the bottom of the netcraft report you can see an OS history of www.sco.com - apparently they switched from SCO UNIX to Linux in August 2002...

Re:Funny, I think: (1)

DarkDust (239124) | more than 10 years ago | (#8098944)

On the bottom of the netcraft report you can see an OS history of www.sco.com - apparently they switched from SCO UNIX to Linux in August 2002...

Yes, saw that too... and I always thought SCO will redeem us from the evil called Open Source ;-) I'd really like to hear McBride's comment on that fact ! :-)

This injures our reps, not SCO's (5, Insightful)

Artifex (18308) | more than 10 years ago | (#8098899)

SCO's Information Ministry can just point to this and claim more evil Linux users are trying to destroy the software business, etc.

We're right, and we know it. No self-respecting geek would stoop to participating in a DDOS in general, not to mention one against someone/something we consider to be morally bankrupt. We know that we can only claim the moral high road only if we actually stick to the high road... right?

It would be really interesting to find out if it's just some kids behind it, who aren't aware of the difference between right and wrong, or whether it's an entity who has a vested interest in making us look bad...

replies (1)

Mieckowski (741243) | more than 10 years ago | (#8098904)

OK, basically all the replies will be: 1) SCO should die! I want the virus! or 2) Viruses are bad! and illeagal! I guess the article is informative if any WINDOWS user on /. is dumb enough to open an executable attachment, but as far as "news for nerds" is concerned, this seems just like another unessecary SCO story.

Speak for yourself! (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8098908)

Go MyDoom!

Transmission require OE? (2, Interesting)

teamhasnoi (554944) | more than 10 years ago | (#8098913)

Does this virus use Outlook Express to infect others or does it have it's own mail implementation? I've been looking around and see no mention.

I'd like to know how worried I should be about Windows machines with Thunderbird installed.

This may be the last straw. I've been thinking about moving all 3-4 of my work machines (p200) to Beos with Fire/Thunderbird and Gobe Productive - I'm tired of the viruses, and I'm tired of maintaining Windows.

Microsoft probably wrote this (2, Interesting)

Theovon (109752) | more than 10 years ago | (#8098927)

This virus was probably written by some dingbat who KNOWS what kind of harm it will cause to the Free Software community.

Yeah, I know it's far fetched, and probably untrue, but some people need to grow up and realize that the only useful weapons against SCO are FACTS.

Either that or a big budget with which to purchase them... but their IP is so worthless, who would buy them? :)

The SCO Conspiracy (2, Interesting)

Hackie_Chan (678203) | more than 10 years ago | (#8098928)

That's pretty funny: If SCO claims this virus contain portions of their code -- they could sue the pants off everyone who has the virus on their machines. Imagine milions and millions of people who have illegally obtained their property on to their machines... They could make riches off of this!

Calm before the storm? (4, Interesting)

Zocalo (252965) | more than 10 years ago | (#8098934)

According to the various AV vendors the worm isn't due to start the DDoS of sco.com until February the first, which seems to be a fairly unanimous opinion. If that's right then that spike on NetCraft's graphs isn't the DDoS, it's just all the people who read AV stories and alerts on the AV and News sites clicking on links - nothing more than a generalised Slashdotting.

The people who read these AV stories do not represent the "average" user who is more inclined to fall for the worm's social engineering. Nor would they be opening the "63 connections per second" to sco.com being touted by the AV vendors for that matter. I suspect that blip is going to pale into insignificance compared to the amount of traffic they are going to get come February. It's a fair bet that SCO will be denouncing the "Linux hackers" as being the culprits in numerous press releases as well, they may be right on that, they may not, but it's sure as hell going to get them a lot of sympathy.

This isn't going to help OSS's case at all, and the only saving grace is the February 12th cut off. Then again, I've yet to see anything about what happens to the port the worm listens on come the deactivation date, or what instructions that port might accept.

Another SCO Story...Move Along (1)

sepluv (641107) | more than 10 years ago | (#8098935)

Another (not that interesting) SCO story but I'm bored so I'll comment. [BTW, has SCO given any indication of what they are moaning about yet?]

As there is not much to say about the story itself (except it will probably fuel Darl's belief that the whole wroled is out to get him -- when vice versa may be true), I thought I'd say how childish most of the other (go-get-SCO) responses are -- probably not surprising as most sensible peeps have got bored of SCO, and everything there is to say on this story is in the article -- not that that has ever stopped /.ers before.

Whoever is responsible for the worm is a very pathetic individual (whether they thought it would help or hinder SCO and whether they are from SCO, IBM, Novell, RedHat, the OSS/free-software movement or are totally unconnected); they are just trying to stir up trouble in something that should be solved through discussion (or -- if need be -- lawsuits) not this sort of immoral behaviour.

OK.. This is wrong on so many levels... (4, Insightful)

herrvinny (698679) | more than 10 years ago | (#8098951)

MyDoom Windows Worm DDoSing SCO

But it's not DDOSing now. The attack is set to begin February 1st and end on the 12th.

The virus affects computers running Windows versions 95, 98, ME, NT, 2000 and XP.... The virus also copies itself to the Kazaa download directory on PCs, on which the file-sharing program is loaded.

I'm thinking, wow, whoever wrote this covered all the bases. He/She even got the Kazaa people.

Anyway, why don't ISPs, just for the time being, ban connections to SCO.com? It's not like it's a huge Internet portal or anything, and us geeks who actually need access to the site can just set up a mirror or something.

DDoS (4, Informative)

savagedome (742194) | more than 10 years ago | (#8098956)

Note that the DDoS attack is timed to be performed between 1st and 12th Feb, 2004 [ca.com] .

Please tell me... (2, Interesting)

Dave2 Wickham (600202) | more than 10 years ago | (#8098967)

"A lot of the information is encrypted, so we have to decrypt it," said Sharon Ruckman, a senior director of antivirus software maker Symantec's security response center. Symantec has had about 40 reports of the virus in the first hour, a high rate of submission, Ruckman said.


Please tell me I'm missing a whole load; most of the strings found in the binary are readable after de-UPX [sourceforge.net] -ing, then ROT13ing. About half are ROT13d, half aren't.

Ah well, I'm probably totally wrong, but it just sounds odd.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>