Results 1 to 10 of 10

Thread: What a load of crap.. SCO believes My.Doom is result of "linux terrorists"..

  1. #1
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323

    What a load of crap.. SCO believes My.Doom is result of "linux terrorists"..

    I was reading a news group and someone commented that CNN was saying that SCO believes that My.Doom was written by Linux terrorists. So I wanted to find the article. In a google news search I found the following (Bold added by me):

    A computer virus that began spreading swiftly across the Internet on Monday is coded to launch an attack on the SCO Group's Web servers Sunday, according to antivirus companies.

    Computers infected with the "MyDoom" virus will begin to attempt to connect to the main page of the SCO website Feb. 1. The connection requests will come roughly every second from each of the estimated thousands of machines that are now infected, in an attempt to overload SCO's Web server and knock the company's site off the Internet.

    On Tuesday morning, the MyDoom virus was present in one out of every 12 e-mails, according to e-mail security firm MessageLabs, surpassing the SoBig.F virus which, at its peak last summer, was found in one out of every 17 e-mails. SoBig currently tops many antivirus vendors' charts as the most active virus ever to hit the Internet.

    But MyDoom soon may top SoBig. More than 1.2 million copies of the virus have been stopped by MessageLabs since it started circulating mid-Monday afternoon, and MessageLabs expects the virus will continue to spread at a furious rate Tuesday.

    The denial-of-service attacks against SCO could continue until Feb. 12, when the virus is coded to stop spreading, according to antivirus vendors F-Secure and Symantec.

    In March 2003, SCO claimed that its intellectual property had been illegally included in the Linux operating system. The company has since filed legal actions against IBM, Red Hat and Novell. The company also is demanding that corporate users of Linux pay SCO a licensing fee for the use of the open-source operating system.

    "Arguments between SCO and the open-source community have been continuing for some months. It appears that the author of MyDoom may have taken the war of words from the courtrooms and Internet message boards to a new level by unleashing this worm which attacks SCO's website," said Chris Belthoff, senior security analyst for Sophos, an antivirus vendor.

    "If we ever get our hands on MyDoom's creator our guess is that he will be an open source-sympathizer," Belthoff said.

    But while some at geek discussion site Slashdot joked that MyDoom was "the first virus they would willingly load onto their computers," the vast majority condemned the virus writer, saying that SCO should be confronted in the courtroom, not through viruses and denial-of-service attacks.

    "This is someone who just wants to feel important and who thinks that by DDoS'ing SCO everyone will call him a hero. Well, you stupid ignorant bastard, if you're reading this -- and you probably are since you expect that the Slashdot hordes will applaud your bravery in damaging thousands of people's computers -- no one admires you," one post on Slashdot read. "Anyone who wants to see SCO suffer for the wrongs they have done should unequivocally condemn such acts of terrorism. SCO will be broken by the weight of justice and right, not by mindless thugware."
    Full Article
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  2. #2
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193
    Isn't it ridiculous. Hopefully noone believes such nonsense.
    Trappedagainbyperfectlogic.

  3. #3
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    I've been following that Slashdot-discussion, and this one post I found particularly interesting (as in: makes a lot of sense/more sense than "Linux terrorists".)

    Slashdot

    Since Mydoom has been identified as a variant of Mimail, which is largely believe to have been written on behalf of spammers and/or paypal scammers (apparantly in Russia), the most likely scenario is that the same group created Mydoom.
    The attack on SCO is most likely just a diversion. A simple distraction from the actual goal... to turn millions of machines into zombies which can be used to conduct illegal activities (phishing scams), or can turned into email/spam relays to be sold to spammers.

    It's already been established that Mydoom installs a backdoor and allows routing of tcp/ip connections to mask the identity of the originator. More or less exactly what scammers hoping to defraud ordinary people of banking details (phishing) need. Also the standard approach to turning machines into a valuable asset that can be sold to spammers in need of mail relays or "bulletproof hosting" for their websites that host the images all those spam messages reference.

    Attacking SCO is a smart diversion.... especially if SCO takes the bait and publishes a flamebait press release (seems almost certain), which will of course provoke a response from the free software / open source communities. Lots of free press to help divert the anger of millions of (clueless) victims towards the very visible open source and free software people, and SCO, and away from the real criminals.

    Judging from most of the comments here on Slashdot so far, it appears to be working perfectly.
    The overwriting of the host-files carried out by the virus also seems to acknowledge the Russian theory: blocked addresses are the main .com-site, and if available also the .ru and .ch., for example www.avp.com, www.avp.ru, and www.avp.ch.
    The .ru is the Russian site, the .ch is the Swiss site (dunno why that is).

    If I'd be a Russian virus writer, I'd do the same: launch it first in Russia, then make sure no (infected) Russian can get to the anti-virus-sites...

  4. #4
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Now that makes more sense to me. And pretty smart on their part as well as showing how "determined" SCO is.

    What surprises me however is how anti-open source they are. Maybe I'm going on the old concepts but I thought that the old SCO Unix was an open source OS as well?
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  5. #5
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    No one thinks it's suspicious that linux users are pissed at SCO and along comes a viurs that does no dmage but lunches a DOS on SCO? That the attack was a diversion from the real issue, ok what is the real issue? Spamming? Why try and hide it? Why not open a port to Microsoft? Oh wait that would also look suspicious on the Linux hats. Ok where the hell was Gore over the last few days???? It's hard to turn millions of machines into zombies when you open a port and start spamming SCO? Kind of defeats that purpose.

  6. #6
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Not spamming. Phishing. Used to make $$. You know, fake VISA or PayPal emails. That means, let's make some money on the side so let's distract everyone.

    Then again, maybe they are disgruntled Open Source supporters. But that said, I'd rather see SCO lose out huge in court and/or back down on their bluff than use a virus. Doesn't make sense.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  7. #7
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    No it doens't make sense, unless your mentality is that of a terrorist. In thinking the pressure you place on SCO will make them back off the lawsuit.

  8. #8
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    I have one for you, RoadClosed. What if a SCO supporter wrote MyDoom to attack SCO and then suggest that it was the fault of the Open Source supporters?? (how's that for a conspiracy theory?)
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  9. #9
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    The anarchist in my actually thinks its funny that perhaps a group of Linux Foo Fighters have banded together to take SCO offline, the romantic part of me likes that idea.

  10. #10
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    come on we all know it was apple j/k


    i thnik its definitely organized crime making it look like its all about sco.

    From an analysis of the virus found here:

    =+=+=+=+=+=+=+=+=+=
    http://www.math.org.il/newworm-digest1.txt

    Nicolas Brulez:
    -----
    from my quick and dirty analysis, its a thread that does the DDOS.
    It has below normal priority, and it just does a GET.

    GET / HTTP/1.1\r\nHost: www.sco.com\r\n\r\n"

    That's about it i think

    And

    Has anyone seen the DOS against SCO actually happen?

    I have the new critter in a test environment where we conducted a
    preliminary and rudimentary functionality and threat analysis and the
    only activity I can get it to perform related to www.sco.com is to
    resolve the name. In fact, it seems very unhappy if it cannot resolve
    www.sco.com. Once it can, it happily scans local files for anything
    that can be construed (very loosely) as a domain and tries to resolve
    mail servers based on these. In fact, right now it's trying to resolve
    'mx.makewin.rsp'. "Makewin.rsp' is a file referenced in the help files
    of my DigitalMars C++ compiler on a test machine, so it's not a very
    smart worm. The worm also seems to like to increment the third octet of
    the host IP by one and syn to port 25 of that address over and over and
    over... I have played with the date, etc, but still no activity directed
    toward www.sco.com. It did die after 12 February, but gladly
    resurrected when the date was set back prior to that.

    =+=+=+=+=+=+=+=+=+=

    my first impression was this was the work of the Russian mob but if I were a part of a criminal group here or anywhere, id break into computers in Russia and use them to infect other machines to make it look like it started there. An easy way would be to use iis servers running frontpage extention without the owners knowing they even have a webserver. Set up a page that downloads some original infectors on unpatched machines you direct there threw spoofed mail or irc links. If the original infectors delete themselves and do not infect these machines but just use it to propagate chances are it would go undetected.

    Nah! probably the Russian mob
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •