sco.com refusing connections

[MrLinus]

Whether it is the true effects of MyDoom or whether it's SCO shutting it's doors in a "panic" to prevent it from happening, who knows? Either way, as of 8:40am there is no connection to SCO.com.



Check out the Internet Storm Center for more details on attack activity.

[ammo]

Bouahaha: "current status: green www.sco.com unreachable " !

Ammo

[ammo]

News.com has an article on it; it really is because of MyDoom...
http://news.com.com/2100-7349_3-5151...l?tag=nefd_top

Ammo

[MrLinus]

Humor aside, this is a pretty devasting attack. The "I Love You" attack was bad and certainly Code Red is/was irritating. Worst case scenario: create a worm that on a specific day bombards "broadcasts" on subnets. How long before the Internet is down? or one that goes after the prime DNS servers?

This will cost huge bucks. How will SCO even stop this? Changing DNS won't help. They might have to start an alternative site until things calm down somewhat.

[muert0]

or at least until the 12th

[MrLinus]

Don't forget that Microsoft will be next (Tuesday I believe). So companies lose big bucks. Now I know that MS can handle to lose some and SCO as well but what if this is done against a small organization who can't afford to lose money online? What if it was done to you?

[swarisd]

Symantec's website says this:

There is a 25% chance that the worm will perform a Denial of Service (DoS) on February 1, 2004 starting at 16:09:18 UTC, which is also the same as 08:09:18 PST, based on the machine's local system date/time. If the worm does start the DoS attack, it will not mass-mail itself. It also has a trigger date to stop spreading/DoS-attacking on February 12, 2004. While the worm will stop on February 12, 2004, the backdoor component will continue to function after this date.

I wonder what laws of probability they used? LOL.

All jokes aside, this is very very serious, despite how the Gnu/Linux community or anyone else for that matter feels about SCO or Microsoft.

Again, as I always say, "the bad guys" (the worm launchers) have made it so that the good guys will probaly lose some type of right or priviliege, and also gives the government room to step in and pass legislatioin on certain things. I don't know what those things are, but I bet SCO is going to go full steam ahead to make sure nothing like this happens again. I bet SCO's IT department, vendors and consultants are painstakingly moving thier website over to a site with no DNS entry, allowing only present customers access to it. All this does is set the tone for another variant to target the new ip address. I am very very curious to learn how SCO is handling this and how Microsoft is planning to handle it. Does anyone know?

[muert0]

"While we expect this attack to continue throughout the next few weeks, we have a series of contingency plans to deal with this problem and we will begin communicating those plans on moday morning," Jeff Carlon, worldwide director of information technology infrastructure at SCO Group, said in the statement.

full steam ahead?

[swarisd]

"While we expect this attack to continue throughout the next few weeks, we have a series of contingency plans to deal with this problem and we will begin communicating those plans on moday morning," Jeff Carlon, worldwide director of information technology infrastructure at SCO Group, said in the statement.

WOW, I would have thought different. Especially if their ecommerce is tied into their content website. This may not be the case though sense I am speculating. This response from SCO is a surprise to me. This may be their way of protecting themselves from variants. what do you guys think?

[slarty]

Mittens: good point...

If the MyDoom instead flooded all of the top-level name servers with useless (but unfilterable) requests, the entire internet would become inoperable. That would be well within the capability of the author I suspect, but he chose for his own reasons to attack sco instead... hence we're safe for now

Slarty