|
Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam |
|
Wednesday, February 18 2004 @ 04:14 PM EST
|
I hate to say I told you so, but I told you so. MyDoom was programmed to send spam, and it is. Here's a Bloomberg report: Unsolicited e-mail, or spam, more than doubled to 700 billion messages in January as home personal computers were taken over by viruses, security researchers said. The amount of spam worldwide rose from 310 billion unwanted messages in December. As much as 15 percent came from home PCs infected with computer viruses such as the Mydoom worm, said D. K. Matai, chairman of Mi2g, a computer-security consulting firm based in London, citing reports from law-enforcement authorities and discussions with companies. President Bush signed legislation Dec. 16 setting new fines and prison terms for those who disseminate spam. The Mydoom virus, which attacked home and company networks through e-mail starting Jan. 26, turns a computer into a "zombie" that waits to receive hackers' instructions over the Internet to send spam. Will Darl apologize for leaping to ugly conclusions before all the facts were in? Will journalists and editorial writers and analysts take note and make corrections?
While no one yet knows who is responsible, one thing is for sure. Every Microsoft computer user has an opportunity to help fix this problem. Just make sure to clean up all your Windows computers. The damage from MyDoom and other malware would be close to zero if everyone was diligent about taking the necessary steps to make sure they are not being used as zombies. I'm sure SCO would be thankful. Seriously, you can stop MyDoom. Linux users are not contributing to this continuing problem in any way, because MyDoom doesn't take over Linux computers, but you Windows users are. So, please, check to see if your computer is infected and if it is, fix it. That would be the end of MyDoom's mischief. Really. It's just common decency.
|
|
Authored by: Waterman on Wednesday, February 18 2004 @ 04:45 PM EST |
"Will Darl apologize for leaping to ugly conclusions before all the facts
were in? Will journalists and editorial writers and analysts take note and make
corrections?" Would you want to hold your breath that long? :-)
[ Reply to This | # ]
|
|
Authored by: Ares_Man on Wednesday, February 18 2004 @ 04:46 PM EST |
I guess MSBlast wasn't enough, was it? Of course, I wouldn't be surprised if SCO
blamed MSBlast on Linux users upset with SCO.[ Reply to This | # ]
|
|
Authored by: Anonymous on Wednesday, February 18 2004 @ 04:47 PM EST |
Neither McBride, DiDio, or Enderle will ever admit to being wrong
or vicious on this count (which they were). They will pretend like
it never happened, or that it was somehow a reasonable
assumption to make.
[ Reply to This | # ]
|
|
Authored by: Anonymous on Wednesday, February 18 2004 @ 04:49 PM EST |
McAfee AVERT Stinger is free and
can clean things up for a Windows user quite nicely. [ Reply to This | # ]
|
|
Authored by: jbeadle on Wednesday, February 18 2004 @ 04:51 PM EST |
And of course, we're busy fighting/cleaning up after the 2 new ones at work -
bagle.b and netsky.b.
Sure glad I don't have these kinds of problems at home...
-jb[ Reply to This | # ]
|
- Virii - Authored by: bobn on Wednesday, February 18 2004 @ 05:14 PM EST
|
Authored by: Anonymous on Wednesday, February 18 2004 @ 04:53 PM EST |
This was posted over at SANS's Internet Storm
Center the other day:
"Published information says only the DDoS
component was set to expire, so why did scans for 3127 drop significantly? It is
also apparent that there is a significant effort for control of blocks of MyDoom
infected systems. George Bakos and his TinyHoneyPot (THP) submitted an
example:"
They have some neat graphs too...
Incidents.org[ Reply to This | # ]
|
- Suggestion - Authored by: HPNpilot on Wednesday, February 18 2004 @ 05:08 PM EST
- A worm is a worm - Authored by: Chugiak on Wednesday, February 18 2004 @ 05:23 PM EST
- Suggestion - Authored by: Anonymous on Wednesday, February 18 2004 @ 05:26 PM EST
- Suggestion - Authored by: Ares_Man on Wednesday, February 18 2004 @ 05:30 PM EST
- Bad Idea - Authored by: Anonymous on Wednesday, February 18 2004 @ 06:26 PM EST
- Suggestion - Authored by: Anonymous on Wednesday, February 18 2004 @ 06:22 PM EST
- Suggestion - Authored by: Anonymous on Wednesday, February 18 2004 @ 10:14 PM EST
- Suggestion - Authored by: Anonymous Coward on Thursday, February 19 2004 @ 02:04 AM EST
- Suggestion (bad idea) - Authored by: Anonymous on Thursday, February 19 2004 @ 01:53 PM EST
|
Authored by: Nick_UK on Wednesday, February 18 2004 @ 04:53 PM EST |
Darl doesn't need to apologise.
I read his stuff, and [titanium hat] what he is doing is what he needs to do.
He said he was brought in to increase the SCO shareholders value. He had to
turn the Company around and start to draw revenue. He said he had to do it the
best way in business.
Ok, that's not a quote, but the intention.
Now, back to Mydoom etc. Really, and logically, it isn't SCO that have spurred
the claptrap, but the bloody press who haven't a clue anyway where 'truthful'
reporting comes in.
So I don't blame Darl at all... he is clever in pulling in the press to do the
work.
So not only have true Linux people have to put up with a real fight against what
is/was/has been open source code, also they have to put up with the press herds
of sheep all following one another to the gutter.
Nick[ Reply to This | # ]
|
|
Authored by: kberrien on Wednesday, February 18 2004 @ 05:02 PM EST |
So, who got sued today? [ Reply to This | # ]
|
|
Authored by: Anonymous on Wednesday, February 18 2004 @ 05:09 PM EST |
This is probably the reason some ISPs are now blocking e-mail from other
providers claiming there's too much spam coming from them. Of course this also
blocks legitimate communications so that if your ISP and your customer's or
branch office's ISP are having a feud, you might miss something important. Since
the ISPs don't notify you of this, you may be blissfully unaware that your best
customer is cursing you soundly and sending that big order to your competitor
because his messages are bouncing.[ Reply to This | # ]
|
|
Authored by: Nick_UK on Wednesday, February 18 2004 @ 05:19 PM EST |
Ummm, but being a Sysadmin, and having to put up with all sorts of crap each
day the users get up to, remember Mydoom was a simple attachment with no M$
vunerability or indirect instructions.
The users had to run it - and
they did.
So, here's the bookTee-Shirt to
get:
O'Real
ly! A clue to lusers
Nick
[ Reply to This | # ]
|
|
Authored by: gressil on Wednesday, February 18 2004 @ 05:20 PM EST |
We'll never get an apology from Darl, at the moment I'd settle for an apology
from DiDio and Enderle, but then being an analyst means you never have to say
you're sorry (or wrong).
Chris.[ Reply to This | # ]
|
|
Authored by: Anonymous on Wednesday, February 18 2004 @ 05:29 PM EST |
You should've deleted that forged webmaster@ address!
I'm rejecting over 4000 a day at my normal address (and
accepting a couple of hundred a day legit. messages
- addressed to me or to lists I (choose to) subscribe to.
Those bounce-viri were a feature of MyDoom. Not so hard to
filter out really. Rejecting windoze-fileformats helps. Rejecting
spammer-misspellings and p.u.n.c.t.u.a.t.i.o.n-filled words helps.
Rejecting bro<sfwrf>ken-up words helps - that kind of pattern
indicates spam without having to recognise the word as
M.0rtgage or Vaigara (misspelled or otherwise). [ Reply to This | # ]
|
|
Authored by: Anonymous on Wednesday, February 18 2004 @ 05:30 PM EST |
I remember Darl saying sorry... but then he turned into a piece of green cheese,
and flew away up to the moon...
Damn! That'll teach me to eat cheese before going to bed. Damn nightmares!
Rearrange these cunningly disguised words to find out when Darl will say
sorry.... Freezes, Hell, Over, When.
Greebo
(I must remember to bring my password home from work!)[ Reply to This | # ]
|
|
Authored by: Anonymous on Wednesday, February 18 2004 @ 05:31 PM EST |
As much as 15 percent came from home PCs infected with computer viruses such
as the Mydoom worm, said D. K. Matai, chairman of Mi2g, a computer-security
consulting firm based in London, citing reports from law-enforcement authorities
and discussions with companies...Will journalists and editorial writers and
analysts take note and make corrections?
If you're quoting (even
indirectly) as disreputable a bunch of charlatans as mi2g, then I'm afraid the
answer's no, we won't. Speaking as a journalist covering IT security, I defy you
to find any of my peers who take mi2g (and DK Matai in particular)
seriously.
I'm not bothered though. Our coverage of MyDoom assumed it was a
smokescreen for a spam engine from the start, so I'm a) comfortable we had the
right angle all along, and b) open to suggestion that these stats may be legit.
But you'd need to find a MUCH more authoritative, trusted and credible source
for me to give this snippet any airtime whatsoever. Nothing personal: just prior
knowledge of dealing with these people.
[ Reply to This | # ]
|
|
Authored by: Anonymous on Wednesday, February 18 2004 @ 05:32 PM EST |
This waiting is killing me.
When is the Judge expected to make an announcement on the ruling? Any ideas
anyone, or have i missed the grand event?
Greebo.[ Reply to This | # ]
|
|
Authored by: honestpuck on Wednesday, February 18 2004 @ 05:40 PM EST |
While no one yet knows who is responsible, one thing is for
sure. Everyone
using Microsoft computers has an opportunity to help fix this
problem. Just
make sure to clean up all your Windows computers. The damage from
MyDoom and other malware would be close to zero if everyone was diligent
about
taking the necessary steps to make sure they are not being used as
zombies. I'm
sure SCO would be thankful. Seriously, you can stop MyDoom.
Linux users are not
contributing to this continuing problem in any way,
because MyDoom doesn't take
over Linux computers, but you Windows users
are. So, please, check to see if
your computer is infected and if it is, fix it.
That would be the end of
MyDoom's mischief. Really. It's just common
decency.
Too
true, PJ. It's also costing us money. I (and the company I work for) run
absolutely no Windows systems yet the ISP we are forced to use
(here in
Australia you pretty much have to buy broadband from Telstra or one
of their
wholesalers) had to double the number of mailservers to cope with
virus driven
spam.
I'm wondering how long it will be before ISPs start checking
connected
computers and not allowing infected ones to stay online. If I'm
suffering from
TB, SARS or any number of other human diseases then I'm not
allowed to
travel and not allowed at work, but if I have a laptop infected with
a computer
virus I can connect it anywhere I like. These typhoid marys have to
be
stopped
Tony Williams[ Reply to This | # ]
|
|
Authored by: Anonymous on Wednesday, February 18 2004 @ 05:48 PM EST |
Nah, that clearly shows that linux hackers and the open
source community are even more evil than Mr. McBride
thought: they not only flooded SCO but now want to flood
everyone with spam and abuse everyones computers just as
they abused SCO's IP.
This interpretation may sound ridiculous to you but
i have been working as a press speaker and this was one of
the first connotations i noted. Working with connotations
and implicitely working with previous news 'mems' is normal
(press) business. And unfortunately, 'Linux hackers' ==
'MyDoom writers' was one of the main mems in the last weeks
unless i missed something. [ Reply to This | # ]
|
|
Authored by: Anonymous on Wednesday, February 18 2004 @ 05:48 PM EST |
People should remember that not all spam sent
via "spam relays" made by subverting a computer
come from a computer subverted by an email virus.
There are all sorts of other techniques ( especially
on Windows computers ) that one can use to subvert a
computer. Worms, trojan horses etc. [ Reply to This | # ]
|
|
Authored by: seanlynch on Wednesday, February 18 2004 @ 05:52 PM EST |
"Will Darl apologize for leaping to ugly conclusions before
all the facts were in? "
No, Darl will help us
understand the true benefits of well written closed source worms and viruses
like MyDoom. You see most of those computers that are infected are probably
under utilized hardware. Code like the code in MyDoom helps unleash and
'monetize' these machines.
People make very little use of their home
hardware. They may send and receive a little e-mail, play a few hands of
solitaire, or read interesting analysts talk about SCO's efforts to protect
"Intelectual Property" from hordes of ankle biting monkeys (or something like
that).
MyDoom helps 'Monetize' these under utilized computers allowing
business men and women to profit. After all, since the spammer's copyrighted
creation is on your machine, by your choosing to click on their executable, all
of your machine should be considered the property of the spammer.
At least
that's probably how Darl and his friends think ;)
[ Reply to This | # ]
|
|
Authored by: Anonymous on Wednesday, February 18 2004 @ 06:04 PM EST |
You've just described the MBlast virus. Somebody you know has an infected
computer that is sending bogus bounced emails with forged headers.[ Reply to This | # ]
|
- Spammer's new MO - Authored by: Anonymous on Wednesday, February 18 2004 @ 06:06 PM EST
|
Authored by: Anonymous on Wednesday, February 18 2004 @ 06:06 PM EST |
You have to admit that the MyDoom writers plan worked perfectly. The DDos of sco
did exactly what they wanted it to do. Instead of focusing on the nasties, the
world media thanks to Darl and Balmer, focused on the DDOS and everyone just
ignored the rest.
Well done Darl, MS, and the media, you played right into their hands. You lot
are the ones to blame over this......
RSC.
[ Reply to This | # ]
|
|
Authored by: Anonymous on Wednesday, February 18 2004 @ 06:24 PM EST |
FOR IMMEDIATE RELEASE
18 February 2004 Hutchinson Kansas
Like all long-lived online communites Groklaw has become it's own worst enemy.
While high quality research piles up unpublished in the Groklaw inbox, PJ hurls
insults of "I told you so" and spams the listening SlashDotters with
rehashed Bloomberg reports they are too slow to comprehend for themselves.
New visitors are greeted by Headlines that shout "Attachment C to
Yesterdays Headline Now Available in an Assortment of Colors" with an
article that provides this breathless analysis "the pdf is here"
I am going back where I came from now. If anyone else is interested in coming
they are welcome to join me. I refuse to stay and watch this any longer.[ Reply to This | # ]
|
- Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam - Authored by: Anonymous on Wednesday, February 18 2004 @ 06:30 PM EST
- Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam - Authored by: Anonymous on Wednesday, February 18 2004 @ 06:32 PM EST
- Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam - Authored by: tcranbrook on Wednesday, February 18 2004 @ 06:40 PM EST
- Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam - Authored by: Weeble on Wednesday, February 18 2004 @ 06:42 PM EST
- Get some fresh air - Authored by: RedBarchetta on Wednesday, February 18 2004 @ 06:42 PM EST
- Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam - Authored by: RSC on Wednesday, February 18 2004 @ 06:43 PM EST
- Toodles - Authored by: Anonymous on Wednesday, February 18 2004 @ 06:46 PM EST
- Sour grapes anyone? - Authored by: ihawk on Wednesday, February 18 2004 @ 06:59 PM EST
- Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam - Authored by: phrostie on Wednesday, February 18 2004 @ 07:01 PM EST
- ARGH! It's McBride in disguise! ;) - Authored by: DaveB on Wednesday, February 18 2004 @ 07:13 PM EST
- Troll - Authored by: Anonymous on Wednesday, February 18 2004 @ 07:23 PM EST
- Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam - Authored by: Anonymous on Wednesday, February 18 2004 @ 07:36 PM EST
- Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam - Authored by: JeR on Wednesday, February 18 2004 @ 08:02 PM EST
- There's a needle of truth in that FUD haystack - Authored by: Thomas Frayne on Wednesday, February 18 2004 @ 08:29 PM EST
- Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam - Authored by: PJ on Wednesday, February 18 2004 @ 08:32 PM EST
- Before leaving, please read this. - Authored by: PJP on Wednesday, February 18 2004 @ 09:02 PM EST
- Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam - Authored by: skuggi on Wednesday, February 18 2004 @ 09:20 PM EST
- Baited Comment? Not worth our time. - Authored by: Anonymous on Wednesday, February 18 2004 @ 11:38 PM EST
- Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam - Authored by: Anonymous on Wednesday, February 18 2004 @ 11:43 PM EST
- Well, I'm just crestfallen - Authored by: Tim Ransom on Thursday, February 19 2004 @ 12:18 AM EST
- Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam - Authored by: Anonymous on Thursday, February 19 2004 @ 12:28 AM EST
|
Authored by: blhseawa on Wednesday, February 18 2004 @ 06:37 PM EST |
I'm been watching the TSG web site change and have been burning CD's for each
night.
Couple of things worth noting:
1) ftp://ftp.scom.com/pub/ has in fact removed all source code for Linux.
2) http://linuxupdate.sco.com/scolinux/update/RPMS.updates/ just click OK on the
login box, is now distributing the SuSE Linux kernel and the IBM Java stuff.
see this link for example:
http://linuxupdate.sco.com/scolinux/update/RPMS.updates/kernel-source-2.4.19.SuS
E-104.i586.rpm
Just an FYI ---.
[ Reply to This | # ]
|
- OT, BTW At the link below TSG is distributing IBM ans SuSE Source code - Authored by: Anonymous on Wednesday, February 18 2004 @ 07:00 PM EST
- Jab to both Novell and IBM - Authored by: RedBarchetta on Wednesday, February 18 2004 @ 07:03 PM EST
- OT, BTW At the link below TSG is distributing IBM ans SuSE Source code - Authored by: Anonymous on Wednesday, February 18 2004 @ 07:24 PM EST
- OT, BTW At the link below TSG is distributing IBM ans SuSE Source code - Authored by: Hykin on Wednesday, February 18 2004 @ 10:07 PM EST
- OT, BTW At the link below TSG is distributing IBM ans SuSE Source code - Authored by: Anonymous on Wednesday, February 18 2004 @ 10:38 PM EST
- Don't fall for the trap! - Authored by: Anonymous on Thursday, February 19 2004 @ 02:35 AM EST
|
Authored by: mrsam on Wednesday, February 18 2004 @ 07:11 PM EST |
President Bush signed legislation Dec. 16 setting new fines and
prison terms for those who disseminate spam.
If this is
referring to the CAN-SPAM act, then I regret to inform everyone that this piece
of legislation's name is very appropriate: indeed, according to this legislation
you CAN SPAM as much as you want, provided that you follow some token rules.
This bill was written mostly by the Direct Marketing Association, a fact which
is not lost on the anti-spam community which opposed this bill from its
inception. As the anti-spam community predicted,
"many spammers
aren't really doing anything different than they did before the Can-Spam Act was
passed -- they're just creating the illusion they are complying with the law and
using it to market or commit fraud".
Now, getting back to MyDoom: if
SCO would like to blame MyDoom on someone, SCO should really blame:
1.
Microsoft, for leveraging their monopoly into forcing millions of PC worldwide
to be running software whose primary function is to propagate viruses and
trojans.
2. Hundreds of clueless Internet providers. I helped my
parents the other day to configure DSL on their new PC.
The setup CD provided by
the Internet provider did a very good job at setting everything
up.
Including enabling NetBIOS, and file/print sharing on the broadband
connection; and with Windows XP's firewall completely disabled.
It took
less than thirty seconds after the setup program finished before this PC got
itself infected by Blaster and Welchia. Through no reasonable fault of its
owner. Needless to say I spent the next four hours fumigating this box, and
doing what had to be done.
But how many people really know all about
this. I venture to say that most of them obediently stick the setup CD, click a
few buttons, then off they go on their merry way, completely oblivious to the
fact that their PC is now spewing viruses and spam all over the world. [ Reply to This | # ]
|
|
Authored by: rikvanjak on Wednesday, February 18 2004 @ 07:12 PM EST |
check it out (for a laugh)
http://www.technewsworld.com/perl/story/32885.html[ Reply to This | # ]
|
|
Authored by: overshoot on Wednesday, February 18 2004 @ 07:21 PM EST |
Silly -- this just proves that those horrible Linux hackers are the ones behind
spam, too. After all, if MyDoom (which was written to attack SCO) sends spam
that proves it.[ Reply to This | # ]
|
|
Authored by: Anonymous on Wednesday, February 18 2004 @ 07:23 PM EST |
SCO today proudly announced the release of OpenServer Update Pack 2 which
includes PostgreSQL:
This system gives SCO customers and
partners access to hundreds of already-built applications and the power to build
other database- driven solutions out of the box.
Although
PostgreSQL is not GPL, it's still open source, BSD License (original).
[ Reply to This | # ]
|
|
Authored by: Thomas Frayne on Wednesday, February 18 2004 @ 07:36 PM EST |
I dual boot WinXP, but seldom run it, and disable the internet when I do, except
when downloading patches, which are up to date as of about a week ago. I'll
download the latest patches next time I boot it. Anything else I should do?
I run Win4Lin behind a Linux firewall, with services other than NFS disabled,
and NFS limited to the LAN in my home. I run Win98 under Win4Lin, and am a week
or two behind in downloading patches. I use IE under Win98 to download from the
internet, but do not process email under Win98. I monitor my email for spam,
viruses and Trojans. I expect to download the latest Win98 patches in the next
day or two.
Anything else I should do?
[ Reply to This | # ]
|
|
Authored by: Anonymous on Wednesday, February 18 2004 @ 07:43 PM EST |
For those who want an alternative approach, try
mozillaquest.com.
I am still grateful to Groklaw, also 'cause here we have feedback.
Idontdowindows[ Reply to This | # ]
|
|
Authored by: JeR on Wednesday, February 18 2004 @ 07:43 PM EST |
You wrote:
I hate to say I told you so, but I told you so. MyDoom was
programmed to send spam, and it is. Here's a Bloomberg report:
"Unsolicited e-mail, or spam,
more than doubled to 700 billion messages in January as home personal computers
were taken over by viruses, security researchers said.
"The amount of
spam worldwide rose from 310 billion unwanted messages in
December."
As far as a couple of sources I just checked (just to be
sure) tell me, MyDoom was first seen in the wild on the 26th of January, 2004
(and started bombarding <www.sco.com> on the 1st of February).
Are you
really trying to claim that MyDoom relayed about 390 billion spam messages in
just 7 days? I can't believe that. [ Reply to This | # ]
|
|
Authored by: Anonymous on Wednesday, February 18 2004 @ 07:59 PM EST |
I can't believe there are still people out there not using my anti-virus software. It's free
and 100% effective.
Void[ Reply to This | # ]
|
|
Authored by: pooky on Wednesday, February 18 2004 @ 08:14 PM EST |
No, Darl will say that obviously the lawless socialist Linux community is the
same one as the lawless criminal spam sending community and urge Bush to use the
US military to use any means necessary to stop all of us.
-pooky
---
Veni, vidi, velcro.
"I came, I saw, I stuck around."
[ Reply to This | # ]
|
- Socialists?? - Authored by: Anonymous on Thursday, February 19 2004 @ 12:06 PM EST
|
Authored by: whoever57 on Wednesday, February 18 2004 @ 08:34 PM EST |
I manage my company's network (amongst *many* other tasks) and I have not seen a
huge upsurge in SPAM in February.
I just went back and checked our logs (I can easily use grep to count the number
of emails that SpamAssassin identified as SPAM) and there was a large increase
during January (~20%), but if anything our spam count is down since January 25.
Now this analysis says nothing about how SPAM is being sent, whether spammers
are using MyDoom-infected PCs in preference to any other means. I might be able
to infer something like that from the hits against Spamhaus' XBL list -- which
has definitely been increasing. On the other hand, I don't know enough about the
accuracy of that list.
---
-----
For a few laughs, see "Simon's Comic Online Source" at
http://scosource.com/index.html[ Reply to This | # ]
|
|
Authored by: brian on Wednesday, February 18 2004 @ 08:46 PM EST |
PJ, you wrote the following:
"The damage from MyDoom and other malware would be close
to zero if everyone was diligent about taking the
necessary steps to make sure they are not being used as
zombies."
I agree that the end user (or network administrator in
larger operations) is ultimately responsible for the
security (or lack there of) of their own machines. There
is one major problem with this concept though.....
Pre-installation....
Let me explain. Most home PCs sold that have MS XP Home
installed are defaulted to wide open admin only boxes with
little to no attempt from either the manufacturer or MS in
the steps to take to properly harden these boxes. Add to
this the "closed source think" of get as much money as
possible by charging for virus updates and security
software it is simply a recipe for disaster.
Let me give you a little story to illustrate my point...
My roommate got a new computer (HP) from the local
computer store when my Linux box got hit by lightning
while I was out of town. In getting his new system up he
decided to hook the cable modem DIRECTLY to his new box.
The system defaulted to "Valued HP user" as the username
and no password. To further agrivate this that user had
full administrator rights. He is a complete computer idiot
in that he doesn't know what antivirus software, firewall,
permissions, etc. even are. So, to make a long story
short, he got infected as well as hacked in about 15 mins.
What I'm trying to say is that most types of people these
manufacturers (both software and hardware) are attracting
have no concept of computer security and the manufacturers
are not doing anything to help them when they release
systems like these. If "blame" is to be given it first
goes to the manufacturers (software as well as hardware)
THEN to the user.
Just my 0.02
B.
---
#ifndef IANAL
#define IANAL
#endif[ Reply to This | # ]
|
|
Authored by: Anonymous on Wednesday, February 18 2004 @ 09:04 PM EST |
The damage from MyDoom and other malware would be close to zero if everyone
was diligent about taking the necessary steps to make sure they are not being
used as zombies.
The damage from many of these worms/viri would be
prevented, but not all. Microsoft has a responsibility in this as well, which
they are not living up to.
eEye Digital
Security submitted the ASN.1 vulnerability to Microsoft which took Microsoft
over 6 months to fix. There are 2 more remotely exploitable holes which have
also been disclosed by eEye to Microsoft 101 days ago. Wasn't part of the
settlement with DOJ that the DOJ could fine Microsoft for failing to address
security in a timely manner? These are 2 worms waiting to happen which
Microsoft has known about for 3 1/2 months.
This is typical of Microsoft.
They treat security problems as PR issues and as a result the entire Internet
suffers. Why doesn't DOJ do something?!?!? [ Reply to This | # ]
|
|
Authored by: Xenographic on Wednesday, February 18 2004 @ 09:08 PM EST |
Will Darl apologize for leaping to ugly conclusions before all the facts were
in? Will journalists and editorial writers and analysts take note and make
corrections?
-----
No. Sadly neither will, save maybe those journalists who didn't leap to that
conclusion to begin with.
What he will most likely do is try to link the Linux community to spammers.
Yes, I suspect some spammers use Linux, we can't very well stop them (just as
SCO can't very well keep them from using SCO's UNIX, legally or otherwise). I'm
sure that the very negative view we hold of spammers (they have gotten even less
mature pranks from slashdotters, for example... the rest of us use more legal
means to shut them down, such as helping ISPs to cancel their accounts, etc.)
No, that doesn't make sense, but if Darl does not do that, I suspect it will
only be because he did not think of it. Darl does not make a lot of sense,
anyhow.[ Reply to This | # ]
|
|
Authored by: delboy711 on Wednesday, February 18 2004 @ 09:29 PM EST |
"The amount of spam worldwide rose from 310 billion unwanted
messages in December. As much as 15 percent came from home PCs infected with
computer viruses such as the Mydoom worm, said D. K. Matai, chairman of Mi2g, a
computer-security consulting firm based in London"
When you read
quotes from D.K. Matai of Mi2g treat them with the same sort of scepticism as
you would a quote from Rob Enderle or Laura Didio. He is cast from the same
mould. For reference see http://www.theregister.co.uk/content/archive/28233.html[ Reply to This | # ]
|
|
Authored by: Anonymous on Wednesday, February 18 2004 @ 09:38 PM EST |
"An ITMJ reader pointed out that the service pack includes several open
source components, including the Common Unix Printing System (CUPS) and GNU
BASH, a command language interpreter. "If, as SCO claims, the GPL is invalid,
what gives them legal permission to distribute this software?" the reader
asked.
"Blake Stowell, SCO Group director of corporation communications,
told ITMJ that "I'm not sure how to answer that question. Our issue is with the
enforceability of the GPL. The issue that we have of proprietary software
getting into open source software isn't connected with whether SCO itself
distributes open source software. Until we are told otherwise, I'm sure that we
will continue to use open source software in our products."
http://servers.itmanagersjournal.com/servers/04/02/18/1949248.shtml?ti
d=73&tid=96&tid=97 [ Reply to This | # ]
|
|
Authored by: mobrien_12 on Wednesday, February 18 2004 @ 09:49 PM EST |
Is is viagra ads like was originally surmised?
Lately I'm getting a lot of "order prescription drugs online" stuff.
Is it related to mydoom?
Obviously the author of this virus knew what he was doing. A lot of publicity
for poor persecuted SCO, and very little for the real objective of myDoom.
Bleah.
[ Reply to This | # ]
|
|
Authored by: Anonymous on Wednesday, February 18 2004 @ 10:11 PM EST |
Microsoft and the rest of the world is going to get a nasty wakeup call one of
these days. Thus far the last 4 years or so you see virus and worm infections
sprouting up all the time. What strikes me is that none of these in the last 4
years or so have been destructive. Now imagine a worm like MSBlast or MyDoom
that contained a destructive payload. We are talking damages and destruction
adding up to not billions but perhaps even trillions of dollars in lost data and
repairs.
<br><br>
Let me give you a few scenarios..
Imagine if one of these script kiddie virus writers figure out just how easy it
is to open every single file the system has access to and rearrange the bytes in
it.
<br><br>
Imagine a virus that opens up every spread sheet it can find a randomly
rearranges a few cells.
<br><br>
Imagine a virus that flashes the bios in your pc with wortless code.
<br><br>
When this happens, and it is going to, the world will get a much needed but very
rude wake up call.
[ Reply to This | # ]
|
|
Authored by: floyds_void on Wednesday, February 18 2004 @ 11:04 PM EST |
IMO it is an extremely bad design decision for Microsoft to
execute
attachments embedded in untrusted email
deliberately obfuscate file
extensions such as .pif
I am a contractor to a .gov agency. Because of this
trojan we are mandated to shutdown almost all outgoing SMTP traffic. Because
hundreds of windows machines within the agency are infected. Which means a
major disruption in the many emails we send legitimately every day as a part of
business. Discussing this with the network tech and the firewall tech, we all
agree the major problem resides with Windows users clicking on executable
attachments and then Windows actually executing them and infecting their
computers. What a frickin' mess.
In my opinion, Microsoft should be liable
for crippling the internet because of their brain-dead design decisions which
for some reason they refuse to reverse. [ Reply to This | # ]
|
|
Authored by: Anonymous on Wednesday, February 18 2004 @ 11:18 PM EST |
The question is not whether a SCO license is actually required, but rather which
versions SCO _purports_ a license is required for.
Re: Linux versions
1. It is my understanding that previously SCO asserted commercial users of Linux
2.4 and later required a SCO license.
2. In OSV complaint about SCO, pages 7 and 8 are a copy of a SCO press release.
This claim commercial users of Linux 2.2 and later required a SCO license.
http://www.osv.org.au/index.cgi?tid=120
3. Yesterday I checked their SCO source FAQ page. It has been updated recently.
I haven't rechecked it today, but as of yesterday, they seem to be saying a SCO
license is requried for all Linux versions.
Re: BSD versions
4. Previously the SCOsource FAQ page asserted a SCO license was not required for
BSD.
5. When I checked yesterday the FAQ page used a more wholly language, suggesting
a SCO license was not required (for at least) properly licensed versions of BSD
(whatever that means)
IANAL, but it seems to me
(A) SCO is not entirely clear on their own position
(B) There must be some basis for promissory estoppel type defenses, even should
a SCO license be required. This is not only on the GPL issue, but on the fact
SCO previously asserted that other Linux versions were in the clear, I could
have relied on that promise, and now they want to hit me anyway.
Comments on this, or even a Groklaw article tracking this and SCO's rather
strange behaviour about versions would be much appreicated.
[ Reply to This | # ]
|
- Seconded - Authored by: Anonymous on Thursday, February 19 2004 @ 12:18 PM EST
|
Authored by: Anonymous on Wednesday, February 18 2004 @ 11:57 PM EST |
Never let the truth get into the way of a good story.
SCO has never had and will never have a case. [ Reply to This | # ]
|
|
Authored by: hal9000 on Thursday, February 19 2004 @ 12:16 AM EST |
Hi PJ
Could we start a topic on changes to some
licences that were previously completely GPL.
Such as XFree86 and Apache's new Licence.
Is this a growing trend ?
Has SCOG already performed it's service
to Microsoft ??
Just the facts jack, just the facts
[ Reply to This | # ]
|
|
Authored by: Anonymous on Thursday, February 19 2004 @ 12:23 AM EST |
From
9/26
http://www.nwfusion.com/news/2003/0926scoinfri.html
SC
O has not sold the SCO Linux software in question since May 12, but the
company continues to distribute it via the Internet to honor existing support
contracts, said SCO spokesman Blake Stowell.
Stowell disputed
the idea that SCO could no longer distribute Linux. "We're the copyright
holder for the core Unix operating system. If we want to charge someone a
licensing fee for using our copyrighted software that's gone into Linux, then we
have that prerogative," he said. "If we want to continue to distribute Linux
to our existing customers, we can do that because we own the copyrights on
that Unix software."
So as of 9/26/2003, we have SCO distributing
Linux via their web site, openly acknowledging they are, and justifying
it.
Let's have a look what they said in discovery about their past
distribution, emphasis
added
http://www.groklaw.net/article.php?story=20040215015800694
<
BR>
INTERROGATORY NO. 13
For each line of code and other
material identified in response to Interrogatory No. 12, please state whether
(a) IBM has infringed plaintiffs rights, and for any rights IBM is alleged to
have infringed, describe in detail how IBM is alleged to have infringed
plaintiffs rights; and (b) whether plaintiff has ever distributed the code or
other material or otherwise made it available to the public, as part of a Linux
distribution or otherwise, and, if so, the circumstances under which it was
distributed or otherwise made available, when it was distributed or made
available, to whom it was distributed or made available, and the terms under
which it was distributed or made available (such as under the GPL or any other
license).
SUPPLEMENTAL RESPONSE TO INTERROGATORY 13:
SCO
objects to this question on the basis that it is overly broad and unduly
burdensome and seeks information neither relevant nor reasonably calculated to
lead to the discovery of admissible evidence insofar as it requests the identity
of source code and other material in Linux contributed to Linux by parties other
than IBM or Sequent. Subject to and without waiving these objections, as it
pertains to SCO's rights involving IBM's contributions, SCO incorporates it
answers to its revised and supplemental answers to Interrogatory Nos. 1 through
6 and 9 above and the corresponding exhibits.
Insofar as this
interrogatory seeks information as to whether plaintiff has ever distributed the
code in question or otherwise made it available to the public, SCO has never
authorized, approved or knowingly released any part of the subject code that
contains or may contain its confidential and proprietary information and/or
trade secrets for inclusion in any Linux kernel or as part of any Linux
distribution. However, as noted above in response to Interrogatory No. 6, the
Protected Materials that IBM improperly contributed to Linux from AIX and
Dynix/ptx are found in any product that contains the Linux 2.4 kernel or above.
SCO sold or distributed the 2.4 kernel and above for a brief period of time
in SCO Linux Server 4.0, Powered by UnitedLinux. The sale or distribution of
this product was under the GPL without knowledge of the violations identified
above. After gaining knowledge of the violations discussed above, SCO ceased
distribution of the code in question. The particulars of when it was
distributed and to whom can be found in the invoices in Bates range 1186853 to
1227921. For the narrowing of the appropriate invoices they have been attached
as Tab 121.
IBM are clearly aware that SCO is distributing Linux
from their web site, so SCO's sworn statement that they were no longer
distributing Linux at all (and mention only of the invoices, not web site logs
etc.,) probably raised an eyebrow...
IBM then asked SCO to
clarify
http://www.groklaw.net/article.php?story=20040210170358999
IBM:
Sixth, SCO also fails to identify all places or locations
where the code at issue in this case may be found or accessed (such as on SCO
websites), and all the specific SCO products --- UNIX, UnixWare, Linux, or
otherwise --- in which the code at issue in this case was included, and when, to
whom and under what terms such products were distributed or made
available.
SCO:
Moreover, regarding IBM's specific comment
that SCO must identify where on its website and in which SCO products the
Protected Materials may be found or accessed, that has been done. As indicated
in response to Interrogatory Nos. 3 and 13, the Protected Materials would be
found in any other product that contains Linux 2.4 kernel or above and SCO
distributed the Linux 2.4 kernel and above for a brief period of time in SCO
Linux server 4.0. Moreover, we provided you with the invoices that laid the
terms under which these materials were made available
[ Reply to This | # ]
|
|
Authored by: ile on Thursday, February 19 2004 @ 03:06 AM EST |
In view of all this, there is a point I think we should be
making more often, and that I'll illustrate with a recent
story.
A good friend of mine happens to own a small (as yet!) IT
company. He actually knows next to nothing when it comes
to programming, and relies on a couple of very good
programmers, as he well should. Nice and dandy.
Now, I had some mail from his and his wife's personal
e-mail address that immediately led me to think that their
machine at home had been turned into a spam-bot (Windows,
of course - what else?). I warned them, and, even though
they did not take my warning all that seriously at the
beginning, later they realised, looking at the traffic
through their modem, that I could be right. So they called
on one of the company's programmers, who needed about an
hour and a half to clean the machine up. They had
doomjuice, of course, and plenty more...
Now, the sad thing, of course, is that they required a
full hour and a half of a good programmer's time, but that
whenever I suggest that they give a spin to a Linux distro
they point out that it will take time for them to try
everything out and install and the like. Much as I try to
point out that currently installations with Mandrake, say,
are almost out of the box and would take about half an
hour on their machine (on the outside), no way.
This will change in time, I guess. Already at their
company they are thinking of firewalling with a Linux box,
instead of just relying of configuring the Windows
machines (and these programmers know what they are doing,
so they do know that you can close ports on a Windows box
too), and of setting up a small cluster. No question that
the cluster will use Linux...
But even so, and this is really the point I would like to
make, Windows diehards are using two kinds of arguments
with me. The one I accept and understand is that some
specific applications have got either no good substitute
in the Linux/BSD (even OSX) world or no good porting over
of data to the substitute.
The one which is really getting to my nerves is that
Linux/BSD take a disproportionate amount of time in admin
tasks for a home user. It gets to my nerves because they
never consider the amount of admin time (even expert admin
time) they require for their windows box _even if one only
considers admin time cleaning up for virus or installing
antivirus software_.
I guess I'll have to get myself a MandrakeMove CD to show
them...
ile [ Reply to This | # ]
|
|
Authored by: ile on Thursday, February 19 2004 @ 03:54 AM EST |
Funnily enough, the Prince of Asturias (the heir to the
throne of Spain) has opened the Open Source World
Conference in Málaga. I guess this goes to show that Free
Libre Open Source is a communist led plot for world
domination, the Spanish royal family is well known for
their communist views...
(BTW, I actually dislike mixing royalty and FLOSS - for
one thing, I am a supporter of the Republic; and for
another, royalty / royalties / proprietary systems...)
Couple of links
http://www.opensourceworldconference.com/index.php?&MMN_position=28:26
http://www.elmundo.es/navegante/2004/02/18/softlibre/1077119437.html [ Reply to This | # ]
|
- Viva Espana! - Authored by: Anonymous on Thursday, February 19 2004 @ 07:36 AM EST
|
Authored by: Alastair on Thursday, February 19 2004 @ 04:09 AM EST |
I was quite interested to note that someone has written another virus,
called Doomhunter, that infects machines running MyDoom when it spots
them
scanning a machine it's infected, then removes MyDoom from the
system. I don't
know if there are any other effects, but I do wonder whether
this type of thing
isn't a better way to protect a network from viruses and
malware than the usual
antivirus approach. I mean, if a virus can scan for and
automatically infect
vulnerable machines, then so can a patch to stop the
virus, right?
It
isn't the first time that someone has written an "anti-virus"
either…
there used to be a virus on the Atari ST that could protect the
boot sector of
a floppy disk from being infected, as well as spotting and
removing boot sector
viruses. Indeed, some antivirus software on that
platform could actually
install the anti-virus for you!
The only downside of anti-virus viruses
is that they sometimes have
unintended effects; in the past, anti-virus
bootsector and link viruses
sometimes disrupted software (particularly computer
games, which tended to
use the disk boot sectors, at least on Atari and Amiga
platforms). However,
the current batch of viruses don't infect programs or
disks—they infect
machines—so it seems to me that this problem has
largely
disappeared as it's much less likely that a machine virus will disrupt
its
operation (provided it hasn't been written to do so), and it's much easier
to
remove other viruses without damaging any other software that may be
installed. [ Reply to This | # ]
|
|
Authored by: Anonymous on Thursday, February 19 2004 @ 07:15 AM EST |
Will Darl apologize for leaping to ugly conclusions before all the facts were
in? Will journalists and editorial writers and analysts take note and make
corrections?
I doubt it.[ Reply to This | # ]
|
|
Authored by: ile on Thursday, February 19 2004 @ 08:16 AM EST |
Well, the regional government of Andalusia was handing out
a distro of theirs, Guadalinex (word play with the arabic
root uad, river, which you find in the most important
rivers of the region).
In my region (Basque Region) there is no official policy
with regard to OS, other than some fluffy comments. And,
after all, they _paid_ M$ to translate I do not remember
which version of Windows to Basque, so I do not think they
really intend to have a policy.
And the Biscay IRS forces me to use Windows for my IRS
returns. For the common tax territory there is a Linux
version of the government sponsored program (explanation:
the Basque autonomous region and the Navarre autonomous
region have got a different tax system; in fact, each
province in the Basque autonomous region has got a
different tax system; therefore I do not pay any income
tax at all to the central government not to the Basque
government, only to the Biscay province government).
BTW, Mandrake at the very least has the installer in
Basque!! (Thanks, Saratxaga jauna!)
Way to go, anyhow. [ Reply to This | # ]
|
|
Authored by: Anonymous on Thursday, February 19 2004 @ 10:15 AM EST |
"chairman of Mi2g"
Ignore this source. They're a press-release driven company that don't really
supply much to the body of works besides recycling warm, fetid air.
http://vmyths.com/resource.cfm?id=64&page=1
Draconis[ Reply to This | # ]
|
|
Authored by: pogson on Thursday, February 19 2004 @ 10:59 AM EST |
Article in the
Register describes trying to use RICO to go after the RIAA for its tactics.
There are some similarities to SCO in that both SCO and RIAA may have some
legitimate grievance, but their tactics are unethical at least
IMHO. --- Happiness=RAID1 with multiple 120gB drives [ Reply to This | # ]
|
|
Authored by: Anonymous on Thursday, February 19 2004 @ 01:40 PM EST |
Pittsburgh Post
Gazette makes the point that maybe the virus was created aiming at SCO and
MS so that linux developers would be less willing to fix the problem. [ Reply to This | # ]
|
|
Authored by: rand on Thursday, February 19 2004 @ 03:13 PM EST |
Don'cha just hate it when the news hits a little too close to home?
I just got an email from Yahoo.com. It seems that a few of the dozen or so
p*-enlargement emails I sent from my home account about 20 minutes ago were
undeliverable.
That means that when Daddy gets home he's going to be spending the evening
de-lousing the family computer (again) and throwing stuff around and cussin' and
stuff. Heaven help the rugrat who was sitting at that keyboard at around
13:59:56 this afternoon (hint: that narrows it down considerably).
---
carpe ductum -- "Grab the tape" (IANAL and so forth and so on)[ Reply to This | # ]
|
|
|
|
|