decoration decoration
Stories

GROKLAW
When you want to know more...
decoration
For layout only
Home
Archives
Site Map
Search
About Groklaw
Awards
Legal Research
Timelines
ApplevSamsung
ApplevSamsung p.2
ArchiveExplorer
Autozone
Bilski
Cases
Cast: Lawyers
Comes v. MS
Contracts/Documents
Courts
DRM
Gordon v MS
GPL
Grokdoc
HTML How To
IPI v RH
IV v. Google
Legal Docs
Lodsys
MS Litigations
MSvB&N
News Picks
Novell v. MS
Novell-MS Deal
ODF/OOXML
OOXML Appeals
OraclevGoogle
Patents
ProjectMonterey
Psystar
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v IBM
SCO v Novell
SCO:Soup2Nuts
SCOsource
Sean Daly
Software Patents
Switch to Linux
Transcripts
Unix Books
Your contributions keep Groklaw going.
To donate to Groklaw 2.0:

Groklaw Gear

Click here to send an email to the editor of this weblog.


Contact PJ

Click here to email PJ. You won't find me on Facebook Donate Paypal


User Functions

Username:

Password:

Don't have an account yet? Sign up as a New User

No Legal Advice

The information on Groklaw is not intended to constitute legal advice. While Mark is a lawyer and he has asked other lawyers and law students to contribute articles, all of these articles are offered to help educate, not to provide specific legal advice. They are not your lawyers.

Here's Groklaw's comments policy.


What's New

STORIES
No new stories

COMMENTS last 48 hrs
No new comments


Sponsors

Hosting:
hosted by ibiblio

On servers donated to ibiblio by AMD.

Webmaster
Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam
Wednesday, February 18 2004 @ 04:14 PM EST

I hate to say I told you so, but I told you so. MyDoom was programmed to send spam, and it is. Here's a Bloomberg report:
Unsolicited e-mail, or spam, more than doubled to 700 billion messages in January as home personal computers were taken over by viruses, security researchers said.

The amount of spam worldwide rose from 310 billion unwanted messages in December. As much as 15 percent came from home PCs infected with computer viruses such as the Mydoom worm, said D. K. Matai, chairman of Mi2g, a computer-security consulting firm based in London, citing reports from law-enforcement authorities and discussions with companies.

President Bush signed legislation Dec. 16 setting new fines and prison terms for those who disseminate spam. The Mydoom virus, which attacked home and company networks through e-mail starting Jan. 26, turns a computer into a "zombie" that waits to receive hackers' instructions over the Internet to send spam.

Will Darl apologize for leaping to ugly conclusions before all the facts were in? Will journalists and editorial writers and analysts take note and make corrections?

While no one yet knows who is responsible, one thing is for sure. Every Microsoft computer user has an opportunity to help fix this problem. Just make sure to clean up all your Windows computers. The damage from MyDoom and other malware would be close to zero if everyone was diligent about taking the necessary steps to make sure they are not being used as zombies. I'm sure SCO would be thankful. Seriously, you can stop MyDoom. Linux users are not contributing to this continuing problem in any way, because MyDoom doesn't take over Linux computers, but you Windows users are. So, please, check to see if your computer is infected and if it is, fix it. That would be the end of MyDoom's mischief. Really. It's just common decency.


  


Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam | 295 comments | Create New Account
Comments belong to whoever posts them. Please notify us of inappropriate comments.
Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam
Authored by: Waterman on Wednesday, February 18 2004 @ 04:45 PM EST
"Will Darl apologize for leaping to ugly conclusions before all the facts were in? Will journalists and editorial writers and analysts take note and make corrections?" Would you want to hold your breath that long? :-)

[ Reply to This | # ]

Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam
Authored by: Ares_Man on Wednesday, February 18 2004 @ 04:46 PM EST
I guess MSBlast wasn't enough, was it? Of course, I wouldn't be surprised if SCO
blamed MSBlast on Linux users upset with SCO.

[ Reply to This | # ]

Apologies
Authored by: Anonymous on Wednesday, February 18 2004 @ 04:47 PM EST
Neither McBride, DiDio, or Enderle will ever admit to being wrong
or vicious on this count (which they were). They will pretend like
it never happened, or that it was somehow a reasonable
assumption to make.

[ Reply to This | # ]

Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam
Authored by: Anonymous on Wednesday, February 18 2004 @ 04:49 PM EST
McAfee AVERT Stinger is free and can clean things up for a Windows user quite nicely.

[ Reply to This | # ]

Virii
Authored by: jbeadle on Wednesday, February 18 2004 @ 04:51 PM EST
And of course, we're busy fighting/cleaning up after the 2 new ones at work -
bagle.b and netsky.b.

Sure glad I don't have these kinds of problems at home...

-jb

[ Reply to This | # ]

  • Virii - Authored by: bobn on Wednesday, February 18 2004 @ 05:14 PM EST
Fight for control over My Doom infected machines
Authored by: Anonymous on Wednesday, February 18 2004 @ 04:53 PM EST
This was posted over at SANS's Internet Storm Center the other day:

"Published information says only the DDoS component was set to expire, so why did scans for 3127 drop significantly? It is also apparent that there is a significant effort for control of blocks of MyDoom infected systems. George Bakos and his TinyHoneyPot (THP) submitted an example:"

They have some neat graphs too... Incidents.org

[ Reply to This | # ]

  • Suggestion - Authored by: HPNpilot on Wednesday, February 18 2004 @ 05:08 PM EST
    • A worm is a worm - Authored by: Chugiak on Wednesday, February 18 2004 @ 05:23 PM EST
    • Suggestion - Authored by: Anonymous on Wednesday, February 18 2004 @ 05:26 PM EST
      • Suggestion - Authored by: Ares_Man on Wednesday, February 18 2004 @ 05:30 PM EST
        • Bad Idea - Authored by: Anonymous on Wednesday, February 18 2004 @ 06:26 PM EST
    • Suggestion - Authored by: Anonymous on Wednesday, February 18 2004 @ 06:22 PM EST
      • Suggestion - Authored by: Anonymous on Wednesday, February 18 2004 @ 10:14 PM EST
    • Suggestion - Authored by: Anonymous Coward on Thursday, February 19 2004 @ 02:04 AM EST
    • Suggestion (bad idea) - Authored by: Anonymous on Thursday, February 19 2004 @ 01:53 PM EST
Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam
Authored by: Nick_UK on Wednesday, February 18 2004 @ 04:53 PM EST
Darl doesn't need to apologise.

I read his stuff, and [titanium hat] what he is doing is what he needs to do.

He said he was brought in to increase the SCO shareholders value. He had to
turn the Company around and start to draw revenue. He said he had to do it the
best way in business.

Ok, that's not a quote, but the intention.

Now, back to Mydoom etc. Really, and logically, it isn't SCO that have spurred
the claptrap, but the bloody press who haven't a clue anyway where 'truthful'
reporting comes in.

So I don't blame Darl at all... he is clever in pulling in the press to do the
work.

So not only have true Linux people have to put up with a real fight against what
is/was/has been open source code, also they have to put up with the press herds
of sheep all following one another to the gutter.

Nick

[ Reply to This | # ]

Its no 5pm EST
Authored by: kberrien on Wednesday, February 18 2004 @ 05:02 PM EST
So, who got sued today?

[ Reply to This | # ]

Huge Upsurge in Spam Reported
Authored by: Anonymous on Wednesday, February 18 2004 @ 05:09 PM EST
This is probably the reason some ISPs are now blocking e-mail from other
providers claiming there's too much spam coming from them. Of course this also
blocks legitimate communications so that if your ISP and your customer's or
branch office's ISP are having a feud, you might miss something important. Since
the ISPs don't notify you of this, you may be blissfully unaware that your best
customer is cursing you soundly and sending that big order to your competitor
because his messages are bouncing.

[ Reply to This | # ]

Spammer's new MO
Authored by: Nick_UK on Wednesday, February 18 2004 @ 05:19 PM EST

Ummm, but being a Sysadmin, and having to put up with all sorts of crap each day the users get up to, remember Mydoom was a simple attachment with no M$ vunerability or indirect instructions.

The users had to run it - and they did.

So, here's the bookTee-Shirt to get:

O'Real ly! A clue to lusers

Nick

[ Reply to This | # ]

Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam
Authored by: gressil on Wednesday, February 18 2004 @ 05:20 PM EST
We'll never get an apology from Darl, at the moment I'd settle for an apology
from DiDio and Enderle, but then being an analyst means you never have to say
you're sorry (or wrong).

Chris.

[ Reply to This | # ]

Spammer's new MO
Authored by: Anonymous on Wednesday, February 18 2004 @ 05:29 PM EST
You should've deleted that forged webmaster@ address!

I'm rejecting over 4000 a day at my normal address (and
accepting a couple of hundred a day legit. messages
- addressed to me or to lists I (choose to) subscribe to.

Those bounce-viri were a feature of MyDoom. Not so hard to
filter out really. Rejecting windoze-fileformats helps. Rejecting
spammer-misspellings and p.u.n.c.t.u.a.t.i.o.n-filled words helps.
Rejecting bro<sfwrf>ken-up words helps - that kind of pattern
indicates spam without having to recognise the word as
M.0rtgage or Vaigara (misspelled or otherwise).

[ Reply to This | # ]

Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam
Authored by: Anonymous on Wednesday, February 18 2004 @ 05:30 PM EST
I remember Darl saying sorry... but then he turned into a piece of green cheese,
and flew away up to the moon...

Damn! That'll teach me to eat cheese before going to bed. Damn nightmares!

Rearrange these cunningly disguised words to find out when Darl will say
sorry.... Freezes, Hell, Over, When.

Greebo
(I must remember to bring my password home from work!)

[ Reply to This | # ]

Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam
Authored by: Anonymous on Wednesday, February 18 2004 @ 05:31 PM EST
As much as 15 percent came from home PCs infected with computer viruses such as the Mydoom worm, said D. K. Matai, chairman of Mi2g, a computer-security consulting firm based in London, citing reports from law-enforcement authorities and discussions with companies...Will journalists and editorial writers and analysts take note and make corrections?

If you're quoting (even indirectly) as disreputable a bunch of charlatans as mi2g, then I'm afraid the answer's no, we won't. Speaking as a journalist covering IT security, I defy you to find any of my peers who take mi2g (and DK Matai in particular) seriously.

I'm not bothered though. Our coverage of MyDoom assumed it was a smokescreen for a spam engine from the start, so I'm a) comfortable we had the right angle all along, and b) open to suggestion that these stats may be legit. But you'd need to find a MUCH more authoritative, trusted and credible source for me to give this snippet any airtime whatsoever. Nothing personal: just prior knowledge of dealing with these people.

[ Reply to This | # ]

OT : When will the judge rule ?
Authored by: Anonymous on Wednesday, February 18 2004 @ 05:32 PM EST
This waiting is killing me.

When is the Judge expected to make an announcement on the ruling? Any ideas
anyone, or have i missed the grand event?

Greebo.

[ Reply to This | # ]

Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam
Authored by: honestpuck on Wednesday, February 18 2004 @ 05:40 PM EST
While no one yet knows who is responsible, one thing is for sure. Everyone using Microsoft computers has an opportunity to help fix this problem. Just make sure to clean up all your Windows computers. The damage from MyDoom and other malware would be close to zero if everyone was diligent about taking the necessary steps to make sure they are not being used as zombies. I'm sure SCO would be thankful. Seriously, you can stop MyDoom. Linux users are not contributing to this continuing problem in any way, because MyDoom doesn't take over Linux computers, but you Windows users are. So, please, check to see if your computer is infected and if it is, fix it. That would be the end of MyDoom's mischief. Really. It's just common decency.

Too true, PJ. It's also costing us money. I (and the company I work for) run absolutely no Windows systems yet the ISP we are forced to use (here in Australia you pretty much have to buy broadband from Telstra or one of their wholesalers) had to double the number of mailservers to cope with virus driven spam.

I'm wondering how long it will be before ISPs start checking connected computers and not allowing infected ones to stay online. If I'm suffering from TB, SARS or any number of other human diseases then I'm not allowed to travel and not allowed at work, but if I have a laptop infected with a computer virus I can connect it anywhere I like. These typhoid marys have to be stopped

Tony Williams

[ Reply to This | # ]

Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam
Authored by: Anonymous on Wednesday, February 18 2004 @ 05:48 PM EST
Nah, that clearly shows that linux hackers and the open
source community are even more evil than Mr. McBride
thought: they not only flooded SCO but now want to flood
everyone with spam and abuse everyones computers just as
they abused SCO's IP.

This interpretation may sound ridiculous to you but
i have been working as a press speaker and this was one of
the first connotations i noted. Working with connotations
and implicitely working with previous news 'mems' is normal
(press) business. And unfortunately, 'Linux hackers' ==
'MyDoom writers' was one of the main mems in the last weeks
unless i missed something.

[ Reply to This | # ]

Not all spams come from email viruses.
Authored by: Anonymous on Wednesday, February 18 2004 @ 05:48 PM EST
People should remember that not all spam sent
via "spam relays" made by subverting a computer
come from a computer subverted by an email virus.

There are all sorts of other techniques ( especially
on Windows computers ) that one can use to subvert a
computer. Worms, trojan horses etc.

[ Reply to This | # ]

Darl will help explain...
Authored by: seanlynch on Wednesday, February 18 2004 @ 05:52 PM EST
"Will Darl apologize for leaping to ugly conclusions before all the facts were in? "

No, Darl will help us understand the true benefits of well written closed source worms and viruses like MyDoom. You see most of those computers that are infected are probably under utilized hardware. Code like the code in MyDoom helps unleash and 'monetize' these machines.

People make very little use of their home hardware. They may send and receive a little e-mail, play a few hands of solitaire, or read interesting analysts talk about SCO's efforts to protect "Intelectual Property" from hordes of ankle biting monkeys (or something like that).

MyDoom helps 'Monetize' these under utilized computers allowing business men and women to profit. After all, since the spammer's copyrighted creation is on your machine, by your choosing to click on their executable, all of your machine should be considered the property of the spammer.

At least that's probably how Darl and his friends think ;)

[ Reply to This | # ]

Spammer's new MO
Authored by: Anonymous on Wednesday, February 18 2004 @ 06:04 PM EST
You've just described the MBlast virus. Somebody you know has an infected
computer that is sending bogus bounced emails with forged headers.

[ Reply to This | # ]

  • Spammer's new MO - Authored by: Anonymous on Wednesday, February 18 2004 @ 06:06 PM EST
Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam
Authored by: Anonymous on Wednesday, February 18 2004 @ 06:06 PM EST
You have to admit that the MyDoom writers plan worked perfectly. The DDos of sco
did exactly what they wanted it to do. Instead of focusing on the nasties, the
world media thanks to Darl and Balmer, focused on the DDOS and everyone just
ignored the rest.

Well done Darl, MS, and the media, you played right into their hands. You lot
are the ones to blame over this......

RSC.

[ Reply to This | # ]

Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam
Authored by: Anonymous on Wednesday, February 18 2004 @ 06:24 PM EST
FOR IMMEDIATE RELEASE

18 February 2004 Hutchinson Kansas

Like all long-lived online communites Groklaw has become it's own worst enemy.
While high quality research piles up unpublished in the Groklaw inbox, PJ hurls
insults of "I told you so" and spams the listening SlashDotters with
rehashed Bloomberg reports they are too slow to comprehend for themselves.

New visitors are greeted by Headlines that shout "Attachment C to
Yesterdays Headline Now Available in an Assortment of Colors" with an
article that provides this breathless analysis "the pdf is here"

I am going back where I came from now. If anyone else is interested in coming
they are welcome to join me. I refuse to stay and watch this any longer.

[ Reply to This | # ]

OT, BTW At the link below TSG is distributing IBM ans SuSE Source code
Authored by: blhseawa on Wednesday, February 18 2004 @ 06:37 PM EST
I'm been watching the TSG web site change and have been burning CD's for each
night.

Couple of things worth noting:

1) ftp://ftp.scom.com/pub/ has in fact removed all source code for Linux.

2) http://linuxupdate.sco.com/scolinux/update/RPMS.updates/ just click OK on the
login box, is now distributing the SuSE Linux kernel and the IBM Java stuff.

see this link for example:
http://linuxupdate.sco.com/scolinux/update/RPMS.updates/kernel-source-2.4.19.SuS
E-104.i586.rpm

Just an FYI ---.

[ Reply to This | # ]

Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam
Authored by: mrsam on Wednesday, February 18 2004 @ 07:11 PM EST
President Bush signed legislation Dec. 16 setting new fines and prison terms for those who disseminate spam.

If this is referring to the CAN-SPAM act, then I regret to inform everyone that this piece of legislation's name is very appropriate: indeed, according to this legislation you CAN SPAM as much as you want, provided that you follow some token rules. This bill was written mostly by the Direct Marketing Association, a fact which is not lost on the anti-spam community which opposed this bill from its inception. As the anti-spam community predicted, "many spammers aren't really doing anything different than they did before the Can-Spam Act was passed -- they're just creating the illusion they are complying with the law and using it to market or commit fraud".

Now, getting back to MyDoom: if SCO would like to blame MyDoom on someone, SCO should really blame:

1. Microsoft, for leveraging their monopoly into forcing millions of PC worldwide to be running software whose primary function is to propagate viruses and trojans.

2. Hundreds of clueless Internet providers. I helped my parents the other day to configure DSL on their new PC. The setup CD provided by the Internet provider did a very good job at setting everything up.

Including enabling NetBIOS, and file/print sharing on the broadband connection; and with Windows XP's firewall completely disabled.

It took less than thirty seconds after the setup program finished before this PC got itself infected by Blaster and Welchia. Through no reasonable fault of its owner. Needless to say I spent the next four hours fumigating this box, and doing what had to be done.

But how many people really know all about this. I venture to say that most of them obediently stick the setup CD, click a few buttons, then off they go on their merry way, completely oblivious to the fact that their PC is now spewing viruses and spam all over the world.

[ Reply to This | # ]

OT: a fresh jewel from Enderle
Authored by: rikvanjak on Wednesday, February 18 2004 @ 07:12 PM EST
check it out (for a laugh)

http://www.technewsworld.com/perl/story/32885.html

[ Reply to This | # ]

Darl
Authored by: overshoot on Wednesday, February 18 2004 @ 07:21 PM EST
Silly -- this just proves that those horrible Linux hackers are the ones behind
spam, too. After all, if MyDoom (which was written to attack SCO) sends spam
that proves it.

[ Reply to This | # ]

Off topic: OpenServer Update Pack 2
Authored by: Anonymous on Wednesday, February 18 2004 @ 07:23 PM EST
SCO today proudly announced the release of OpenServer Update Pack 2 which includes PostgreSQL:
This system gives SCO customers and partners access to hundreds of already-built applications and the power to build other database- driven solutions out of the box.
Although PostgreSQL is not GPL, it's still open source, BSD License (original).

[ Reply to This | # ]

How to protect WinXP, and Win98 under Win4Lin?
Authored by: Thomas Frayne on Wednesday, February 18 2004 @ 07:36 PM EST
I dual boot WinXP, but seldom run it, and disable the internet when I do, except
when downloading patches, which are up to date as of about a week ago. I'll
download the latest patches next time I boot it. Anything else I should do?

I run Win4Lin behind a Linux firewall, with services other than NFS disabled,
and NFS limited to the LAN in my home. I run Win98 under Win4Lin, and am a week
or two behind in downloading patches. I use IE under Win98 to download from the
internet, but do not process email under Win98. I monitor my email for spam,
viruses and Trojans. I expect to download the latest Win98 patches in the next
day or two.

Anything else I should do?

[ Reply to This | # ]

Alternative to Groklaw?
Authored by: Anonymous on Wednesday, February 18 2004 @ 07:43 PM EST


For those who want an alternative approach, try
mozillaquest.com.

I am still grateful to Groklaw, also 'cause here we have feedback.

Idontdowindows

[ Reply to This | # ]

January, not February
Authored by: JeR on Wednesday, February 18 2004 @ 07:43 PM EST
You wrote:

I hate to say I told you so, but I told you so. MyDoom was programmed to send spam, and it is. Here's a Bloomberg report:

"Unsolicited e-mail, or spam, more than doubled to 700 billion messages in January as home personal computers were taken over by viruses, security researchers said.

"The amount of spam worldwide rose from 310 billion unwanted messages in December."

As far as a couple of sources I just checked (just to be sure) tell me, MyDoom was first seen in the wild on the 26th of January, 2004 (and started bombarding <www.sco.com> on the 1st of February).

Are you really trying to claim that MyDoom relayed about 390 billion spam messages in just 7 days? I can't believe that.

[ Reply to This | # ]

100% effective anti-virus software
Authored by: Anonymous on Wednesday, February 18 2004 @ 07:59 PM EST
I can't believe there are still people out there not using my anti-virus software. It's free and 100% effective.

Void

[ Reply to This | # ]

Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam
Authored by: pooky on Wednesday, February 18 2004 @ 08:14 PM EST
No, Darl will say that obviously the lawless socialist Linux community is the
same one as the lawless criminal spam sending community and urge Bush to use the
US military to use any means necessary to stop all of us.

-pooky

---
Veni, vidi, velcro.
"I came, I saw, I stuck around."

[ Reply to This | # ]

  • Socialists?? - Authored by: Anonymous on Thursday, February 19 2004 @ 12:06 PM EST
I have not seen a huge upsurge in February
Authored by: whoever57 on Wednesday, February 18 2004 @ 08:34 PM EST
I manage my company's network (amongst *many* other tasks) and I have not seen a
huge upsurge in SPAM in February.

I just went back and checked our logs (I can easily use grep to count the number
of emails that SpamAssassin identified as SPAM) and there was a large increase
during January (~20%), but if anything our spam count is down since January 25.

Now this analysis says nothing about how SPAM is being sent, whether spammers
are using MyDoom-infected PCs in preference to any other means. I might be able
to infer something like that from the hits against Spamhaus' XBL list -- which
has definitely been increasing. On the other hand, I don't know enough about the
accuracy of that list.

---
-----
For a few laughs, see "Simon's Comic Online Source" at
http://scosource.com/index.html

[ Reply to This | # ]

Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam
Authored by: brian on Wednesday, February 18 2004 @ 08:46 PM EST
PJ, you wrote the following:

"The damage from MyDoom and other malware would be close
to zero if everyone was diligent about taking the
necessary steps to make sure they are not being used as
zombies."

I agree that the end user (or network administrator in
larger operations) is ultimately responsible for the
security (or lack there of) of their own machines. There
is one major problem with this concept though.....
Pre-installation....

Let me explain. Most home PCs sold that have MS XP Home
installed are defaulted to wide open admin only boxes with
little to no attempt from either the manufacturer or MS in
the steps to take to properly harden these boxes. Add to
this the "closed source think" of get as much money as
possible by charging for virus updates and security
software it is simply a recipe for disaster.

Let me give you a little story to illustrate my point...

My roommate got a new computer (HP) from the local
computer store when my Linux box got hit by lightning
while I was out of town. In getting his new system up he
decided to hook the cable modem DIRECTLY to his new box.
The system defaulted to "Valued HP user" as the username
and no password. To further agrivate this that user had
full administrator rights. He is a complete computer idiot
in that he doesn't know what antivirus software, firewall,
permissions, etc. even are. So, to make a long story
short, he got infected as well as hacked in about 15 mins.

What I'm trying to say is that most types of people these
manufacturers (both software and hardware) are attracting
have no concept of computer security and the manufacturers
are not doing anything to help them when they release
systems like these. If "blame" is to be given it first
goes to the manufacturers (software as well as hardware)
THEN to the user.

Just my 0.02

B.

---
#ifndef IANAL
#define IANAL
#endif

[ Reply to This | # ]

Do your part, too bad "they" don't do theirs
Authored by: Anonymous on Wednesday, February 18 2004 @ 09:04 PM EST
The damage from MyDoom and other malware would be close to zero if everyone was diligent about taking the necessary steps to make sure they are not being used as zombies.

The damage from many of these worms/viri would be prevented, but not all. Microsoft has a responsibility in this as well, which they are not living up to.

eEye Digital Security submitted the ASN.1 vulnerability to Microsoft which took Microsoft over 6 months to fix. There are 2 more remotely exploitable holes which have also been disclosed by eEye to Microsoft 101 days ago. Wasn't part of the settlement with DOJ that the DOJ could fine Microsoft for failing to address security in a timely manner? These are 2 worms waiting to happen which Microsoft has known about for 3 1/2 months.

This is typical of Microsoft. They treat security problems as PR issues and as a result the entire Internet suffers. Why doesn't DOJ do something?!?!?

[ Reply to This | # ]

Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam
Authored by: Xenographic on Wednesday, February 18 2004 @ 09:08 PM EST
Will Darl apologize for leaping to ugly conclusions before all the facts were
in? Will journalists and editorial writers and analysts take note and make
corrections?
-----

No. Sadly neither will, save maybe those journalists who didn't leap to that
conclusion to begin with.

What he will most likely do is try to link the Linux community to spammers.
Yes, I suspect some spammers use Linux, we can't very well stop them (just as
SCO can't very well keep them from using SCO's UNIX, legally or otherwise). I'm
sure that the very negative view we hold of spammers (they have gotten even less
mature pranks from slashdotters, for example... the rest of us use more legal
means to shut them down, such as helping ISPs to cancel their accounts, etc.)

No, that doesn't make sense, but if Darl does not do that, I suspect it will
only be because he did not think of it. Darl does not make a lot of sense,
anyhow.

[ Reply to This | # ]

Be sceptical about Mi2g
Authored by: delboy711 on Wednesday, February 18 2004 @ 09:29 PM EST
"The amount of spam worldwide rose from 310 billion unwanted messages in December. As much as 15 percent came from home PCs infected with computer viruses such as the Mydoom worm, said D. K. Matai, chairman of Mi2g, a computer-security consulting firm based in London"
When you read quotes from D.K. Matai of Mi2g treat them with the same sort of scepticism as you would a quote from Rob Enderle or Laura Didio. He is cast from the same mould. For reference see http://www.theregister.co.uk/content/archive/28233.html

[ Reply to This | # ]

Blake Stowell on SCO distributing GPL software
Authored by: Anonymous on Wednesday, February 18 2004 @ 09:38 PM EST
"An ITMJ reader pointed out that the service pack includes several open source components, including the Common Unix Printing System (CUPS) and GNU BASH, a command language interpreter. "If, as SCO claims, the GPL is invalid, what gives them legal permission to distribute this software?" the reader asked.

"Blake Stowell, SCO Group director of corporation communications, told ITMJ that "I'm not sure how to answer that question. Our issue is with the enforceability of the GPL. The issue that we have of proprietary software getting into open source software isn't connected with whether SCO itself distributes open source software. Until we are told otherwise, I'm sure that we will continue to use open source software in our products."

http://servers.itmanagersjournal.com/servers/04/02/18/1949248.shtml?ti d=73&tid=96&tid=97

[ Reply to This | # ]

What spam emails are being sent?
Authored by: mobrien_12 on Wednesday, February 18 2004 @ 09:49 PM EST
Is is viagra ads like was originally surmised?

Lately I'm getting a lot of "order prescription drugs online" stuff.
Is it related to mydoom?

Obviously the author of this virus knew what he was doing. A lot of publicity
for poor persecuted SCO, and very little for the real objective of myDoom.

Bleah.


[ Reply to This | # ]

Malicious Virus
Authored by: Anonymous on Wednesday, February 18 2004 @ 10:11 PM EST
Microsoft and the rest of the world is going to get a nasty wakeup call one of
these days. Thus far the last 4 years or so you see virus and worm infections
sprouting up all the time. What strikes me is that none of these in the last 4
years or so have been destructive. Now imagine a worm like MSBlast or MyDoom
that contained a destructive payload. We are talking damages and destruction
adding up to not billions but perhaps even trillions of dollars in lost data and
repairs.
<br><br>
Let me give you a few scenarios..
Imagine if one of these script kiddie virus writers figure out just how easy it
is to open every single file the system has access to and rearrange the bytes in
it.
<br><br>
Imagine a virus that opens up every spread sheet it can find a randomly
rearranges a few cells.
<br><br>
Imagine a virus that flashes the bios in your pc with wortless code.
<br><br>
When this happens, and it is going to, the world will get a much needed but very
rude wake up call.

[ Reply to This | # ]

Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam
Authored by: floyds_void on Wednesday, February 18 2004 @ 11:04 PM EST
IMO it is an extremely bad design decision for Microsoft to
  • execute attachments embedded in untrusted email
  • deliberately obfuscate file extensions such as .pif

    I am a contractor to a .gov agency. Because of this trojan we are mandated to shutdown almost all outgoing SMTP traffic. Because hundreds of windows machines within the agency are infected. Which means a major disruption in the many emails we send legitimately every day as a part of business. Discussing this with the network tech and the firewall tech, we all agree the major problem resides with Windows users clicking on executable attachments and then Windows actually executing them and infecting their computers. What a frickin' mess.

    In my opinion, Microsoft should be liable for crippling the internet because of their brain-dead design decisions which for some reason they refuse to reverse.

    [ Reply to This | # ]

  • OT: Which versions of Linux and BSD require a SCO license
    Authored by: Anonymous on Wednesday, February 18 2004 @ 11:18 PM EST
    The question is not whether a SCO license is actually required, but rather which
    versions SCO _purports_ a license is required for.


    Re: Linux versions

    1. It is my understanding that previously SCO asserted commercial users of Linux
    2.4 and later required a SCO license.

    2. In OSV complaint about SCO, pages 7 and 8 are a copy of a SCO press release.
    This claim commercial users of Linux 2.2 and later required a SCO license.
    http://www.osv.org.au/index.cgi?tid=120

    3. Yesterday I checked their SCO source FAQ page. It has been updated recently.
    I haven't rechecked it today, but as of yesterday, they seem to be saying a SCO
    license is requried for all Linux versions.



    Re: BSD versions

    4. Previously the SCOsource FAQ page asserted a SCO license was not required for
    BSD.

    5. When I checked yesterday the FAQ page used a more wholly language, suggesting
    a SCO license was not required (for at least) properly licensed versions of BSD
    (whatever that means)


    IANAL, but it seems to me

    (A) SCO is not entirely clear on their own position

    (B) There must be some basis for promissory estoppel type defenses, even should
    a SCO license be required. This is not only on the GPL issue, but on the fact
    SCO previously asserted that other Linux versions were in the clear, I could
    have relied on that promise, and now they want to hit me anyway.


    Comments on this, or even a Groklaw article tracking this and SCO's rather
    strange behaviour about versions would be much appreicated.

    [ Reply to This | # ]

    • Seconded - Authored by: Anonymous on Thursday, February 19 2004 @ 12:18 PM EST
    Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam
    Authored by: Anonymous on Wednesday, February 18 2004 @ 11:57 PM EST
    Never let the truth get into the way of a good story.

    SCO has never had and will never have a case.

    [ Reply to This | # ]

    Licence Changes
    Authored by: hal9000 on Thursday, February 19 2004 @ 12:16 AM EST
    Hi PJ

    Could we start a topic on changes to some
    licences that were previously completely GPL.

    Such as XFree86 and Apache's new Licence.

    Is this a growing trend ?

    Has SCOG already performed it's service
    to Microsoft ??

    Just the facts jack, just the facts

    [ Reply to This | # ]

    Another discovery LIE
    Authored by: Anonymous on Thursday, February 19 2004 @ 12:23 AM EST
    From 9/26

    http://www.nwfusion.com/news/2003/0926scoinfri.html

    SC O has not sold the SCO Linux software in question since May 12, but the company continues to distribute it via the Internet to honor existing support contracts, said SCO spokesman Blake Stowell.

    Stowell disputed the idea that SCO could no longer distribute Linux. "We're the copyright holder for the core Unix operating system. If we want to charge someone a licensing fee for using our copyrighted software that's gone into Linux, then we have that prerogative," he said. "If we want to continue to distribute Linux to our existing customers, we can do that because we own the copyrights on that Unix software."


    So as of 9/26/2003, we have SCO distributing Linux via their web site, openly acknowledging they are, and justifying it.

    Let's have a look what they said in discovery about their past distribution, emphasis added

    http://www.groklaw.net/article.php?story=20040215015800694
    < BR>
    INTERROGATORY NO. 13

    For each line of code and other material identified in response to Interrogatory No. 12, please state whether (a) IBM has infringed plaintiffs rights, and for any rights IBM is alleged to have infringed, describe in detail how IBM is alleged to have infringed plaintiffs rights; and (b) whether plaintiff has ever distributed the code or other material or otherwise made it available to the public, as part of a Linux distribution or otherwise, and, if so, the circumstances under which it was distributed or otherwise made available, when it was distributed or made available, to whom it was distributed or made available, and the terms under which it was distributed or made available (such as under the GPL or any other license).

    SUPPLEMENTAL RESPONSE TO INTERROGATORY 13:

    SCO objects to this question on the basis that it is overly broad and unduly burdensome and seeks information neither relevant nor reasonably calculated to lead to the discovery of admissible evidence insofar as it requests the identity of source code and other material in Linux contributed to Linux by parties other than IBM or Sequent. Subject to and without waiving these objections, as it pertains to SCO's rights involving IBM's contributions, SCO incorporates it answers to its revised and supplemental answers to Interrogatory Nos. 1 through 6 and 9 above and the corresponding exhibits.

    Insofar as this interrogatory seeks information as to whether plaintiff has ever distributed the code in question or otherwise made it available to the public, SCO has never authorized, approved or knowingly released any part of the subject code that contains or may contain its confidential and proprietary information and/or trade secrets for inclusion in any Linux kernel or as part of any Linux distribution. However, as noted above in response to Interrogatory No. 6, the Protected Materials that IBM improperly contributed to Linux from AIX and Dynix/ptx are found in any product that contains the Linux 2.4 kernel or above. SCO sold or distributed the 2.4 kernel and above for a brief period of time in SCO Linux Server 4.0, Powered by UnitedLinux. The sale or distribution of this product was under the GPL without knowledge of the violations identified above. After gaining knowledge of the violations discussed above, SCO ceased distribution of the code in question. The particulars of when it was distributed and to whom can be found in the invoices in Bates range 1186853 to 1227921. For the narrowing of the appropriate invoices they have been attached as Tab 121.


    IBM are clearly aware that SCO is distributing Linux from their web site, so SCO's sworn statement that they were no longer distributing Linux at all (and mention only of the invoices, not web site logs etc.,) probably raised an eyebrow...

    IBM then asked SCO to clarify

    http://www.groklaw.net/article.php?story=20040210170358999

    IBM:

    Sixth, SCO also fails to identify all places or locations where the code at issue in this case may be found or accessed (such as on SCO websites), and all the specific SCO products --- UNIX, UnixWare, Linux, or otherwise --- in which the code at issue in this case was included, and when, to whom and under what terms such products were distributed or made available.

    SCO:

    Moreover, regarding IBM's specific comment that SCO must identify where on its website and in which SCO products the Protected Materials may be found or accessed, that has been done. As indicated in response to Interrogatory Nos. 3 and 13, the Protected Materials would be found in any other product that contains Linux 2.4 kernel or above and SCO distributed the Linux 2.4 kernel and above for a brief period of time in SCO Linux server 4.0. Moreover, we provided you with the invoices that laid the terms under which these materials were made available



    [ Reply to This | # ]

    Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam
    Authored by: ile on Thursday, February 19 2004 @ 03:06 AM EST
    In view of all this, there is a point I think we should be
    making more often, and that I'll illustrate with a recent
    story.

    A good friend of mine happens to own a small (as yet!) IT
    company. He actually knows next to nothing when it comes
    to programming, and relies on a couple of very good
    programmers, as he well should. Nice and dandy.

    Now, I had some mail from his and his wife's personal
    e-mail address that immediately led me to think that their
    machine at home had been turned into a spam-bot (Windows,
    of course - what else?). I warned them, and, even though
    they did not take my warning all that seriously at the
    beginning, later they realised, looking at the traffic
    through their modem, that I could be right. So they called
    on one of the company's programmers, who needed about an
    hour and a half to clean the machine up. They had
    doomjuice, of course, and plenty more...

    Now, the sad thing, of course, is that they required a
    full hour and a half of a good programmer's time, but that
    whenever I suggest that they give a spin to a Linux distro
    they point out that it will take time for them to try
    everything out and install and the like. Much as I try to
    point out that currently installations with Mandrake, say,
    are almost out of the box and would take about half an
    hour on their machine (on the outside), no way.

    This will change in time, I guess. Already at their
    company they are thinking of firewalling with a Linux box,
    instead of just relying of configuring the Windows
    machines (and these programmers know what they are doing,
    so they do know that you can close ports on a Windows box
    too), and of setting up a small cluster. No question that
    the cluster will use Linux...

    But even so, and this is really the point I would like to
    make, Windows diehards are using two kinds of arguments
    with me. The one I accept and understand is that some
    specific applications have got either no good substitute
    in the Linux/BSD (even OSX) world or no good porting over
    of data to the substitute.

    The one which is really getting to my nerves is that
    Linux/BSD take a disproportionate amount of time in admin
    tasks for a home user. It gets to my nerves because they
    never consider the amount of admin time (even expert admin
    time) they require for their windows box _even if one only
    considers admin time cleaning up for virus or installing
    antivirus software_.

    I guess I'll have to get myself a MandrakeMove CD to show
    them...

    ile

    [ Reply to This | # ]

    Way OT - Princes and Open Source
    Authored by: ile on Thursday, February 19 2004 @ 03:54 AM EST
    Funnily enough, the Prince of Asturias (the heir to the
    throne of Spain) has opened the Open Source World
    Conference in Málaga. I guess this goes to show that Free
    Libre Open Source is a communist led plot for world
    domination, the Spanish royal family is well known for
    their communist views...

    (BTW, I actually dislike mixing royalty and FLOSS - for
    one thing, I am a supporter of the Republic; and for
    another, royalty / royalties / proprietary systems...)

    Couple of links
    http://www.opensourceworldconference.com/index.php?&MMN_position=28:26
    http://www.elmundo.es/navegante/2004/02/18/softlibre/1077119437.html

    [ Reply to This | # ]

    • Viva Espana! - Authored by: Anonymous on Thursday, February 19 2004 @ 07:36 AM EST
    Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam
    Authored by: Alastair on Thursday, February 19 2004 @ 04:09 AM EST

    I was quite interested to note that someone has written another virus, called Doomhunter, that infects machines running MyDoom when it spots them scanning a machine it's infected, then removes MyDoom from the system. I don't know if there are any other effects, but I do wonder whether this type of thing isn't a better way to protect a network from viruses and malware than the usual antivirus approach. I mean, if a virus can scan for and automatically infect vulnerable machines, then so can a patch to stop the virus, right?

    It isn't the first time that someone has written an "anti-virus" either… there used to be a virus on the Atari ST that could protect the boot sector of a floppy disk from being infected, as well as spotting and removing boot sector viruses. Indeed, some antivirus software on that platform could actually install the anti-virus for you!

    The only downside of anti-virus viruses is that they sometimes have unintended effects; in the past, anti-virus bootsector and link viruses sometimes disrupted software (particularly computer games, which tended to use the disk boot sectors, at least on Atari and Amiga platforms). However, the current batch of viruses don't infect programs or disks—they infect machines—so it seems to me that this problem has largely disappeared as it's much less likely that a machine virus will disrupt its operation (provided it hasn't been written to do so), and it's much easier to remove other viruses without damaging any other software that may be installed.

    [ Reply to This | # ]

    Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam
    Authored by: Anonymous on Thursday, February 19 2004 @ 07:15 AM EST
    Will Darl apologize for leaping to ugly conclusions before all the facts were
    in? Will journalists and editorial writers and analysts take note and make
    corrections?


    I doubt it.

    [ Reply to This | # ]

    Linex et al.
    Authored by: ile on Thursday, February 19 2004 @ 08:16 AM EST
    Well, the regional government of Andalusia was handing out
    a distro of theirs, Guadalinex (word play with the arabic
    root uad, river, which you find in the most important
    rivers of the region).


    In my region (Basque Region) there is no official policy
    with regard to OS, other than some fluffy comments. And,
    after all, they _paid_ M$ to translate I do not remember
    which version of Windows to Basque, so I do not think they
    really intend to have a policy.

    And the Biscay IRS forces me to use Windows for my IRS
    returns. For the common tax territory there is a Linux
    version of the government sponsored program (explanation:
    the Basque autonomous region and the Navarre autonomous
    region have got a different tax system; in fact, each
    province in the Basque autonomous region has got a
    different tax system; therefore I do not pay any income
    tax at all to the central government not to the Basque
    government, only to the Biscay province government).

    BTW, Mandrake at the very least has the installer in
    Basque!! (Thanks, Saratxaga jauna!)

    Way to go, anyhow.

    [ Reply to This | # ]

    Huge Upsurge in Spam Reported-- MyDoom Using Zombies to Send Spam
    Authored by: Anonymous on Thursday, February 19 2004 @ 10:15 AM EST
    "chairman of Mi2g"

    Ignore this source. They're a press-release driven company that don't really
    supply much to the body of works besides recycling warm, fetid air.

    http://vmyths.com/resource.cfm?id=64&page=1

    Draconis

    [ Reply to This | # ]

    OT-Irate Mom Goes After RIAA
    Authored by: pogson on Thursday, February 19 2004 @ 10:59 AM EST
    Article in the Register describes trying to use RICO to go after the RIAA for its tactics. There are some similarities to SCO in that both SCO and RIAA may have some legitimate grievance, but their tactics are unethical at least IMHO.

    ---
    Happiness=RAID1 with multiple 120gB drives

    [ Reply to This | # ]

    News Report
    Authored by: Anonymous on Thursday, February 19 2004 @ 01:40 PM EST
    Pittsburgh Post Gazette makes the point that maybe the virus was created aiming at SCO and MS so that linux developers would be less willing to fix the problem.

    [ Reply to This | # ]

    Arrrrggg...zombified again...
    Authored by: rand on Thursday, February 19 2004 @ 03:13 PM EST
    Don'cha just hate it when the news hits a little too close to home?

    I just got an email from Yahoo.com. It seems that a few of the dozen or so
    p*-enlargement emails I sent from my home account about 20 minutes ago were
    undeliverable.

    That means that when Daddy gets home he's going to be spending the evening
    de-lousing the family computer (again) and throwing stuff around and cussin' and
    stuff. Heaven help the rugrat who was sitting at that keyboard at around
    13:59:56 this afternoon (hint: that narrows it down considerably).

    ---
    carpe ductum -- "Grab the tape" (IANAL and so forth and so on)

    [ Reply to This | # ]

    Groklaw © Copyright 2003-2013 Pamela Jones.
    All trademarks and copyrights on this page are owned by their respective owners.
    Comments are owned by the individual posters.

    PJ's articles are licensed under a Creative Commons License. ( Details )