decoration decoration
Stories

GROKLAW
When you want to know more...
decoration
For layout only
Home
Archives
Site Map
Search
About Groklaw
Awards
Legal Research
Timelines
ApplevSamsung
ApplevSamsung p.2
ArchiveExplorer
Autozone
Bilski
Cases
Cast: Lawyers
Comes v. MS
Contracts/Documents
Courts
DRM
Gordon v MS
GPL
Grokdoc
HTML How To
IPI v RH
IV v. Google
Legal Docs
Lodsys
MS Litigations
MSvB&N
News Picks
Novell v. MS
Novell-MS Deal
ODF/OOXML
OOXML Appeals
OraclevGoogle
Patents
ProjectMonterey
Psystar
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v IBM
SCO v Novell
SCO:Soup2Nuts
SCOsource
Sean Daly
Software Patents
Switch to Linux
Transcripts
Unix Books
Your contributions keep Groklaw going.
To donate to Groklaw 2.0:

Groklaw Gear

Click here to send an email to the editor of this weblog.


To read comments to this article, go here
SCO Says Worm Hasn't Hit Yet; ISPs Are Blocking Them...Right. That's the Ticket.
Sunday, February 01 2004 @ 02:02 AM EST

The latest from Lindon is that Blake Stowell said on Saturday that MyDoom hadn't hit them yet. The reason they were not reachable was because ISPs have been blocking them.

Huh? What about all those interviews? They told the world for days and the SEC in an official filing that MyDoom had hit them already. Somebody must have finally told SCO that MyDoom was timed for today.

Woops.

So now the story is that it's ISPs that are blocking their site, and of course no one in the media remembers what Darl and Co. said just a day or two ago, so of course there are no followup questions. They just print whatever SCO tells them:

"US software maker SCO, target of the Mydoom computer virus, said Internet access providers had hobbled its website, fearing infection by what may be the fastest-growing worm ever.

"'There are Internet service providers around the world who are blocking access to SCO,' company spokesman Blake Stowell said, adding it was because they believe they can limit exposure to the virus that way. However, he said, Mydoom.A was not due to attack until Sunday, at precisely 1609 GMT.

"Until then, 'the bandwidth levels for accessing our website are at a normal level,' Stowell said."

Um...what about those CNN interviews, Darl? Didn't you announce to the world you were under attack already? Puh-lease.

I don't like to kick anyone when they are down, and I'm truly sorry they are having troubles, but they gleefuly spread this ethically-challenged PR all over the world, and they did say they were already under attack. They even filed it in an *SEC filing*. The Linux community was smeared. That must not be forgotten.

Just to review, here is what McBride told CNN:

"MCBRIDE: We came out, we found that key parts of our code -- we owned the Unix operating system -- was showing up in this new upstart program called Linux. These new programmers working with IBM. We found that things were violated against our copyrights.

And so we filed a $3 billion lawsuit against IBM. We've been working through a judicial system here. But now you have people going outside the system, trying to attack us, to try and shut us down before we have a court verdict.

O'BRIEN: Well, I guess you're right, in the sense that this wild west analogy, carrying that on, it's a frontier with no jurisdictional borders, right? Whatever laws apply, wherever you happen to be standing are what might apply. Nevertheless it might not apply where you are being affected.

MCBRIDE: I think that's exactly the case. With the new Linux system, it's very interesting, because it's very open, anybody around the world can participate, anybody can use it.

But what happens when you have a problem inside the system? Because there are no boundaries and no control systems, the mechanism's built into Linux. Then you have this type of behavior when you have a problem actually pop up.

O'BRIEN: Is Linux particularly susceptible?

MCBRIDE: Well, we believe -- we have had four attacks on our company over the last year. At least one was claimed -- the Linux community claimed responsibility for the attack. We believe that there is a problem with Linux in terms of the code we see showing up inside of there. We don't know for sure if this attack is coming from Linux, but we have very strong suspicions that is the case."

Here's what they said in the SEC filing, their 10K, filed on January 28:

"We have also experienced several denial-of-service attacks on our website, which have prevented web users from accessing our website and doing business with us for a period of time. Additionally, we have recently experienced a distributed denial-of-service attack as a result of the "Mydoom" worm virus. It is reported that the effects of this virus will continue into February 2004. If such attacks continue or if our customers and strategic partners are also subjected to similar attacks, our business and results of operations could be materially harmed."[emphasis added]

They are remarkable prophets. Or time travelers.

Take a look for yourself at Netcraft's charts and see if they match the story.

What can we all take away from this experience? I have some suggestions for your consideration in the media. Maybe the media should listen more carefully to Bruce Perens when he speaks. He said it was likely spammers from day one. While no one can know for sure until someone is caught, it does look like he was right. Now, others finally agree with him. (Cf. here and here.) Here's Bob Mims from the Salt Lake Tribune yesterday:

"SCO's Web site has been crashed repeatedly in the past year as it has accelerated its claims on the freely distributed Linux operating system, and the company had previously suggested past DoS attacks were the work of pro-Linux, 'open source' extremists.

"With the origin point seeming to be confirmed as Russian, experts speculated the virus may have been the work of spammers, or -- noting the worm's accessing of PC users private information through back-door ports also may indicate an organized crime involvement."

ABC has this:

"'These are people who want to spread spam and make money,' Mr Albrecht said. . . .Some experts have warned that the attacks against Microsoft and SCO could be a diversion aimed at hiding another goal: relaying spam through the infected machines. Mydoom causes no apparent damage to computers. However, it leaves behind a program that could allow hackers or others to control the infected PCs for malicious purposes: stealing passwords, files or sensitive information through so-called "keyloggers", software that tracks and logs keystrokes.

"Mi2g warned: 'Mydoom leaves several ports open, which are being actively sought by attackers to install their Hacker Activated Code, including keyloggers and complex Trojan horse software to steal usernames, passwords, identities, bank account details and credit card numbers.'"

So... what do you say, guys? If you don't want to pay more attention to Perens, could you at least not spread SCO's "suggestions" and "suspicions" as if they were gospel? Why didn't you at least include Perens' statement along with Darl's? And why not attribute it to Darl, when it's Darl speaking, so the rest of us know it's just him again, instead of reporting that Linux enthusiasts "were thought to be responsible" as so many of you did? As far as that goes, did you call any ISPs to find out if they are blocking SCO? Remember, it's supposed to be all the news that's *fit* to print. Here is a typical example of an article implying that Linux enthusiasts were responsible. The Linux community was smeared around the world and there was needless damage done. Just make a note, will you? If SCO tells you something, verify, verify, verify. At least put it in quotation marks, so we are warned.

I know most Groklaw readers don't use Windows computers on the internet, so we're not contributing to any SCO problems, but if any visitors are using Windows, instructions on how to remove the MyDoom virus are on the Salt Lake Tribune page, where they direct you to Symantec and McAfee. You'd be doing yourself and the rest of us a favor if you make sure you clean up your computer, if necessary. Spammers grab and use your Windows boxes because they can so easily. Linux and Mac users weren't endangered by MyDoom, but our inboxes would thank you Windows users if you'd fix your problems. If I had to use a Windows box, I know for sure I'd not use my computer on the internet today anyway. Why run the risk of doing damage to someone?

You can solve your virus problems permanently by switching to Linux, where they are rare indeed, mostly proof of concept things. I've never experienced one. Did you know you can set up GNU/Linux so that you have a /home partition? That way if you do have a problem, you can fix it without losing everything you have on your computer. Or, if you do want to reinstall from scratch, and the problem isn't in your home partition, you can save all your documents and email and all your personal stuff in the /home partition and reinstall the rest. It's very flexible and handy. Did you know you can look to see what is "hiding" on your computer in GNU/Linux? Wouldn't that be nice right along about now, you Windows users?

Come on in. The water's fine. If you can't leap that far yet, think about a Mac. The FBI uses them, I hear, because they are secure out of the box. Why not you? Had you made the leap a week ago, you wouldn't now be worrying if there is a keylogger on your computer from MyDoom belonging to Russian mobsters who would like to have your credit card numbers.

Of course, Mr. Gates is of a different opinion:

"As the latest mass-mailing worm spread across the Internet on Monday, infecting many tens of thousands of Windows PCs with a program designed to attack the servers of Unix vendor SCO Group on 1 February, Gates stressed the importance of security to his company's products, but said that competing vendors -- such as SCO -- were courting danger by sitting back.

"'A high volume system like [Windows] that has been thoroughly tested will be by far the most secure,' Gates told the audience at the Developing Software for the future Microsoft Platform conference at London's Queen Elizabeth II Conference Centre. 'To say a system is secure because no one is attacking it is very dangerous,' said Gates, referring to operating systems that have a smaller share of the desktop market, such as Apple Mac OS and Linux."

Did he just say that SCO could avoid all their troubles if they would secure their systems instead of sitting back? Why, yes. Yes, he did.


  View Printable Version


Groklaw © Copyright 2003-2013 Pamela Jones.
All trademarks and copyrights on this page are owned by their respective owners.
Comments are owned by the individual posters.

PJ's articles are licensed under a Creative Commons License. ( Details )