[ Date Index ][
Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
I'm not sure how to view this one. OK, it talks about SCO so it is Linux related, it talks about Windows so it's off topic (there is no threat to DOS, Linux, Macintosh, OS/2, UNIX or Windows 3.x - although Linux mail servers will take the burden of filtering the extra junk.) The attack concerns me because it paints SCO as a victim and potentially harms the picture of the Linux community in the SCO shenanigans. However, call me cynical, but when SCO has been paying good money to make Linux users look like system crackers and cyber-terrorists (http://www.technewsworld.com/perl/story/31899.html), could it even by a classic conspiracy theory? - SCO creating / sponsoring a (later to be discovered as) painless/empty attack on themselves as a bit of classic PR? (OK, after reading reports from Symantec and El Reg, I'd discount the conspiracy - this doesn't look like an empty threat.) (The technewsworld article is fair comment, I chose it because SCO choose to link to it in the hope that the Linux Zealots <-> terrorists mud will stick. Neil S and I (probably Kai and others too) can certainly be described as GNU/Linux (Debian) priests from the article and we have several 'pros' as defined in the same article as well as a spectrum of people in between. I don't know any Linux Zealots, as defined.) The topic itself concerns a Windows worm that is said (by Symantec http://www.symantec.com/avcenter/venc/data/w32.novarg.a@xxxxxxx ) to be planning a dDOS attack on www.sco.com and SCO themselves do seem to be alarmed: http://www.sco.com/ Protect Your Computer System From Mydoom Virus Network Associates provides free stand-alone ultility to detect and remove Mydoom virus. SCO Offers Reward For Arrest And Conviction Of Mydoom Virus Author The SCO Group, Inc. is offering a reward of up to a total of $250,000 for information leading to the arrest and conviction of the individual or individuals responsible for creating the Mydoom virus. I noticed it because I've already noticed several copies in incoming email - some of which were caught by SpamAssassin. I didn't do any more with it until I received an email from my webhost identifying the worm. How credible is SCO's response? Does this damage the image of the Linux community / strengthen the SCO case? Or will this simply be seen as a one-off malingerer shooting his/her mouth off? It's a normal junk text spam email that tries to evade filters but comes with a binary attachment, in my case each was called doc.zip (sufficient reason for concern already!). So I saved the attachment under Linux, did a little investigating, found it to be a genuine .zip archive and inspected the contents as plain text (doc.pif) in KWrite. Standard Windows 32-bit executable format posing as .pif instead of .exe but would have been executed as .exe by windows. From my webhost message: One final piece of advice. If you receive any emails from, or to, an unknown person with an attachment, it is probably safest to delete the email. probably? delete first, ask questions later I'd say! BTW: Just noticed this too: MyDoom variant attacks Microsoft.com http://www.theregister.co.uk/content/56/35189.html http://www.theregister.co.uk/content/56/35159.html SCO also advises anyone who notices strange executable files, possibly in their /usr/bin directory and messages bearing the text /Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA to contact SCO directly. For a fee of $1,399 per CPU, infected users can be hosed down and sent on their way. ® Yeah, right. Nice touch, register. -- Neil Williams ============= http://www.codehelp.co.uk/ http://www.dclug.org.uk/ http://www.isbn.org.uk/ http://sourceforge.net/projects/isbnsearch/ http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3
Attachment:
pgp00112.pgp
Description: signature