[ Date Index ][
Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
On Wednesday 28 Jan 2004 10:51 pm, Neil Williams wrote:
I'm not sure how to view this one. OK, it talks about SCO so it is Linux related, it talks about Windows so it's off topic (there is no threat to DOS, Linux, Macintosh, OS/2, UNIX or Windows 3.x - although Linux mail servers will take the burden of filtering the extra junk.) The attack concerns me because it paints SCO as a victim and potentially harms the picture of the Linux community in the SCO shenanigans. However, call me cynical, but when SCO has been paying good money to make Linux users look like system crackers and cyber-terrorists (http://www.technewsworld.com/perl/story/31899.html), could it even by a classic conspiracy theory? - SCO creating / sponsoring a (later to be discovered as) painless/empty attack on themselves as a bit of classic PR? (OK, after reading reports from Symantec and El Reg, I'd discount the conspiracy - this doesn't look like an empty threat.)
While there are the usual people crying "conspiracy" (as per usual when anything SCO-related happens), I have to wonder whether this time they might be right. This all looks a little too convenient for SCO. Firstly, the virus attacks SCO's website and the -B variant attacks Microsoft.com as well. Just the kind of thing these Linux-using-terrorists would do. Then, according to an analysis I read, the virus does not spread to any e-mail address containing certain strings, including "linux", "unix" and "root". Oh come on. Anyone writing a virus clearly wants to cause maximum disruption; why would they care who gets affected? If it had indeed been written by a Linux-using-terrorist, they would realise that there's no point excluding *nix related addresses because they are naturally not likely to be running Windows at the other end... Or maybe the conspiracy theorists have got to me, and I'm just talking rubbish ;-)
I noticed it because I've already noticed several copies in incoming email - some of which were caught by SpamAssassin. I didn't do any more with it until I received an email from my webhost identifying the worm.
I noticed it spreading using my e-mail address as the from address and spoofing the first received entry to look like it came from my domain on the day the virus first appeared in the wild. Nice. It is already the fastest spreading virus ever according to El Reg. I suspect spammers are to blame for this; one infected machine = a hard disk containing several million e-mail addresses to spread to.
From my webhost message: One final piece of advice. If you receive any emails from, or to, an unknown person with an attachment, it is probably safest to delete the email. probably? delete first, ask questions later I'd say!
Anyone who opens an attachment without knowing exactly what it is deserves everything they get. David. -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.