On Tuesday 27 Jan 2004 1:41 pm, JoeHill wrote: > On Tue, 27 Jan 2004 10:37:57 +0100 > > Frans Ketelaars disseminated the following: > > > A new virus, as of today. Rated High-Outbreak by Mcafee: > > > http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k > > >=100 983 > > > > > > (Only affects Windows, of course.) > > I noticed this: > > > > <quote> > > Denial of Service Payload > > On the first system startup on February 1st or later, the worm > > changes its behavior from mass mailing to initiating a denial of > > service attack against the sco.com domain. This denial of service > > attack will stop on the first system startup of February 12th or > > later, and thereafter the worm's only behavior is to continue > > listening on TCP port 3127. </quote> > > > > That's _not_ the right way to fight SCO IMHO. > > Agreed. It just contributes to the image which SCO is trying to paint > of the Linux community, a bunch of 'hackers' (which of course, many > are, but they don't get the diff between 'hacker' and 'cracker', CNN > be praised). > > Fighting SCO, and MS for that matter, is done most effectively by > getting the truth out there.
The SCO attack is badly done. Giving them several days warning allowed SCO to patch their servers to reject the DOS. The HTTP request is smaller than a browser would create, allowing it to be recognised. At least one researcher was unable to get the virus to launch the DOS at all (he only saw a DNS request for www.sco.com) All they have to do to avoid it totally is to change their DNS to www.scox.com for a fortnight. The virus has other damaging payload, which does not stop on February 12. This includes a keylogger and installing software. (eg, credit card and password capture, and installing spam senders.) Groklaw is divided on the issue, but it is far from clear that this is an attack by the Linux community. The more paranoid suspect SCO of creating it. It really is not going to do them much harm, and the PR is probably a bonus. This will probably give them ample excuse to default in the 6th February hearing, and they have been consistently stalling for time; Groklaw is unanimous that they are facing a defeat real soon now. The informed Linux community would agree that giving SCO any excuse just helps them. My take is that some spammer wanted to hide the real payload, and decided the SCO battle was the ideal camouflage. -- Richard Urwin
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
