Forgot your password?
typodupeerror
Caldera Security The Almighty Buck

SCO Offers $250K Bounty for MyDoom Author's Arrest 783

Posted by timothy
from the make-it-snappy-now dept.
Performer Guy writes "This SCO press release indicates that they are offering a $250,000 reward for information leading to the arrest & conviction of the MyDoom DDoS worm authors. Let's hope they catch them. Not merely because MyDoom is one of the most mindless attacks on our internet infrastructure in memory, but also when they pay up it'll be less cash for SCO's litigation engine." Thanks to Tin Foil Hat and prostoalex for pointing out links at ComputerWorld and CNET, too. Related to this: stealth.c writes "Bruce Perens has written a letter to the Open Source community, discouraging us from cheering on the MyDOOM virus, as it would falsely implicate the FOSS communities and almost certainly cause the success of the virus writer's mission of discrediting these movements. This letter is also posted on NewsForge and on Groklaw." Unfortunately, with columns like this one blaming the worm on "some ticked-off Linux fan", it needs to be said.
This discussion has been archived. No new comments can be posted.

SCO Offers $250K Bounty for MyDoom Author's Arrest

Comments Filter:
  • Hey, d00d! (Score:5, Funny)

    by ScottSpeaks! (707844) * on Tuesday January 27, 2004 @09:23PM (#8107391) Homepage Journal
    If you're out there, e-mail me. Let me turn you in, and I'll give you .50%!
  • Copyright. (Score:5, Funny)

    by DarkHelmet (120004) * <[mark] [at] [seventhcycle.net]> on Tuesday January 27, 2004 @09:23PM (#8107394) Homepage
    Of course it has nothing to do with DDOS..

    It's that SCO thinks that MyDoom's source code is owned by them. :)

    • by Anonymous Coward on Tuesday January 27, 2004 @09:25PM (#8107422)
      They must be confusing it with DRDOS
    • by tilrman (234948) on Tuesday January 27, 2004 @09:38PM (#8107616) Homepage

      Obviously, SCO wrote MyDoom. Part of the payload is several lines of unix code copyrighted by SCO. Notice how the worm is reporting back to SCO? That's not a DDOS; that's the worm reporting the IP addresses of everybody who now owes SCO $699 for copyright infrigement.

      • Re:Copyright. (Score:3, Interesting)

        by benna (614220)
        OK listen. I hate SCO as much as any of you. This is a clear pump and dump. However, I am getting sick of people saying SCO or someone wanting to discredit the open source community wrote this worm. I can think of ALOT of linux supporters that would have done this in a second if they had thought of it. The chances are, it was a linux supporter. I'm not saying whether I support the people that did this or not. I'm really not sure but I am also getting tired of this "holier than thou" attitude of peopl
        • Re:Copyright. (Score:3, Interesting)

          As much as some would like to think that this is the work of one of our own. The fact of the matter is that ANYONE with a keyboard could have done this. And following through on this logic I would not discount even SCO. I would not put it past Darl to try a stunt like this. He is "smokin' crack" and has "nothing to lose" after all.
  • by spun (1352) <loverevolutionary@@@yahoo...com> on Tuesday January 27, 2004 @09:24PM (#8107412) Journal
    Come on, Darl, you HIRED someone to write it, didn't you? An open source Reichstag fire, right?
  • cash money (Score:5, Funny)

    by CGP314 (672613) <CGP@ColinGregory ... t ['Pal' in gap]> on Tuesday January 27, 2004 @09:25PM (#8107416) Homepage
    $250,000!

    How did they get that kind of money?

    Oh right...

    $699 at a time : (

    --
    In London? Need a Physics Tutor? [colingregorypalmer.net]

    American Weblog in London [colingregorypalmer.net]
  • Fine Print: (Score:5, Funny)

    by Anonymous Coward on Tuesday January 27, 2004 @09:25PM (#8107418)
    "Due to low cash flow at SCO, the reward will be paid upon successful judgements in the lawsuits against IBM, Redhat, Novell, et. al."
    • Re:Fine Print: (Score:5, Interesting)

      by QuasiCoLtd (727325) on Tuesday January 27, 2004 @10:14PM (#8108003)
      Believe it or not this may not be far from the truth. If you noticed, the letter said Upon arrest and conviction . By the time the culprit moves through our wonderful justice system the IBM lawsuit will be over, and SCO will be gone.

      All this is is a nice PR move by SCO so they look like heros trying to stamp out malicious hackers.
  • Well with all the DDOS and extra bandwidth from bounced mail today has been a bitch. Spam filters have been running overtime and the internet has slowed down. Now as much as I don't like SCO over their action this is just to extereme

    Most people live in a democracy so why not try ot use tha tinstead of random acts of cyber violence?

    Rus
    • by Entropius (188861)
      Most people do live in one. Unfortunately, SCO is not under the jurisdiction of one--last I checked, they were based in the USA.
  • The plan (Score:5, Interesting)

    by eyegone (644831) on Tuesday January 27, 2004 @09:25PM (#8107429)

    Someone needs to do the following:

    1. Turn the culprit in.
    2. Collect SCO's reward.
    3. Give the money to the OSDL SCO defense fund.
  • While the author's actions are not indicative of the actions of the open source community, it is an easy bet that he/she/them is in support of dethroning SCO and a clear fanatic of everything Slashdot stands for. Unless this is a false DDOS, implicated by SCO, but that's a bit paranoid, IMHO.

  • ...payable in worthless Linux IP licenses.
  • by ymgve (457563) on Tuesday January 27, 2004 @09:26PM (#8107441) Homepage
    ...350 licenses to Linux.
  • by Bruce Perens (3872) * <bruce@perens.com> on Tuesday January 27, 2004 @09:27PM (#8107453) Homepage Journal
    Re-printed here to save my server some load :-) - Bruce

    Message to the Linux and Free Software Community Regarding the SCO Denial-of-Service Virus

    Bruce Perens <bruce@perens.com> (U.S.) 510-526-1165
    Version 2, January 27, 2004.

    The master version of this notice is at http://perens.com/Articles/SCO/DOS/ [perens.com]
    Please check that location for a more recent version. You may re-publish this material. You may excerpt it, reformat it and translate it as necessary for your presentation. You may not edit it to deliberately misrepresent my opinion.

    On January 26, 2004, a new virus became rampant. I have read reports that the virus payload has two purposes: to install a remote-execution back-end of a type commonly used by spammers to redistribute email, and to perform a denial-of-service attack on SCO's web site.

    Denial-of-service attacks via virus have been a common trick of email spammers. They were first used to take out some of the anti-spam blacklist sites. Several of those sites had their (non-spam-related) business so heavily disrupted that they closed the doors of their anti-spam projects rather than be attacked again.

    The Open Source developers are a target of spammers. We are the creators of most high-profile anti-spam technology. For example, SpamAssassin started out as, and remains today, an Open Source project. The predominant mail delivery programs of the Internet are Open Source projects such as Sendmail and Postfix, and thus most efforts to spam-proof those programs are Open Source as well. This is important, because it gives spammers a reason to defame us.

    SCO also has a reason to defame us, as part of their stock-kiting scheme. We have assembled ample evidence that they have lied under oath in court. Such a company would not balk at attacking their own site in order to paint their opponents in a bad light.

    Thus, it is likely that this virus has been assembled for the purpose of defaming the Linux developers by spammers, SCO, or others. Your behavior will influence whether or not it succeeds in this mission.

    Thus, I urge all persons who have sympathy for Free Software, Open Source, and Linux:

    • Do not cheer on attacks on the SCO site. By doing so, you falsely implicate our community in the attacks, in the eyes of outsiders who read your words. Our community believes in freedom of speech, not silencing our opponent's speech through net attacks. We will defeat SCO using the truth, not by gagging them.
    • Publicly deplore the attacks as an attempt to defame us, and not an effort of our community. Show others this notice.
    • Continue to fight SCO, using all legal means at your disposal. Show others the analysis of SCO's ongoing fraud at Groklaw.net [groklaw.net] and elsewhere, and explain to them your own experience as a participant in the Free Software community.
    • Continue the visible presence of Free Software as a force for good in the world by producing excellent original software for everyone's free use and deploying it wherever possible. Promote these projects to the press and public as you carry them out. Do what you can for other public-good projects such as schools and non-profit organizations. FreeGeek.org [freegeek.org] is an excellent example of how to carry this out.
    • Show others by example that our side always takes the high road. When they see a low-road sort of action like denial-of-service, spam, or stock fraud, they'll know who to blame.

    Remember that your actions count. You are ambassadors of our community.

    Many Thanks


    Bruce Perens

    • by dmaxwell (43234) on Tuesday January 27, 2004 @09:31PM (#8107528)
      Please check that location for a more recent version. You may re-publish this material. You may excerpt it, reformat it and translate it as necessary for your presentation. You may not edit it to deliberately misrepresent my opinion.

      Now I wonder why you put that in there?
    • I call BS (Score:4, Insightful)

      by Anonymous Coward on Tuesday January 27, 2004 @09:59PM (#8107836)
      Bullshit. It's possible, but unlikely that someone pulled this stunt to defame the community. It's likely that this shit was pulled by some dickhead who thought it would be cool - you know, the kind of dickhead who has been cheering this virus on Slashdot?

      This "open letter" is nothing but transparent propaganda - trying to paint the Open Source world as perfect, free of idiots, fighting against all the evil forces in the world. Newsflash - there are idiots everywhere. Deal with it, and keep the bullshit to a minimum.
    • by kevcol (3467) on Tuesday January 27, 2004 @10:04PM (#8107904) Homepage
      Re-printed here to save my server some load :-) - Bruce

      Umm.. yeah, right pal- like we can't figure out when someone is worried his karma is going downhill!
    • Very well said.

      Something thing I'd add: think twice, speak once. /. is a public forum.

      You might think cracking a "hooray for MyDoom! SCO sucks!" comment in /. is funny, but (lazy) journalists and SCO will pick it up and use it against the OSS community.

      As indicated in the original post, http://www.eweek.com/article2/0,4149,1463923,00.a s p quotes an AC: "Quick, disable your AV software, and get some Windows boxes on the internet!"

      Pretty sloppy journalism, quoting an anonymous source with no support, but
  • come on... (Score:3, Informative)

    by Frizzle Fry (149026) on Tuesday January 27, 2004 @09:28PM (#8107469) Homepage
    it would falsely implicate the FOSS communities and almost certainly cause the success of the virus writer's mission of discrediting these movements

    Give me a break. I agree that it is unfair for your whole "movement" to look bad based on the actions of one misguided individual. But this position that this virus is a conspiracy to make linux look bad is ridiculous. You really find it easier to believe that this is a plot to bring down linux than that some high school kid who doesn't like sco did something stupid, as high school kids tend to do? I think some people are trying to hard to make their lives and "movement" seem more exciting by adding some drama and intrigue.
    • Re:come on... (Score:3, Interesting)

      by spun (1352)
      Here's my line of reasoning. A lot of malicious software is now being written by people with a financial interest, like spammers. Assume someone at SCO might know someone like this. Assume these unscrupulous spammers were going to write this software anyway. Perhaps a big wad of cash showed up at someone's door, along with a promise of much more if the software also included a DDOS of www.sco.com.

      Naw, it's much more likely that some deranged Linux zealot with far more programming skills than common sen
  • By the time you collect the money, SCO will already be bankrupt. Either that, or they'll apply it to all the $699 licenses you "owe" them.

  • SCO takes another page from the Microsoft book of institutional intimidation and scalp hunting.

    Besides, who the heck goes to the SCO site anyway? SCO already has taken all the good code off their web pages, so why bother? If the security analysts hadn't noticed the code that would DDOS SCO's site, nobody would have noticed its' unavailability.

  • by herrvinny (698679) on Tuesday January 27, 2004 @09:30PM (#8107499)
    OT, but I just submitted the story below. Since this is an SCO thread, and -Taco probably isn't going to post 2 SCO stories in a row, here it is:

    Thank you to all /. readers! The SCO "litigious bastards [sco.com]" linking campaign has succeeded! SCO is now the first link on a Google search for litigious bastards [google.com]. (If you try a "I'm Feeling Lucky" search, it'll still go to SCO, but it looks like the SCO site is down.)

    Congratulations, everybody!

    On a side note, simply searching for "bastards" brings up SCO). [google.com] If Google happens to notice and block it (as in the past), a screenshot is here. [herrvinny.com] Please be kind to my server :-(, and mirror!
  • The Press Release (Score:5, Informative)

    by Anonymous Coward on Tuesday January 27, 2004 @09:31PM (#8107521)
    Posting AC to avoid Karma whoring. SCO.com is already sort of down since morning anyway.


    SCO Offers Reward for Arrest and Conviction of Mydoom Virus Author

    LINDON, Utah, Jan 27, 2004 /PRNewswire-FirstCall via COMTEX/ -- The SCO Group, Inc. (Nasdaq: SCOX), the owner of the UNIX(R) operating system and a leading provider of UNIX-based solutions, today confirmed that it is experiencing a distributed Denial-of-Service (DDOS) attack. SCO announced that it is offering a reward of up to a total of $250,000 for information leading to the arrest and conviction of the individual or individuals responsible for creating the Mydoom virus.

    (Logo: http://www.newscom.com/cgi-bin/prnh/19990421/SCOLO GO )

    "During the past ten months SCO has been the target of several DDOS attacks," said Darl McBride, president and CEO, The SCO Group, Inc. "This one is different and much more troubling, since it harms not just our company, but also damages the systems and productivity of a large number of other companies and organizations around the world. The perpetrator of this virus is attacking SCO, but hurting many others at the same time. We do not know the origins or reasons for this attack, although we have our suspicions. This is criminal activity and it must be stopped. To this end, SCO is offering a total of $250,000 reward for information leading to the arrest and conviction of those responsible for this crime."

    SCO is also working with U.S. law enforcement authorities including the U.S. Secret Service and Federal Bureau of Investigation (FBI) to determine the identity of the individual(s) involved. Anyone with this information may contact their local FBI office.

    The Mydoom worm, also known as Novarg, is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip. When a user opens the attachment their computer becomes infected and uses their computer with the intention of connecting to the www.sco.com Web site on February 1, 2004. Network security firms including Network Associates and Symantec have already issued software updates to combat this particular worm.

    About The SCO Group

    The SCO Group, Inc. (Nasdaq: SCOX) helps millions of customers in more than 82 countries to grow their businesses with UNIX business solutions. Headquartered in Lindon, Utah, SCO has a worldwide network of more than 11,000 resellers and 4,000 developers. SCO Global Services provides reliable localized support and services to all partners and customers. For more information on SCO products and services visit http://www.sco.com .

    SCO and the associated SCO logo are trademarks or registered trademarks of The SCO Group, Inc., in the U.S. and other countries. UNIX is a registered trademark of The Open Group in the United States and other countries. All other brand or product names are or may be trademarks of, and are used to identify products or services of, their respective owners.

    SOURCE SCO Group

    Blake Stowell of The SCO Group, +1-801-932-5703, bstowell@sco.com; or Payal Patel, or Avi Dines, both of Schwartz Communications, +1-781-684-0770, sco@schwartz-pr.com, for The SCO Group /Photo: NewsCom: http://www.newscom.com/cgi-bin/prnh/19990421/SCOLO GO AP Archive: http://photoarchive.ap.org PRN Photo Desk, photodesk@prnewswire.com http://www.sco.com

    Copyright (C) 2004 PR Newswire. All rights reserved.

    News Provided by COMTEX

  • by AEton (654737) on Tuesday January 27, 2004 @09:33PM (#8107541)

    Robyn Peterson [eweek.com], robyn_peterson@ziffdavis.com, is probably pretty safe to ignore at this point.

    From eWeek's (heh) "Online Jubilation About MyDoom's SCO Attack" [eweek.com] article:

    Reactions on Slashdot, arguably the largest discussion board for technophiles, displayed a cathartic wave of pleasure, "Finally a worthwhile virus!" exclaims one poster. While another adds, "So, uh where can I download a copy?" (Robyn here included links to relevant /. comments)

    While the person who gets paid to write this for a living (wtf?) ignores that the majority of the +4/5 comments that aren't rated "Funny" are

    1) Reminding people that DDoSing is always stupid and silly
    2) Anticipating this kind of silly article
    and 3) yelling at people who post unsupported theories about SCO.

    But hold on, Robyn has more to say:

    Another Slashdot poster goes as far as saying, "SCO has used past denial of service attacks as 'the dog ate my homework' type of excuses in court." It went on to suggest that "SCO's next court date is in early February, maybe they haven't done all their homework this time," implying that SCO itself released the worm. (Robyn will report next month on the inability of SCO to find evidence because IBM is being a big meanie.)

    I know it's an advertising publication, but some people read eWeek and expect some of the things in it to be true. Rather than mention the tangible allegations against SCO with regards to insider trading, lying to stockholders, and inconsistent policies, Robyn reports what he's paid to. And that's fine - a half-truth is not quite libel - but it's kind of disturbing to read.

    Bad Robyn Peterson, robyn_peterson@ziffdavis.com. Bad.

    • by Fnkmaster (89084) * on Tuesday January 27, 2004 @10:00PM (#8107848)
      Apparently she didn't understand the "Funny" mod. Almost all of those "jubilant" posts were obvious jokes. I think the majority of Slashdotters probably agree more-or-less with Perens, and certainly quite a few posts pretty much stated as much.


      Sure, most of us aren't going to cry for SCO when they get DOSed, given that they have repeatedly threatened many of our livelihoods with lawsuits against our employers, and attempts to destroy the community we've built and undermine the legitimacy of the licenses we choose as individuals to use for our software. But most of us realize that the damage these DOS attacks do to the infrastructure and reliability of the Internet is more potentially damaging to our careers and livelihood in the long term than any childish glee you could get from watching a crappy company's website go down.


      And I think it's pretty obvious that the SCO DDOS is probably just a cover for using compromised hosts as spam zombies.

    • by Pac (9516) <paulo...candido@@@gmail...com> on Tuesday January 27, 2004 @10:03PM (#8107895)
      I know it's an advertising publication, but some people read eWeek and expect some of the things in it to be true

      I wonder who exactly are those people who expect some of it to be true. I have some nice bridges in various American cities for sale and we are also handling the pre-sale of some real state in the Moon and in Mars for Nasa. So if you know anyone who believes in articles whose main source of information are Slashdot comments, please ask them to give me a call.
  • by Powercntrl (458442) on Tuesday January 27, 2004 @09:33PM (#8107544)
    SCO brought it on themselves, they behaved immature and childish and now they're getting an immature and childish retaliation. Someone needs to take both SCO and the virus author out of the playground and give them a good spanking.
  • by Bagheera (71311) on Tuesday January 27, 2004 @09:35PM (#8107578) Homepage Journal
    When this first cropped up a number of people pointed out that the DDoS against SCO is probably just a red herring to hide the worm's real intent - to act as a backdoor into countless windows systems for the virus writer's real purpose. Given the last analysis I read on it, that purpose seems likely to be to leave Zombie Emil Gateways for spammers to use.

    While it couldn't happen to a "nicer" company, it seems very likely this virus wasn't written by a "Pissed off Linux advocate" or even a "Rabid SCO hater." The DDoS is probably just incidental to the real payload, serving to deflect suspicion from the culprit.

    Yet another Bottom Feeding spammer . . .

  • What a loser. (Score:5, Informative)

    by LBArrettAnderson (655246) on Tuesday January 27, 2004 @09:38PM (#8107618)
    The catch-all on my domain email is getting about 2 of these every minute, and has been for the past 20 hours. This is really making me angry, and unfortunately there's nothing I can do to filter most of them. I'm only able to filter the ones that have the special messages (7-bit unicode nonsense and just plain 'test') This virus is hurting everyone; including people who run linux servers who are getting thousands of these emails.
  • DDoS == Slashdot (Score:5, Insightful)

    by SirNAOF (142265) on Tuesday January 27, 2004 @09:39PM (#8107632)
    They don't want to get DDoSed on the 1st, so they decide to give out a huge reward.

    I bet they didn't think about the number of people (not just from Slashdot, but everywhere) that were going to DDoS them just by reading their press release...

    Yet another showing of intelligence from SCO.
  • by Schlemphfer (556732) on Tuesday January 27, 2004 @09:40PM (#8107639) Homepage
    Reading this press release, one thing comes immediately to mind. If I'm an investor in a company, one of the main things I want its leaders to do is to spend money wisely. If large sums need to be spent, I want this outlay to be done prudently and thoughtfully.

    Which is what makes this press release so...so...strange. We all know that the FBI goes ballistic over this kind of thing. And unless the worm author was incredibly careful, he's probably got federal agents tramping around his bedroom and emptying out his dresser drawers even as I write this.

    So why then, is SCO so eager to hand over $250,000 for an informant? SCO's moaning about how much this worm has cost them, but, really, can we take that seriously? I could see if this worm targeted Dell or IBM, or, you know, some company that actually has customers visit their website. But who is SCO selling anything to anymore? It's just a litigation house. What do they care if their site drops down for a day or two? The FBI is likely to be hot on the worm author's heels, so why is SCO so eager to hand over 250 thousand smackers without any clear reason?

    When you see spending decisions like this, it's a pretty good sign that a company is being run by bozos. You get the sense this press release was rushed out the door in an effort to capitalize on media attention. But was there any real reason why SCO needs the attention, or why it's in their best interest to part with so much money given that the culprit will likely be found anyway?

    So here's my crystal ball prediction: the worm author will be found. But SCO won't pay up. This is all about publicity, and for some reason I don't foresee Darl rushing to sign a check.

    • So why then, is SCO so eager to hand over $250,000 for an informant? ... The FBI is likely to be hot on the worm author's heels... why it's in their best interest to part with so much money given that the culprit will likely be found anyway?

      You've answered your own question. The FBI will be the ones to catch the guy and SCO won't have to pay anything. Meanwhile, SCO will take the opportunity to knock the Linux community (which had nothing to do with this infantile prank) and play the victim. Another f

    • MS did this same thing, and the are not run by bozos.

      There software may be designed by Bozos, but thats another story ;)

      I shouldn't use the term 'Bozo", since it is the only clown I ever enjoyed. Most clowns I hate... except Jack.
  • by unsigned integer (721338) on Tuesday January 27, 2004 @09:41PM (#8107645)
    Check out what the virus targets and doesn't target. It ignores .EDU addresses, as well as a host of other *nix places, including .gov and what not. While we may complain about how this virus makes us look at a whole, at least give the writer a nod for being courteous about the sites he/she targeted. Go on, read it [symantec.com]
  • by Slime-dogg (120473) on Tuesday January 27, 2004 @09:43PM (#8107664) Journal

    Anyone worth their while knows that Linux fans don't code anything for Windows unless they are paid for it. It's something called 'taint,' which money readily removes. :-P

  • by 3seas (184403) on Tuesday January 27, 2004 @09:46PM (#8107709) Journal
    Bruce is wrong.

    there is no way that one person or even a small group can create a worm that takes down linux or FOSS.

    Anyone who thinks so is demented.... And I guess that means you Bruce.

    Honestly, who the hell cares about SCO anymore?

    SCO themselves have blown the shit out of their own case..... We all know its a pump and dump...

    cheering on a boston tea party is only possible because the legal system of the US has allowed this mess to get as far as it has publicly.

    Ultimately it has only served to let the general public know there is an alternative to Windows and Mac.....

    The idea of blaming the whole of FOSS for the expression the worm writter communicated is totally insane, but so what if some cheer for the statement...

    ISN'T it really just a statement of telling SCO to either put up or shut up?

    What the legal system has so completely failed to do!!!

    When was the last time you read the declairation of Independance Bruce?

    • by JahToasted (517101) <toastafari AT yahoo DOT com> on Wednesday January 28, 2004 @03:11AM (#8110231) Homepage
      Boston Tea Party? are you somking the same crack as Darl?

      Linux is just a peice of software. SCO is attempting (and making a poor attempt at that) at suing IBM fro breach of contract or whatever. The courts are likely to decide against them. The system hasn't really failed us here. Its just moving very slowly, as usual.

      I commend you for your enthusiasm but it isn't time to start a revolution. Linux is still legal. SCO will likely die without any action on our part whatsoever. Relax dude.

      The guy that wrote this virus isn't Paul Revere or Che Guevara or whatever. He's likely some loser with low self esteem looking for attention. Or maybe a spammer.

  • by Indy1 (99447) <spamtrap@fuckedregime.com> on Tuesday January 27, 2004 @09:52PM (#8107768) Homepage
    wait till they see the slashdotting!

    Whats the award gonna be for everyone hitting their site and bringing their server to its knees?

    "500 dollars for the head of every linux junkie who loaded our web site!"

  • by kitzilla (266382) <paperfrog AT gmail DOT com> on Tuesday January 27, 2004 @09:59PM (#8107837) Homepage Journal
    Hell has frozen over. In a single week, I've cheered Microsoft for coming to its senses and coming to a gentlemanly agreement with the young owner of MikeRoweSoft.com. Now I'm applauding SCO for setting the precedent of a bounty on asshole virus-writers.

    Hand me those earmuffs, Mr. Lucifer. Chilly, huh? You just never know about the weather around here.

  • by bigberk (547360) <bigberk@users.pc9.org> on Tuesday January 27, 2004 @10:09PM (#8107945)

    I think it means very little that the worm launches an attack against SCO. The primary purpose of this worm, like the Mimails that preceded it, is the wide-spread distribution of a zombie network for the purpose of propagating spam. You see, spammers hire programmers to do this coding for them (read up a bit on Mimail and spam [spamhaus.org]) in order to help their spam biz. While the hired programmer was at it, he probably threw in the SCO bit for shits and giggles. Or maybe he's a younger programmer and just kind of immature. Either way, the spammers (the people commissioning the construction of the worm) don't care.

    To me this sounds like the most likely scenario -- remember that spam and viruses are linked [sysdesign.ca]. The SCO thing is just throwing people off track.

  • by wowbagger (69688) on Tuesday January 27, 2004 @10:16PM (#8108023) Homepage Journal

    Scene - the virus writer's parents' basement

    Script Kiddie #1: OK, dude, like, I got the, y'know, latest version of, like, Virus Creator, dude.

    Script Kiddie #2: Swheeet! Dude, like, run it!

    Script Kiddie #1: Fuxor! Like, I clicked on it, and, like, it didn't go!

    SK2: Dude! You have to, like, double click! Lamer!

    SK1: STFU! I know that! Fag!

    SK1: Uhhh, like, it's doing sumthing. Oh - kewl! It's like, installing stuff.

    SK2: Shweet! Man, this rox!

    Virus Creator: Virus Creator Wizard - page 1 of 5 - Do you want to install a backdoor? [yes] [no] [help]

    SK1: Shweet! Yeah, let's set up my army of zombies! Huh-huh-huh!

    Virus Creator: Virus Creator Wizard - page 2 of 5 - Do you want to install a spam relay? [yes] [no] [help]

    SK2: Dude! We can, like, make money! Do it, dude!

    Virus Creator: Virus Creator Wizard - page 3 of 5 - Do you want to install an HTTP relay ? [yes] [no] [help]

    SK1: WTF? (clicks help)

    Virus Creator: This lets us serve PR0N through your zombies - click yes and we will let you have the password to see some of it.

    SK1 and SK2 (together): DUDE! SHWEEET!

    Virus Creator: Virus Creator Wizard - page 4 of 5 - Do you want to DDOS somebody ? [yes] [no] [help]

    SK2: Yeah!

    Virus Creator: Virus Creator Wizard - DDOS setup - Who do you want to DDOS? [enter URL here]

    SK1: Who should we fuxor? School?

    SK2: DUDE! If you fuxor school how can we look at pr0n during class? (dope-smacks SK1)

    SK1: OW! Fag! OK, uhhh, dude, like, the RAII?

    SK2: YEAH! Fuxoring with our MP3s!

    Virus Creator: Virus Creator Wizard - URL "www.raii.com" not found - try again [enter URL here]

    SK2: Fuxor!

    SK1: Dude, like, what's something with less letters, man?

    SK2: SCO?

    SK1: Yeah! FUXOR JOO, SCO!

    Virus Creator: Virus Creator Wizard - page 5 of 5 - Virus ready - click here to email [ok]

    SK1 and SK2 (together): SHWEET!


    In other words, I think the DDOS against SCO is incidental to the real purpose of this virus - which is to spread spam. Like as not the choice of SCO was just because they are in the news, and to shift the blame to somebody else.

  • by dzym (544085) on Tuesday January 27, 2004 @10:17PM (#8108025) Homepage Journal
    According to the Symantec Security Response site [sarc.com], MyDoom, or Novarg.A [sarc.com]'s DDoS payload isn't supposed to trigger until February 1st, at which point it runs until February 12th.

    So how is it that SCO is supposedly already feeling the effects of the DDoS from the virus?

  • by slapout (93640) on Tuesday January 27, 2004 @10:19PM (#8108050)
    "This SCO press release indicates that they are offering a $250,000 reward for information leading to the arrest & conviction of the MyDoom DDoS worm authors. "

    Is that 250,000 in cash or SCO stock?
  • DDOS? (Score:4, Funny)

    by jgoemat (565882) on Tuesday January 27, 2004 @10:32PM (#8108182)
    I take offense to the term DDOS (Distributed Denial Of Service). I don't know how you could describe SCO as providing any kind of Service.
  • SO WHAT? (Score:4, Insightful)

    by Ricin (236107) on Tuesday January 27, 2004 @10:43PM (#8108313)
    Shun it, ignore it, cheer at it, but don't ever apologise for it unless perhaps if you created it. Submissive, misguided fools.

  • by Beryllium Sphere(tm) (193358) on Wednesday January 28, 2004 @12:06AM (#8109046) Homepage Journal
    Would you turn in one of your, uh, colleagues?

    Which would prevail, the promise of $250,000, or the certainty of ostracism or worse from your fellow virus writers?

    I admit I don't understand how virus writers think, but they don't seem to be particularly money-driven. On the other hand $250,000 will buy a lot of computer equipment and junk food.

    Very curious about people's opinions and observations. Post anon if you need to.
  • by Dracos (107777) on Wednesday January 28, 2004 @12:07AM (#8109060)

    Let's hope whoever does catch the authors, and collects the bounty, dontates the money to the SCO Defense Fund [slashdot.org]

  • by Oestergaard (3005) on Wednesday January 28, 2004 @04:16AM (#8110484) Homepage
    Because the author is SCO.

    Now how's that for a conspiracy theory ;)
  • by evil_one666 (664331) on Wednesday January 28, 2004 @05:46AM (#8110873)
    myDoom is not a worm it it a virus. A worm propagates without user interaction whereas a virus relies on the (unintentional) action of a human to spread, mostly clicking on email attachments. That is to say a virus attaches itself to another executable file (commonly, but not exclusively, an email). A worm is a purely self replicating program.

    Mr McBride and the media in general- stop calling MyDoom a worm, I know it sounds more dramatic and "computery" than virus, but VIRUS is what it is

    see here [wikipedia.org] and elsewhere on the web

Murphy's Law, that brash proletarian restatement of Godel's Theorem. -- Thomas Pynchon, "Gravity's Rainbow"

Working...