SCO Offers $250K Bounty for MyDoom Author's Arrest

Performer Guy writes "This SCO press release indicates that they are offering a $250,000 reward for information leading to the arrest & conviction of the MyDoom DDoS worm authors. Let's hope they catch them. Not merely because MyDoom is one of the most mindless attacks on our internet infrastructure in memory, but also when they pay up it'll be less cash for SCO's litigation engine." Thanks to Tin Foil Hat and prostoalex for pointing out links at ComputerWorld and CNET, too. Related to this: stealth.c writes "Bruce Perens has written a letter to the Open Source community, discouraging us from cheering on the MyDOOM virus, as it would falsely implicate the FOSS communities and almost certainly cause the success of the virus writer's mission of discrediting these movements. This letter is also posted on NewsForge and on Groklaw." Unfortunately, with columns like this one blaming the worm on "some ticked-off Linux fan", it needs to be said.

The message from Bruce Perens

[Bruce Perens]

Re-printed here to save my server some load :-) - Bruce

Message to the Linux and Free Software Community Regarding the SCO Denial-of-Service Virus

Bruce Perens <bruce@perens.com> (U.S.) 510-526-1165
Version 2, January 27, 2004.

The master version of this notice is at http://perens.com/Articles/SCO/DOS/ [perens.com]
Please check that location for a more recent version. You may re-publish this material. You may excerpt it, reformat it and translate it as necessary for your presentation. You may not edit it to deliberately misrepresent my opinion.

On January 26, 2004, a new virus became rampant. I have read reports that the virus payload has two purposes: to install a remote-execution back-end of a type commonly used by spammers to redistribute email, and to perform a denial-of-service attack on SCO's web site.

Denial-of-service attacks via virus have been a common trick of email spammers. They were first used to take out some of the anti-spam blacklist sites. Several of those sites had their (non-spam-related) business so heavily disrupted that they closed the doors of their anti-spam projects rather than be attacked again.

The Open Source developers are a target of spammers. We are the creators of most high-profile anti-spam technology. For example, SpamAssassin started out as, and remains today, an Open Source project. The predominant mail delivery programs of the Internet are Open Source projects such as Sendmail and Postfix, and thus most efforts to spam-proof those programs are Open Source as well. This is important, because it gives spammers a reason to defame us.

SCO also has a reason to defame us, as part of their stock-kiting scheme. We have assembled ample evidence that they have lied under oath in court. Such a company would not balk at attacking their own site in order to paint their opponents in a bad light.

Thus, it is likely that this virus has been assembled for the purpose of defaming the Linux developers by spammers, SCO, or others. Your behavior will influence whether or not it succeeds in this mission.

Thus, I urge all persons who have sympathy for Free Software, Open Source, and Linux:

• Do not cheer on attacks on the SCO site. By doing so, you falsely implicate our community in the attacks, in the eyes of outsiders who read your words. Our community believes in freedom of speech, not silencing our opponent's speech through net attacks. We will defeat SCO using the truth, not by gagging them.
• Publicly deplore the attacks as an attempt to defame us, and not an effort of our community. Show others this notice.
• Continue to fight SCO, using all legal means at your disposal. Show others the analysis of SCO's ongoing fraud at Groklaw.net [groklaw.net] and elsewhere, and explain to them your own experience as a participant in the Free Software community.
• Continue the visible presence of Free Software as a force for good in the world by producing excellent original software for everyone's free use and deploying it wherever possible. Promote these projects to the press and public as you carry them out. Do what you can for other public-good projects such as schools and non-profit organizations. FreeGeek.org [freegeek.org] is an excellent example of how to carry this out.
• Show others by example that our side always takes the high road. When they see a low-road sort of action like denial-of-service, spam, or stock fraud, they'll know who to blame.

Remember that your actions count. You are ambassadors of our community.

Many Thanks

Bruce Perens

come on...

[Frizzle Fry]

it would falsely implicate the FOSS communities and almost certainly cause the success of the virus writer's mission of discrediting these movements

Give me a break. I agree that it is unfair for your whole "movement" to look bad based on the actions of one misguided individual. But this position that this virus is a conspiracy to make linux look bad is ridiculous. You really find it easier to believe that this is a plot to bring down linux than that some high school kid who doesn't like sco did something stupid, as high school kids tend to do? I think some people are trying to hard to make their lives and "movement" seem more exciting by adding some drama and intrigue.

The Press Release

[Anonymous Coward]

Posting AC to avoid Karma whoring. SCO.com is already sort of down since morning anyway.


SCO Offers Reward for Arrest and Conviction of Mydoom Virus Author

LINDON, Utah, Jan 27, 2004 /PRNewswire-FirstCall via COMTEX/ -- The SCO Group, Inc. (Nasdaq: SCOX), the owner of the UNIX(R) operating system and a leading provider of UNIX-based solutions, today confirmed that it is experiencing a distributed Denial-of-Service (DDOS) attack. SCO announced that it is offering a reward of up to a total of $250,000 for information leading to the arrest and conviction of the individual or individuals responsible for creating the Mydoom virus.

(Logo: http://www.newscom.com/cgi-bin/prnh/19990421/SCOLO GO )

"During the past ten months SCO has been the target of several DDOS attacks," said Darl McBride, president and CEO, The SCO Group, Inc. "This one is different and much more troubling, since it harms not just our company, but also damages the systems and productivity of a large number of other companies and organizations around the world. The perpetrator of this virus is attacking SCO, but hurting many others at the same time. We do not know the origins or reasons for this attack, although we have our suspicions. This is criminal activity and it must be stopped. To this end, SCO is offering a total of $250,000 reward for information leading to the arrest and conviction of those responsible for this crime."

SCO is also working with U.S. law enforcement authorities including the U.S. Secret Service and Federal Bureau of Investigation (FBI) to determine the identity of the individual(s) involved. Anyone with this information may contact their local FBI office.

The Mydoom worm, also known as Novarg, is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip. When a user opens the attachment their computer becomes infected and uses their computer with the intention of connecting to the www.sco.com Web site on February 1, 2004. Network security firms including Network Associates and Symantec have already issued software updates to combat this particular worm.

About The SCO Group

The SCO Group, Inc. (Nasdaq: SCOX) helps millions of customers in more than 82 countries to grow their businesses with UNIX business solutions. Headquartered in Lindon, Utah, SCO has a worldwide network of more than 11,000 resellers and 4,000 developers. SCO Global Services provides reliable localized support and services to all partners and customers. For more information on SCO products and services visit http://www.sco.com .

SCO and the associated SCO logo are trademarks or registered trademarks of The SCO Group, Inc., in the U.S. and other countries. UNIX is a registered trademark of The Open Group in the United States and other countries. All other brand or product names are or may be trademarks of, and are used to identify products or services of, their respective owners.

SOURCE SCO Group

Blake Stowell of The SCO Group, +1-801-932-5703, bstowell@sco.com; or Payal Patel, or Avi Dines, both of Schwartz Communications, +1-781-684-0770, sco@schwartz-pr.com, for The SCO Group /Photo: NewsCom: http://www.newscom.com/cgi-bin/prnh/19990421/SCOLO GO AP Archive: http://photoarchive.ap.org PRN Photo Desk, photodesk@prnewswire.com http://www.sco.com

Copyright (C) 2004 PR Newswire. All rights reserved.

News Provided by COMTEX

Re:I know this is meant to be funny but.

[shaitand]

Maybe I got a decimal in there wrong but 0.5% comes out to about $1,250 total.

What a loser.

[LBArrettAnderson]

The catch-all on my domain email is getting about 2 of these every minute, and has been for the past 20 hours. This is really making me angry, and unfortunately there's nothing I can do to filter most of them. I'm only able to filter the ones that have the special messages (7-bit unicode nonsense and just plain 'test') This virus is hurting everyone; including people who run linux servers who are getting thousands of these emails.

Re:The plan

[the_mad_poster]

If you bought a Viper SRT-10 +tax/tags and paid the first year's insurance you'd still have around 160K left for the defense fund. Not a shabby contribution.