SCO Offers $250K Bounty for MyDoom Author's Arrest

Performer Guy writes "This SCO press release indicates that they are offering a $250,000 reward for information leading to the arrest & conviction of the MyDoom DDoS worm authors. Let's hope they catch them. Not merely because MyDoom is one of the most mindless attacks on our internet infrastructure in memory, but also when they pay up it'll be less cash for SCO's litigation engine." Thanks to Tin Foil Hat and prostoalex for pointing out links at ComputerWorld and CNET, too. Related to this: stealth.c writes "Bruce Perens has written a letter to the Open Source community, discouraging us from cheering on the MyDOOM virus, as it would falsely implicate the FOSS communities and almost certainly cause the success of the virus writer's mission of discrediting these movements. This letter is also posted on NewsForge and on Groklaw." Unfortunately, with columns like this one blaming the worm on "some ticked-off Linux fan", it needs to be said.

Please only post USEFUL information on this one...

[Anonymous Coward]

It's the best thing we could do in this situation.

I for one would like nothing more than to see
the whole SCO fiasco and all those who cheered it
on from the inside to go up in a huge flaming
slag pile.

Writing viruses is not the answer and posting
stupid shit isn't either.

Try and use at least 3 brain cells before posting.
(they don't necessarily all have to belong to you)

I know this is meant to be funny but.

[DarkHelmet]

$125,000 for what will amount to most likely 4 years in jail?

Plus, also the likelyhood that whoever did this will be publicly revered and hated (not liked) by the Open Source community, and blacklisted from getting a programming job anywhere else in the world, most likely for life?

Also, there's the chance of being treated like Mitnick, and charged as a "terrorist." All for the sum of just under $32,000 a year.

No thanks. If I were the worm writer, I'd hope to God that the virus can't be traced back to me. Either that, or I'd move to Iran or North Korea.

It's like watching children fight

[Powercntrl]

SCO brought it on themselves, they behaved immature and childish and now they're getting an immature and childish retaliation. Someone needs to take both SCO and the virus author out of the playground and give them a good spanking.

Re:Let me be the first to say...

[Kenja]

"Let me be the first to set up an 'anti-bounty' that will pay $300000 to anyone who can name the Doom virus creator but promises not to tell SCO. I'll be setting up a pay pal account shortly to start receiving donations to this fund."

And then you can go to jail for obstruction of justice. Paying people to not turn in evidance of a crime is a federal offence.

Comment removed

[account_deleted]

Comment removed based on user account deletion

As has been pointed out . . .

[Bagheera]

When this first cropped up a number of people pointed out that the DDoS against SCO is probably just a red herring to hide the worm's real intent - to act as a backdoor into countless windows systems for the virus writer's real purpose. Given the last analysis I read on it, that purpose seems likely to be to leave Zombie Emil Gateways for spammers to use.

While it couldn't happen to a "nicer" company, it seems very likely this virus wasn't written by a "Pissed off Linux advocate" or even a "Rabid SCO hater." The DDoS is probably just incidental to the real payload, serving to deflect suspicion from the culprit.

Yet another Bottom Feeding spammer . . .

Re:Let me be the first to say...

[dmaxwell]

That is not in the least helpful. First off, your fund can be seen as obstruction of justice. Secondly, it furthers what seems to be the goal for this trojan: Defame the open source community. The OSS community should condemn the little bastard that did this, not protect him (her?).

If I knew the little punk that did this, I would cheerfully turn him in to SCO. Of course, I would fork over some of the bounty to anti-SCO legal efforts.

Re:Dear Bruce Perens

[El Cubano]

Shut the fuck up It's kind of obvious that this is a doing of a Linux user, so please stop writing your pointless letters, no one cares. Heed my advice, and once and for all Shut the fuck up

Seeing as Bruce is considered to be one of the leaders/spokesmen of the Free/Open Source Software Community, he has a responsibility to speak out on issues such as this. Since so many people, organizations, and companies pay heed to what he says, his silence would be considered tacit approval by some.

Additionally, this single worm has the potential to do more harm to the Free/Open Source Software Community than all of SCO's shenanigans combined. evereyone really needs to speak out against this.

DDoS == Slashdot

[SirNAOF]

They don't want to get DDoSed on the 1st, so they decide to give out a huge reward.

I bet they didn't think about the number of people (not just from Slashdot, but everywhere) that were going to DDoS them just by reading their press release...

Yet another showing of intelligence from SCO.

it's not real money to Darl

[Schlemphfer]

Reading this press release, one thing comes immediately to mind. If I'm an investor in a company, one of the main things I want its leaders to do is to spend money wisely. If large sums need to be spent, I want this outlay to be done prudently and thoughtfully.

Which is what makes this press release so...so...strange. We all know that the FBI goes ballistic over this kind of thing. And unless the worm author was incredibly careful, he's probably got federal agents tramping around his bedroom and emptying out his dresser drawers even as I write this.

So why then, is SCO so eager to hand over $250,000 for an informant? SCO's moaning about how much this worm has cost them, but, really, can we take that seriously? I could see if this worm targeted Dell or IBM, or, you know, some company that actually has customers visit their website. But who is SCO selling anything to anymore? It's just a litigation house. What do they care if their site drops down for a day or two? The FBI is likely to be hot on the worm author's heels, so why is SCO so eager to hand over 250 thousand smackers without any clear reason?

When you see spending decisions like this, it's a pretty good sign that a company is being run by bozos. You get the sense this press release was rushed out the door in an effort to capitalize on media attention. But was there any real reason why SCO needs the attention, or why it's in their best interest to part with so much money given that the culprit will likely be found anyway?

So here's my crystal ball prediction: the worm author will be found. But SCO won't pay up. This is all about publicity, and for some reason I don't foresee Darl rushing to sign a check.

"Some Ticked-off Linux Fan"

[Razzak]

I have to say, if I were to bet, I would bet it is some ticked off linux fan. Since this virus is really just meant to hurt SCO, it's either someone who wants to discredit the OS movement or some single child-minded linux fan.

I'd bet on the latter, simply because there's not that many "linux-haters" that are individuals and child-ish. A company like MS, as dirty as they can be, I don't believe would engage in this kind of criminal behavior. Basically, virii are written by individuals for the most part, and I don't think an individual has much to gain from attacking OSS.

In all likelihood, it *was* some ticked-off kid. Get ready for more blurring the lines of linux=illegal hacking=evil subculture=virii makers type articles and opinions.

Boston Tea Party....

[3seas]

Bruce is wrong.

there is no way that one person or even a small group can create a worm that takes down linux or FOSS.

Anyone who thinks so is demented.... And I guess that means you Bruce.

Honestly, who the hell cares about SCO anymore?

SCO themselves have blown the shit out of their own case..... We all know its a pump and dump...

cheering on a boston tea party is only possible because the legal system of the US has allowed this mess to get as far as it has publicly.

Ultimately it has only served to let the general public know there is an alternative to Windows and Mac.....

The idea of blaming the whole of FOSS for the expression the worm writter communicated is totally insane, but so what if some cheer for the statement...

ISN'T it really just a statement of telling SCO to either put up or shut up?

What the legal system has so completely failed to do!!!

When was the last time you read the declairation of Independance Bruce?

Re:The message from Bruce Perens

[Bruce Perens]

I don't see anything to cheer about in the CNN article calling the virus a Linux War Weapon.

Bruce

It's not Feb 1 yet...

[Anonymous Coward]

Has anyone found an analysis showing that the attack in this virus would be set off before that?

Has anyone found where the attacks are originating from? (what country[ies])

What does the virus install on the affected machines? or does it simply open a port?

Is the attack only pre-programmed (as most analyses seem to indicate), or is the high open port allow for remote control/execution of the attack?

Do the infected machines communicate with each other either directly or through some other medium (eg: irc)?

Something doesn't add up about this. SCO is reporting that this virus is attacking thier servers now, but I have yet to find an analysis of the virus that indicates that this would happen, or that the attack would occur before Feb 1.

Could someone post a link to a relatively complete analysis of the virus and it's workings?

I'd greatly appreciate it.

I call BS

[Anonymous Coward]

Bullshit. It's possible, but unlikely that someone pulled this stunt to defame the community. It's likely that this shit was pulled by some dickhead who thought it would be cool - you know, the kind of dickhead who has been cheering this virus on Slashdot?

This "open letter" is nothing but transparent propaganda - trying to paint the Open Source world as perfect, free of idiots, fighting against all the evil forces in the world. Newsflash - there are idiots everywhere. Deal with it, and keep the bullshit to a minimum.

Re:Now on the journalist-blacklist

[Fnkmaster]

Apparently she didn't understand the "Funny" mod. Almost all of those "jubilant" posts were obvious jokes. I think the majority of Slashdotters probably agree more-or-less with Perens, and certainly quite a few posts pretty much stated as much.

Sure, most of us aren't going to cry for SCO when they get DOSed, given that they have repeatedly threatened many of our livelihoods with lawsuits against our employers, and attempts to destroy the community we've built and undermine the legitimacy of the licenses we choose as individuals to use for our software. But most of us realize that the damage these DOS attacks do to the infrastructure and reliability of the Internet is more potentially damaging to our careers and livelihood in the long term than any childish glee you could get from watching a crappy company's website go down.

And I think it's pretty obvious that the SCO DDOS is probably just a cover for using compromised hosts as spam zombies.

Re:Dear Bruce Perens

[gl4ss]

..and the real thing that the worm is doing is OPENING THOUSANDS OF BACKDOORS ON WINDOWS MACHINES FOR SPAMMING, DDOS, WAREZ FTP'S, IRC TAKEOVERS and for other not that nice uses that are really not of any intrest to the normal linux user or advocate(spamming being the number 1 moneymaker here). though the whole ddos part of it might have been added in to it just for kicks, though certainly it seems to be a great way of pulling the attention away from more intresting things like that it spreads through kazaa(and leaves an open backdoor).

besides, sco's website seems largely unaccessable anyways(even without the ddos having yet to start).

the general public(an average computer _user_) doesn't have a clue about this though, nor does it have a clue about who sco even is, the people where this kind of publicity would be bad are currently quite clueless about the whole thing anyways so I wouldn't worry that much - for them it's just another email annoyance.

Re:Trying to throw us off the trail, huh?

[dgatwood]

Maybe one day, O.J. will find the real killers, Bush will find WMDs in Iraq, and two-thirds of the world's missing person cases will be solved....

So I guess the business model in all four situations looks like this:

• Do something awful.
• Claim you're looking for those responsible.
• Profit.

There's not even a "???" in there. Wow.

*sigh*

DDOS is SCO submission to the court of public opin

[oob]

The Reichstag fire is what I thought of immediately

Yes that's the obvious parallel and the right conclusion IMO.

SCO's two pronged approach includes the court of public opinion in addition to the U.S. judicial system. It suits SCO and their Redmond Muppet-masters to disparage the Open Source community, which is why we see pejoratives like "Communist," "Hacker" and "Anti-American" emanating from them at every opportunity. It would suit them perfectly for each of those terms to become synonyms in the common vernacular.

At the very best, SCO is capitalising on this Virus by offering the reward for their propaganda, knowing that it will cause headlines. At the very worst they developed this virus themselves for the same purpose. Either way SCO will come out of this looking like victim.

Conversely, all that an independant Virus writer could hope for is a temporary interruption of SCO's Internet access.

It's obvious who has the most to gain.

One thing that doesn't jibe ...

[dzym]

According to the Symantec Security Response site [sarc.com], MyDoom, or Novarg.A [sarc.com]'s DDoS payload isn't supposed to trigger until February 1st, at which point it runs until February 12th.

So how is it that SCO is supposedly already feeling the effects of the DDoS from the virus?

Angry Linux Hacker?

[jgoemat]

The person that released this virus would have done it if SCO was around or not. I'm personally glad that they decided to attack SCO instead of a website that I frequent, but the extra internet traffic will hurt everyone. The news stories make this out to be an attack by a Linux user on SCO, what evidence do they have? It could just as easily be an angry investor that bought their stock at $20 and lost 1/4 their life's savings. They must have Windows computers to figure out how to write the worm and test it, so why must the author be a "Linux Hacker"?

Why does Microsoft always seem to get a pass?

[duslow]

Afterall, it was and is their platform that continues to provide these hacker assholes a global stage for their virus creations.

I think SCO wrote it

[Baldrson]

Just think -- all those lawyers around SCO coming up with a ploy to play the victim [theherald.co.uk]. Its working quite well for lots of other groups.

Re:it's not real money to Darl

[Jaywalk]

So why then, is SCO so eager to hand over $250,000 for an informant? ... The FBI is likely to be hot on the worm author's heels... why it's in their best interest to part with so much money given that the culprit will likely be found anyway?

You've answered your own question. The FBI will be the ones to catch the guy and SCO won't have to pay anything. Meanwhile, SCO will take the opportunity to knock the Linux community (which had nothing to do with this infantile prank) and play the victim. Another free headline this doofus has given the publicity-hungry SCO.

Re:Trying to throw us off the trail, huh?

[The Almighty Dave]

I thought this one was made by modifying an existing virus. The backdoor was already there, why go through the extra work to take it out, even if you are not going to use it?

Re:Trying to throw us off the trail, huh?

[Nucleon500]

My guess is that spammers did it. First, the virus sets up a backdoor, which would be very useful to spammers but contributes nothing to an attack on SCO. Second, the virus is a variant of previous viruses used to set up open relays. And third, spammers have the only clear motive - to put it in as a red herring. SCO, and most Linux fans, don't have the skill to do it. Most Linux fans would realize how stupid it would be. Spammers would have heard of the SCO v. IBM battle, but are not personally invested in it, and would think nothing of adding the DDoS payload out of curiosity.

SO WHAT?

[Ricin]

Shun it, ignore it, cheer at it, but don't ever apologise for it unless perhaps if you created it. Submissive, misguided fools.

It needs to be said?

[Xoid629]

Unfortunately, with columns like this one blaming the worm on "some ticked-off Linux fan", it needs to be said.

Should we really be so sure of anything at this point? If you read both Perens' letter and the eWeek article, they say almost exactly the same thing about the Linux community. The difference is that Perens jumps to the conclusion that the worm was designed to discredit the community, while the eWeek reporter jumps to the conclusion that some zealot made it. Neither opinion is any more provable at this point.

It is certainly quite possible that the zealot idea is wrong, but no one really knows yet. If 'we', the community, make statments which turn out to be false, that also reflects badly on us.

Re:Hey, d00d!

[Anonymous Coward]

SCO just made the MyDoom author into a folk hero.

The Usual Suspects

[_Sprocket_]

I'd like to preface this whole post with agreeing that it very well could be a single Linux fan launching this attack for the very obvious reason of attacking SCO. Having said that, I have to take issue with some of the conclusions made to support the likelihood of this being the most likely possibility.

Since this virus is really just meant to hurt SCO, it's either someone who wants to discredit the OS movement or some single child-minded linux fan.

Are you sure the virus is just meant to hurt SCO? Note that like previous variations of this virus, it installs a back door (specifically the ability to execute supplied code and port forwarding). This same functionality has been used by spammers in the past (and indeed, the DoS portions of previous versions have targeted anti-spam sites).

I'd bet on the latter, simply because there's not that many "linux-haters" that are individuals and child-ish.

As the saying goes, "you must be new here." The Linux fanbase is not alone in its share of zealots and childish behavior.

A company like MS, as dirty as they can be, I don't believe would engage in this kind of criminal behavior.

Who said anything about MS? Bruce's comments mentioned SCO. And spammers. That's it.

Basically, virii are written by individuals for the most part, and I don't think an individual has much to gain from attacking OSS.

Google for "gobbles". There are plenty of folks who would love to take a swipe at Open Source (or specific groups under that banner). And why not. They're just as tempting a target as anything else that gains notoriety. After all, what would an individual gain from attacking... say... Microsoft?

In all likelihood, it *was* some ticked-off kid. Get ready for more blurring the lines of linux=illegal hacking=evil subculture=virii makers type articles and opinions.

You're on the money on that last bit. This will hand SCO more ammo to fling at the OSS community. And SCO will undoubtedly do their best to get it in the press and in front of Congress (which in turn is fodder for the unlikely possibility that this is SCO's own doing - they'll skuttle their own company for a buck, why not their own site?).

So what if this is not the work of a ticked off kid? Who would do this?

Again - this is a variant of previous malware. It is possible that someone got mad and just did the basic changes needed to vent their frustration. Or it could be from the same source as other recent attacks. And that source is undoubtedly some part of the spammer "industry" / community.

So why attack SCO? Bruce touched on one possibility - discredit a community that's been working hard to make spammers' operations difficult to maintain. Others have suggested it is an attempt to distract people from the virus' real intention - providing another fleet of zombie proxy machines. I've toyed with the idea that attacking SCO may appeal to the very ones who are usually cleaning up malware and the virus author hopes that these individuals would just let this one slip by.

In short, there are plenty of possibilities. And while the lone malcontent is still a very valid one, it is by no means the only likely candidate.

Re:The message from Bruce Perens

[Lemmy Caution]

You are an ass.

The bulk of the expense of dealing with this trojan will not be taken up by SCO. No, it will be taken up by the thousands and thousands of companies whose IT departments now have to deal with it.

This is like cheering the destruction of the two towers because you don't like things that are rectangle-shaped.

Re:Now on the journalist-blacklist

[Jaysyn]

And the reporter *ignored* a lot of intelligent conversation & arguments against this kind of behavior. It's all about the spin, man.

Jaysyn

If you were a virus writer

[Beryllium Sphere(tm)]

Would you turn in one of your, uh, colleagues?

Which would prevail, the promise of $250,000, or the certainty of ostracism or worse from your fellow virus writers?

I admit I don't understand how virus writers think, but they don't seem to be particularly money-driven. On the other hand $250,000 will buy a lot of computer equipment and junk food.

Very curious about people's opinions and observations. Post anon if you need to.

Re:it's not real money to Darl

[geekoid]

MS did this same thing, and the are not run by bozos.

There software may be designed by Bozos, but thats another story ;)

I shouldn't use the term 'Bozo", since it is the only clown I ever enjoyed. Most clowns I hate... except Jack.

Troll?

[trezor]

Excuse me for supporting Mr. (Score:0,Troll), but doesn't he raise at least one valid point?

It's not like this is the first time Outlook and all it's features additional to mailhandling (which mostly is usefull only to spammers and virii-writers) causes complete havoc on the internet.

You'd think by now, Microsoft should have turned of all scripting and activex-support in their email-client to avoid all of this happening again?

After all, I can view HTML mail in Mozilla, Opera and Pine for god's sake. And still I have to admit no viri/worm/trojan has ever infected my machine.

So call him troll if you like, but he did (even though maybe in a flamefest fashion) ask the question that should be asked:

Why the hell is this email client still the biggest source of viruses on the internet?

Re:The message from Bruce Perens

[Clovert Agent]

Very well said.

Something thing I'd add: think twice, speak once. /. is a public forum.

You might think cracking a "hooray for MyDoom! SCO sucks!" comment in /. is funny, but (lazy) journalists and SCO will pick it up and use it against the OSS community.

As indicated in the original post, http://www.eweek.com/article2/0,4149,1463923,00.as p quotes an AC: "Quick, disable your AV software, and get some Windows boxes on the internet!"

Pretty sloppy journalism, quoting an anonymous source with no support, but it was rated "Funny" for God's sake. Why? Mod them "Troll" or "Flamebait", because that's what they are.

As long as there's that sort of bull flying around, people will readily believe it was a Linux fanatic with an axe to grind.

Keep rational, stay polite, and make your points the civilised way. No need to descend to the level of either SCO or a worm hacker to do so.

Re:Troll?

[julesh]

It's not like this is the first time Outlook and all it's features additional to mailhandling (which mostly is usefull only to spammers and virii-writers) causes complete havoc on the internet.

Err, I don't think this one has anything to do with Outlook's various features. This worm doesn't execute automatically, it relies on the user opening an attached executable file to work. The same trick could work with any MIME compliant MUA that the writer chose to target; it just happens that Outlook & Outlook Express were the targets here (it runs under Windows and knows how to read their address books).

Re:Troll?

[proj_2501]

not true. eudora automatically decodes attachments and plops them into a folder on disk