SCO Offers $250K Bounty for MyDoom Author's Arrest

Performer Guy writes "This SCO press release indicates that they are offering a $250,000 reward for information leading to the arrest & conviction of the MyDoom DDoS worm authors. Let's hope they catch them. Not merely because MyDoom is one of the most mindless attacks on our internet infrastructure in memory, but also when they pay up it'll be less cash for SCO's litigation engine." Thanks to Tin Foil Hat and prostoalex for pointing out links at ComputerWorld and CNET, too. Related to this: stealth.c writes "Bruce Perens has written a letter to the Open Source community, discouraging us from cheering on the MyDOOM virus, as it would falsely implicate the FOSS communities and almost certainly cause the success of the virus writer's mission of discrediting these movements. This letter is also posted on NewsForge and on Groklaw." Unfortunately, with columns like this one blaming the worm on "some ticked-off Linux fan", it needs to be said.

Trying to throw us off the trail, huh?

[spun]

Come on, Darl, you HIRED someone to write it, didn't you? An open source Reichstag fire, right?

The plan

[eyegone]

Someone needs to do the following:

1. Turn the culprit in.
2. Collect SCO's reward.
3. Give the money to the OSDL SCO defense fund.

Now on the journalist-blacklist

[AEton]

Robyn Peterson [eweek.com], robyn_peterson@ziffdavis.com, is probably pretty safe to ignore at this point.

From eWeek's (heh) "Online Jubilation About MyDoom's SCO Attack" [eweek.com] article:

Reactions on Slashdot, arguably the largest discussion board for technophiles, displayed a cathartic wave of pleasure, "Finally a worthwhile virus!" exclaims one poster. While another adds, "So, uh where can I download a copy?" (Robyn here included links to relevant /. comments)

While the person who gets paid to write this for a living (wtf?) ignores that the majority of the +4/5 comments that aren't rated "Funny" are

1) Reminding people that DDoSing is always stupid and silly
2) Anticipating this kind of silly article
and 3) yelling at people who post unsupported theories about SCO.

But hold on, Robyn has more to say:

Another Slashdot poster goes as far as saying, "SCO has used past denial of service attacks as 'the dog ate my homework' type of excuses in court." It went on to suggest that "SCO's next court date is in early February, maybe they haven't done all their homework this time," implying that SCO itself released the worm. (Robyn will report next month on the inability of SCO to find evidence because IBM is being a big meanie.)

I know it's an advertising publication, but some people read eWeek and expect some of the things in it to be true. Rather than mention the tangible allegations against SCO with regards to insider trading, lying to stockholders, and inconsistent policies, Robyn reports what he's paid to. And that's fine - a half-truth is not quite libel - but it's kind of disturbing to read.

Bad Robyn Peterson, robyn_peterson@ziffdavis.com. Bad.

Saddam had a $25million reward

[Anonymous Coward]

So is Saddam only 100 times more dangerous than the worm author?

Re:Trying to throw us off the trail, huh?

[Bruce Perens]

The Reichstag fire is what I thought of immediately, as well. And please don't bother me about Godwin.

Bruce

Did anyone even read the Symantec virus writeup?

[unsigned integer]

Check out what the virus targets and doesn't target. It ignores .EDU addresses, as well as a host of other *nix places, including .gov and what not. While we may complain about how this virus makes us look at a whole, at least give the writer a nod for being courteous about the sites he/she targeted. Go on, read it [symantec.com]

Comment removed

[account_deleted]

Comment removed based on user account deletion

no sale, buddy.

[MoFoQ]

especially knowing that the $250k comes from ill-gotten gains from using mafia-like lawsuit tactics that even insult the mob. Though taking the money and then donating it to the Linux Defense fund or the Linux fund (the development portion) would help SCO's arch-enemy and thus not a bad idea.

better yet is if the author of the virus also inserted a disclaimer asking if the user ok's the use of their connection to help bog down SCO's servers by accessing their website at a scheduled time (a whole lot nicer than calling it "Denial" or an "attack"). Of course, it doesn't even have to be a virus...it can be like the Seti@home or folding projects. SCO@home.

Re:Oh c'mon...

[mOoZik]

SCO isn't really a "high profile" target. In fact, most people outside of the IT community don't know who or what SCO is. It takes someone with knowledge (obviously) and a state of mind. What is the current state of mind of the OSS/Linux community? Obviously, it is one of resentment and anger? Can you deny that? One only need glance at Slashdot's headlines to prove my point.

The author is a spammer, not an anti-SCO nut

[bigberk]

I think it means very little that the worm launches an attack against SCO. The primary purpose of this worm, like the Mimails that preceded it, is the wide-spread distribution of a zombie network for the purpose of propagating spam. You see, spammers hire programmers to do this coding for them (read up a bit on Mimail and spam [spamhaus.org]) in order to help their spam biz. While the hired programmer was at it, he probably threw in the SCO bit for shits and giggles. Or maybe he's a younger programmer and just kind of immature. Either way, the spammers (the people commissioning the construction of the worm) don't care.

To me this sounds like the most likely scenario -- remember that spam and viruses are linked [sysdesign.ca]. The SCO thing is just throwing people off track.

Re:Did anyone even read the Symantec virus writeup

[leadsling]

I got that list and laughed. Notice that it not only excludes .gov but also .mil (US military) addresses. Trying hard to avoid the feds from getting involved, maybe? But it also excludes *icrosoft and hotmail??????? NOT A TYPICAL LINUX GEEK. Sounds to me like a _icro_of_ employe_ perhaps? Or the type of person who would rip their own clothes and then go run to the teacher. "Miss Smith, Johnny grabbed me and pushed me" (said with a whiney voice) Other interesting exclusions were IBM, Berkeley, and *BSD.

Re:Oh c'mon...

[edsel]

I see no evidence that this one is written bij the OSS or Linux community

Exactly. It's possible that this is the work of some overzealous FOSS advocate, but there are other possibilities:

• Itinerant virus-writer selling his/her services to spammers (the worm installs listening services that could be used to turn the infected PC into a spamming zombie).
• Immature weenie just does it for attention and doesn't care who gets hurt
• Darl/MS/Satan is behind it. OK I find this highly unlikely. Perens refers to the perpetrator's "mission of discrediting these [FOSS] movements"

Re:Fine Print:

[QuasiCoLtd]

Believe it or not this may not be far from the truth. If you noticed, the letter said Upon arrest and conviction . By the time the culprit moves through our wonderful justice system the IBM lawsuit will be over, and SCO will be gone.

All this is is a nice PR move by SCO so they look like heros trying to stamp out malicious hackers.

Re:Did anyone even read the Symantec virus writeup

[TimeForGuinness]

Well I think Symantec has it wrong because Virginia Tech is getting lit up right now. I've already had 40 today. I feel bad for the others who have hundreds.

Re:Trying to throw us off the trail, huh?

[mitherial]

I find the assumptions made by this commentor and "timothy" to be absurd. While it certainly is possible that SCO hired somebody to do this, even they aren't that foolish. The potential danger to them if they were found-out is an *instant* loss (in the business community) of whatever credibility they may still retain (which they care about a hell of a lot more than what a bunch of geeks on slashdot think), and the potential gain for them is minimal. I see no reason at all to believe that it *wasn't* "some ticked-off linux fan", the psychology & motivation fits perfectly [this isn't to say that the OSS community as a whole endorses this position by any means.] But the Reichstag fire is a serious disanalogy. I'm not defending SCO's other actions-I think their claims to IP are unlikely at best, just as with Microsoft and GW Bush, to shrilly denounce them at every opportunity, even for innocious actions, destroys your credibility, and makes rational, thinking people write you off as a fanatic. Conserve your clout, make what you say count!

To reverse the damage of the DDOS attack

[BB]

We need to:

1. If at all possible, quickly create a worm that will undo this damage. Issue a press release showing the level of effort made by some to stop the DDOS attack.
2. Post instructions on how to minimize the SCO DDOS attack. A HOWTO may be appropriate.
3. Issue a press release signed by Linus, RMS, Bruce Perens, et al, condemming the attempt to discredit the community.

Re:come on...

[spun]

Here's my line of reasoning. A lot of malicious software is now being written by people with a financial interest, like spammers. Assume someone at SCO might know someone like this. Assume these unscrupulous spammers were going to write this software anyway. Perhaps a big wad of cash showed up at someone's door, along with a promise of much more if the software also included a DDOS of www.sco.com.

Naw, it's much more likely that some deranged Linux zealot with far more programming skills than common sense and no financial interest in the matter whatsoever cooked this up in their spare time.

"Apparently"

[Anonymous Coward]

From the article at eweek [eweek.com] ...

Editor's note: A word in this column has been modified to emphasize that a connection between anti-SCO sentiment by the Linux community and the MyDoom attack has not been proved.

Hoorah for editorial conscience. Take notes, Slashdot.

Re:The plan

[Anonymous Coward]

uh AFTER taxs lets see
250 * .38 = 95 (state and fed)
leaving you with
250 - 95 = 155
now for the viper
155 - 85 = 70
sales tax .07 in this state
85 * .07 = 85
85 - 6 = 64
insurance for the FIRST year lets be nice, 1k
64 - 1 = 63
now lets say you live in a state that likes to zip you on 'tags' 1k
63 - 1 = 62k

That leaves 62k left. Now some states also charge a 'luxury' tax on higher priced vehicles such as the viper.

Your calc is almost off by about 100k. Also you will need that 62k for the next few years for gas. As a v10 tuned out like that does NOT get 30mpg. Also for your insurance and tax's EACH year.

You would be better off buying a house and living like a god. Then finance a nice car...

Re:Boston Tea Party....

[Endive4Ever]

Perens and several other people 'at his level' in the FOSS 'movement' are rather full of themselves. They're the political gadflies. That sort of person is naturally attracted to a 'leadership position' in a 'movement' like Linux.

It's no coincidence that they're narcissistic enough to take it upon themselves to view anything negative as a 'threat' likely 'a conspiracy' against them.

You don't get power unless you can fan flames of paranoia and become a 'leader.'

Re:The message from Bruce Perens

[shaitand]

I had missed the CNN article.

Here it is for anyone else who missed it:
http://www.cnn.com/2004/TECH/internet/01/27/m ydoom .spread/index.html

Your right Bruce that is no laughing matter at all.
I hadn't dreamed anyone (other than SCO) would take
claims like this against the Linux Community seriously.

Re:Copyright.

[benna]

OK listen. I hate SCO as much as any of you. This is a clear pump and dump. However, I am getting sick of people saying SCO or someone wanting to discredit the open source community wrote this worm. I can think of ALOT of linux supporters that would have done this in a second if they had thought of it. The chances are, it was a linux supporter. I'm not saying whether I support the people that did this or not. I'm really not sure but I am also getting tired of this "holier than thou" attitude of people who say its not good because it makes open source look bad blah blah blah. I'm beginning to think we must fight fire with fire. We must fight these tacticts of SCO, tactics that may even be illegal under RICO, with tactics that are less than legal. Maybe it is time we start doing things designed to bring down SCO, just as they are trying to bring down linux. The legal process will take years. SCO will probobly do alot more damage in that time than some worm written by a linux supporter. So we must do something. WE MUST FIGHT!

Re:Copyright.

[SsueCmeOplease]

As much as some would like to think that this is the work of one of our own. The fact of the matter is that ANYONE with a keyboard could have done this. And following through on this logic I would not discount even SCO. I would not put it past Darl to try a stunt like this. He is "smokin' crack" and has "nothing to lose" after all.

Re:Trying to throw us off the trail, huh?

[DMCBOSTON]

Did SCO have a hand in it to gain sympathy/press?? The problem is the price of getting caught in such a plot. The mainstream press would see SCO in a very negative light if they had dirty hands in writing this code. Very soap opera, very understandable to the non computer savvy. The press would eat SCO alive and the public would see them in that light. My call? I think they are playing the game by offering the reward, but they had no part in the execution of the code. But who knows? It's amazing how some would play Machiavelli without having read Machiavelli.

Watch Mydoom in Action!

[pfifltrigg]

I've cooked up a little monitoring script in Perl that graphs the availability/ping response time of www.sco.com. Now you can watch Mydoom in action. Check this [64.22.206.199] out.

Re:two linux licenses

[Technician]

I already have two Linux licenses for a whole lot less money. Hit the bookstore. Lots of Linux manuals have a publishers edition of Red Hat and Caldera in them. Since SCO is renamed Caldera, there should be no way they can get you for using it. Be sure to read and follow the EULA.

I have a 2 publishers editions, one of 2.3 kernel and one 2.4 kernel. There should be no way they can demand more money for using it the way they sold it.

There may be a legal challange for having the Red hat copy that came with the book. I guess I'm going to have to hide it until the SCO case is over.

One copy makes a great SAMBA server and the other one is a great desktop web tool.

Re:Refined

[Tuxinatorium]

That's more valid than SCO's business plan. If they wanted to emulate sco it would be more like this: 1. Release virus to DDoS SCO 2. Antivirus companies release a fix 3. claim the fix infringes on your intellectual property & demand everyone who removed the virus pay you $1000 in licensing fees 4. Profit!

Re:Hey, d00d!

[sniggly]

MicroSoft created a weapon that any moron geek and half witted terrorist can now use to attack their pet peeve. Nothing in all of this should take the focus away from MicroSoft failing to secure its products, products that are amazingly unsafe and dangerous. How long have we given them time to fix this? How many more times does it need to happen, how massive the loss before the whole software industry gets totally regulated for this? Once the software industry gets regulated it's bye bye to the Open Source community and MS might actually win from it in the long term. MicroSoft is becoming ever more serious a liability to worldwide internet security and the national security of pretty much all nations. Imagine if Ford had made all its cars remotely controllable (Outlook express'& Windows design flaws make it practically remotely controllable, MS patches but doesnt fix the flawed design!!) and a terrorist could mobilize and crash them into any place at any time.

The author will not be caught

[Oestergaard]

Because the author is SCO.

Now how's that for a conspiracy theory ;)

myDoom is not a worm it is a VIRUS

[evil_one666]

myDoom is not a worm it it a virus. A worm propagates without user interaction whereas a virus relies on the (unintentional) action of a human to spread, mostly clicking on email attachments. That is to say a virus attaches itself to another executable file (commonly, but not exclusively, an email). A worm is a purely self replicating program.

Mr McBride and the media in general- stop calling MyDoom a worm, I know it sounds more dramatic and "computery" than virus, but VIRUS is what it is

see here [wikipedia.org] and elsewhere on the web

motives and motivations

[btharris]

if MyDoom was, in fact, created by anti-SCO "fanatics", then i doubt the peers close to its creator would be motivated by money. the entire spirit of the free software movement is to create useful software for humanity---not for profit. this is not to say that free software can't be profitable (in some cases it is), or that money isn't useful, just that profit is secondary to the freedom and utility of the project; money is, at best, a secondary goal for free software projects.

i remember once in college when a CS professor was giving an assignment and started by shouting, "OK, let's make some money!" Everyone moaned and complained about how corny and boring the assignment must be. The professor stopped to comment on the contrast between us (computer science students) and business students: what had bored us would have surely excited them.

I've noticed that technically minded people (such as computer scientists) are often more interested and motivated by technical challenges and "higher" goals than just profit. (Computer people are more often Vulcans than Ferengis.)

so i wonder if those close to the creator of MyDoom (assuming they are supporters of free software) would turn in its author based solely on the desire for the reward money. not that a quarter of a million dollars isn't something to consider, but i'd suspect someone with the pertinent information would look beyond just the cash and consider other issues first.