SCO web site down

The Inquirer ^ | February 1, 2004 | INQUIRER staff

[HAL9000]

A NETCRAFT ALERT reveals that the SCO site is down, but whether that's because of a denial of service attack following the MyDoom virus or because the guys want some peace and quiet to watch a ball game is unclear.

As the techie world+dog knows, the MyDoom virus not only clogged up corporate Windows databases but also had a trigger to get infected machines to try connect to SCO on the 1st of February.

The later version of MyDoom, B, also included Microsoft in the list of sites to attack.

Netcraft. µ

[HAL9000]

The next step is for Internet Service Providers to start shutting down the accounts of Windows users who are infected with the MyDoom virus.

[js1138]

I think this might have a good effect in the long run. Email should be filtered for known viruses by internet providers, before it gets to Joe User. Some IPs already do this. In fact Hotmail is filtered by McAfee.

[js1138]

I don't think you could or need to shut down people's accounts, but you don't need to forward email that's full of worms and viruses.

[bd476]

What are the chances a Linux person started the latest virus?

[mikegi]

What are the chances a Linux person started the latest virus?

Not possible! Don't ya know that the Linux nuts are the sweetest, kindest, most wonderful people you've ever met? Ignore little details like the fact that the virus targets Linux's two biggest enemies. That's just a head fake to lead investigators in the wrong direction.

[bd476]

"Not possible! Don't ya know that the Linux nuts are the sweetest, kindest, most wonderful people you've ever met?"

LOL! Yep, I believe you, sure I do.

[HAL9000]

I don't think you could or need to shut down people's accounts,

It would not be difficult to do. The ISPs can use a protocol analyzer to get the IP addresses of the infected machines based on traffic to www.sco.com. The account name associated with the IP address can then be determined. This process can be automated.

There could be another possibility, but it would raise some legal issues. The virus installed a backdoor access method on each infected Windows computer. SCO could try to access that backdoor on the infected machines that are attacking sco.com and neutralize the virus.

[KneelBeforeZod]

"ping"

www.caldera.com
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

www.sco.com
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

[js1138]

I think it would be a good idea for IPs to offer a default firewall for ordinary non-corporate customers. Most ports used by hackers have no useful function for home users. They could be blocked by the IP. If you have a proprietary need for them, get a non-filtered account.

[eccl1212]

Careful how you generalize about linux users.
free republic most recent site spec.

Linux-Apache 1.3 since 25-Jun-2003 209.157.64.200 Verio

Both of which are open source community software products.
As far as I know, JimRob has been with both most of the time, for a LONG time.

[gitmo]

I've seen several sites that simply post a message they are down till DOOM blows over.

[FormerlyAnotherLurker]

This is from Gibson Research;

"The latest prolific eMail virus, MyDoom, being called the fastest spreading eMail virus in history, infects an estimated 500,000 PC's worldwide, and has been clogging inboxes and raising havoc across the Internet. Until February 12th, every infected computer will be joining in a distributed denial of service (DDoS) attack upon the web site of SCO at www.sco.com, which is expected to be unavailable throughout this attack.

Interestingly, SCO's web site will be offline not only due to the total bandwidth of the attack, which would completely swamp its network and servers, but also because worried Internet carriers are preemptively blocking access to SCO's web site to protect their own equipment from the storm."


http://grc.com/default.htm

[adam_az]

"What are the chances a Linux person started the latest virus?"

What does "Linux Person" mean? Someone who uses Linux? It might as well be a Toilet person, someone who uses toilets. Or a Car person. Is someone who owns a TIVO a Linux person? Tivo runs on Linux.

[adam_az]

"SCO could try to access that backdoor on the infected machines that are attacking sco.com and neutralize the virus."

That would actually be a felony.

[adam_az]

"I think it would be a good idea for IPs to offer a default firewall for ordinary non-corporate customers. Most ports used by hackers have no useful function for home users. They could be blocked by the IP. If you have a proprietary need for them, get a non-filtered account."

Most cablemodem and some DSL providers do this. It's actually quite annoying. The alternative is to buy the business version of cablemodem, which is more money for slower speeds but with no filtering.

[adam_az]

Don't ya know that the Linux nuts are the sweetest, kindest, most wonderful people you've ever met?

Sounds like you have a fan, Jim Rob!

[SkyRat]

think it would be a good idea for IPs to offer a default firewall for ordinary non-corporate customers.

I assume you mean ISP and I for one would hate that. It would be worthless, too. For once, the viruse entered the machine by a regular port, via smtp on port 25. So the customer machines would still get infected. The virus can still get out be using non-blocked ports. Http, https, pop3, imap, time, telnet, ssh, whatever.

I like the hotmail system, too. Every mail gets filtered through a antivirus programm. That's a good service and doesnt block some non-popular ports.

[HAL9000]

From SCO press release -

SCO Experiences Massive Denial of Service Attack

Sunday February 1, 4:15 am ET

Mydoom Virus Blamed For Exponential Internet Traffic to www.sco.com

LINDON, Utah, Feb. 1 /PRNewswire-FirstCall/ -- The SCO Group, Inc. , the owner of the UNIX® operating system and a leading provider of UNIX-based solutions, has confirmed that a large scale, Denial of Service attack has started that has made the company's Web site, www.sco.com, completely unavailable. Internet traffic began building momentum on Saturday evening and by midnight Eastern Time the SCO Web site was flooded with requests beyond its capacity. The company expects these attacks to continue through Feb. 12.

"This large scale attack, caused by the Mydoom computer virus that is estimated to have infected hundreds of thousands of computers around the world, is now overwhelming the Internet with requests to www.sco.com," said Jeff Carlon, worldwide director of Information Technology infrastructure, The SCO Group. "While we expect this attack to continue throughout the next few weeks, we have a series of contingency plans to deal with this problem and we will begin communicating those plans on Monday morning."

[Dimensio]

What are the chances a Linux person started the latest virus?

Well I certainly wouldn't do such a thing. While I'm immune to infection, I don't appreciate having my inbox flooded with MyDoom emails from infected machines run by clueless idiots who don't know not to click on foreign attachments.