Re: [newbie] Virus Warning was Re: [ jEdit-users ] Status
On Tuesday 27 Jan 2004 1:41 pm, JoeHill wrote: On Tue, 27 Jan 2004 10:37:57 +0100 Frans Ketelaars disseminated the following: A new virus, as of today. Rated High-Outbreak by Mcafee: http://us.mcafee.com/virusInfo/default.asp?id=descriptionvirus_k =100 983 (Only affects Windows, of course.) I noticed this: quote Denial of Service Payload On the first system startup on February 1st or later, the worm changes its behavior from mass mailing to initiating a denial of service attack against the sco.com domain. This denial of service attack will stop on the first system startup of February 12th or later, and thereafter the worm's only behavior is to continue listening on TCP port 3127. /quote That's _not_ the right way to fight SCO IMHO. Agreed. It just contributes to the image which SCO is trying to paint of the Linux community, a bunch of 'hackers' (which of course, many are, but they don't get the diff between 'hacker' and 'cracker', CNN be praised). Fighting SCO, and MS for that matter, is done most effectively by getting the truth out there. The SCO attack is badly done. Giving them several days warning allowed SCO to patch their servers to reject the DOS. The HTTP request is smaller than a browser would create, allowing it to be recognised. At least one researcher was unable to get the virus to launch the DOS at all (he only saw a DNS request for www.sco.com) All they have to do to avoid it totally is to change their DNS to www.scox.com for a fortnight. The virus has other damaging payload, which does not stop on February 12. This includes a keylogger and installing software. (eg, credit card and password capture, and installing spam senders.) Groklaw is divided on the issue, but it is far from clear that this is an attack by the Linux community. The more paranoid suspect SCO of creating it. It really is not going to do them much harm, and the PR is probably a bonus. This will probably give them ample excuse to default in the 6th February hearing, and they have been consistently stalling for time; Groklaw is unanimous that they are facing a defeat real soon now. The informed Linux community would agree that giving SCO any excuse just helps them. My take is that some spammer wanted to hide the real payload, and decided the SCO battle was the ideal camouflage. -- Richard Urwin Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Virus Warning was Re: [ jEdit-users ] Status
On Tuesday 27 January 2004 01:03, Richard Urwin wrote: The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment. A new virus, as of today. Rated High-Outbreak by Mcafee: http://us.mcafee.com/virusInfo/default.asp?id=descriptionvirus_k=100 983 (Only affects Windows, of course.) I noticed this: quote Denial of Service Payload On the first system startup on February 1st or later, the worm changes its behavior from mass mailing to initiating a denial of service attack against the sco.com domain. This denial of service attack will stop on the first system startup of February 12th or later, and thereafter the worm's only behavior is to continue listening on TCP port 3127. /quote That's _not_ the right way to fight SCO IMHO. Have fun, -Frans Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Virus Warning was Re: [ jEdit-users ] Status
On Tue, 27 Jan 2004 10:37:57 +0100 Frans Ketelaars disseminated the following: A new virus, as of today. Rated High-Outbreak by Mcafee: http://us.mcafee.com/virusInfo/default.asp?id=descriptionvirus_k=100 983 (Only affects Windows, of course.) Already picked up by everybody's fav Procmail recipe: http://agriroot.aua.gr/~nikant/nkvir/ See changelog. I noticed this: quote Denial of Service Payload On the first system startup on February 1st or later, the worm changes its behavior from mass mailing to initiating a denial of service attack against the sco.com domain. This denial of service attack will stop on the first system startup of February 12th or later, and thereafter the worm's only behavior is to continue listening on TCP port 3127. /quote That's _not_ the right way to fight SCO IMHO. Agreed. It just contributes to the image which SCO is trying to paint of the Linux community, a bunch of 'hackers' (which of course, many are, but they don't get the diff between 'hacker' and 'cracker', CNN be praised). Fighting SCO, and MS for that matter, is done most effectively by getting the truth out there. -- JoeHill ++ ICQ # 280779813 Registered Linux user #282046 Homepage: www.orderinchaos.org +++ The free communication of ideas and opinions is one of the most precious of the rights of man.-- Declaration of the Rights of Man Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[newbie] Virus Warning was Re: [ jEdit-users ] Status
The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment. A new virus, as of today. Rated High-Outbreak by Mcafee: http://us.mcafee.com/virusInfo/default.asp?id=descriptionvirus_k=100983 (Only affects Windows, of course.) -- Richard Urwin Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com