BBC Links Linux To MyDoom 1194
minus_273 writes "It seems the BBC has a story on their front page titled 'Linux cyber-battle turns nasty', very specifically linking Linux users to the MyDoom virus. Some lines to note: 'If anyone's anger has no measure, it is the wrath of internet zealots who believe that code should be free to all (open source). So, it seems likely that the perpetrators of the MyDoom virus and its variants are internet vandals with a specific grudge.'"
Why I'm not surprised... (Score:5, Insightful)
Re:Why I'm not surprised... (Score:5, Insightful)
If you don't want viruses to spread, don't have users running as adminstrators as default. Don't write worthless code.
Microsoft is just asking for it, as is SCO.
Re:Why I'm not surprised... (Score:5, Funny)
Well, if MyDoom is indeed "la creme de la creme" in terms of Windows programing, then it is obvious its author is an expert Windows developer, isn't it ?
So, it is quite flattering for the Linux community to associate any of its member to a multiplatform coding genius.
USE THE FEEDBACK FORM, LUKE!! (Score:5, Insightful)
http://news.bbc.co.uk/2/hi/help/3281777.st
"Linux cyber-battle turns nasty"
Is your reporter Stephen Evans aware that MyDoom is a virus that is perpetrated by MS Windows machines? Meaning the virus was written to run ON windows BY a windows programmer...
Could Mr. Evans please next time indicate where on earth he finds the factual evidence to support his amazing theory that mydoom is the "wrath of internet zealots who believe that code should be free to all", or are we now to believe the BBC supports baseless ranting against a group as diverse as those who support open source software? Couldn't it easily have been caused by disgruntled shareholders, maglignant ex employees or al quaeda for that matter?
Thank god you didn't have a luminary such as Mr. Evans sexing up Iraqi WMD stories.
Re:USE THE FEEDBACK FORM, LUKE!! (Score:5, Interesting)
Thanks for providing a link to the form. Here is what I just sent:
Re:USE THE FEEDBACK FORM, LUKE!! (Score:5, Insightful)
Re:USE THE FEEDBACK FORM, LUKE!! (Score:5, Interesting)
Re:USE THE FEEDBACK FORM, LUKE!! (Score:4, Insightful)
And mine:
Re:USE THE FEEDBACK FORM, LUKE!! (Score:5, Insightful)
After reading the story "Linux cyber-battle turns nasty" by Stephen Evans today, I was shocked to see yet another respected media outlet so easily duped by reading the headlines, instead of investigating the facts of the story.
As you know the story regards the fastest spreading Internet worm in history, myDoom.a and its variants. A common misconception is that this virus's purpose is to create a distributed denial of service attack (DDoS)against SCO's web servers. While this is partially true, anyone who takes as much as 5 minutes to research the virus, will find that it is a mean, nasty wolf in less mean, less nasty wolf's clothing.
Let's do that little 5 minutes of research for you here Mr. Evans, since you couldn't be bothered to do so. First off, let's visit http://symantec.com. Symantec is the maker of Norton Anti-virus software, and my personal choice in anti-virus protection. I'll save you the clicking on the links and provide you with a direct link to my source here:
http://securityresponse.symantec.com/avcenter/venc
Now, let's see exactly what the myDoom virus does. This will take the vast amount of research time and effort of reading three paragraphs and one short sentence before jumping to conclusions.
QUOTE FROM SYMANTEC:
W32.Mydoom.A@mm (also known as W32.Novarg.A) is a mass-mailing worm that arrives as an attachment with the file extension
When a computer is infected, the worm sets up a backdoor into the system by opening TCP ports 3127 through 3198, which can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources.
In addition, the backdoor can download and execute arbitrary files.
There is a 25% chance that a computer infected by the worm will perform a Denial of Service (DoS) on February 1, 2004 starting at 16:09:18 UTC, which is also the same as 08:09:18 PST, based on the machine's local system date/time. If the worm does start the DoS attack, it will not mass mail itself. It also has a trigger date to stop spreading/DoS-attacking on February 12, 2004. While the worm will stop on February 12, 2004, the backdoor component will continue to function after this date. - END QUOTE
Ok, first off, let's see what the real purpose is here, since you seem convinced that the purpose is to attack SCO. One in four infected machines will participate in a DDoS attack on SCO, and those that are infected and set to participate, will in fact cease spreading the virus to other computers (probably in an attempt to appear uninfected as anti-virus programs are updated.) But, that means that 75% of the infected machines will have a whole different purpose to their infection. One, to spread as far and as fast as possible, and Two, to make the machine what is commonly called a "zombie box" for the worm writers true intentions down the road. Both the 75% that do not participate in the DDoS and the 25% that do will be in the same boat after February 12, 2004. They will cease spreading, and attacking, yet will remain active "zombie boxes" for other uses.
Ok, let's give you some background, since obviously you don't, like me, deal with computer security and worms/viruses on a daily basis. The vast majority of computer worms in the past year or so have had the primary purpose not of destroying data, not of being destructive, but in spreading and creating a vast network of "zombie boxes" for the purpose of launching more and more unsolicited commercial e-mail, commonly known as SPAM. For an example, look at the rapidly spreading sobig and its variants.
Ref: http://zdnet.com.com/2100-1105-1020963.html?tag=nl
Something these worms/viruses have had in common is the fact that they
Re:USE THE FEEDBACK FORM, LUKE!! (Score:5, Insightful)
All you needed to do is point them to the securityfocus information and the kasperski press releases that clearly state that
1. The virus was posted via well known SPAM network used in counterfeight software peddling. This is also the reason why the infection went through the roof so fast (it got to too many people in too short time).
2. The virus has generally been traced to russian SPAM gangs.
It is nothing to do with linux, sco, msft. It is just business as usual.
This is the feedback I sent. (Score:5, Informative)
This article is presented as a factual piece, not an opinion column, and draws patently incorrect conclusions. Whilst the MyDoom virus does indeed target SCO and (in it's -B varient) Microsoft, the main payload of this virus is a spam gateway.
As someone whos main source of income deeply involves computer security, I find it insulting that Mr. Evans has apparantly made no attempt to research the history of these forms of virii, nor has he apparantly contacted any reputable anti-virus company regarding it. Meanwhile he postulates claims such as "it [revenge] must be one of the theories at the top of any investigator's list", and "in the case of the MyDoom computer worm, the motivation seems clearer". I find it very bad reporting that these claims are made WITHOUT actually asking any of the investigators opinion of the virus. It is a widely expressed opinion (see 'references' at the end of this message) by these security professionals that the Denial of Service attack is the SECONDARY function of the virus, and not at all related to it's true purpose. A simple search on Google, let alone contacting even local London-based security firms such as mi2g, would easily prove how factually incorrect this article is. In fact, to be harsh, it is a downright lie against common knowledge and opinion.
It is current common understanding in the anti-virus community that this virus is indeed designed specifically to facilitate commercial spammers, and that the inbuilt Denial of Service attack against SCO and Microsoft are a secondary effect and not intended as part of the original design.
Current monitoring of activity through infected machines indicate that the spamming functionality appears to be used by a very organised group of individuals, indicating the virus was possibly contract-coded. Current belief holds that the Denial of Service payload was added by said contracted coder.
As such, I do not belief it fair, nor good reporting, to use a proproted factual article to attribute the secondary (and in my opinion far easily avoidable!) of the virus as it's "purpose". The secondary effects may indeed by the result of a Linux user seeking revenge, but is currently understood to be more of a diversion from the viruses demonstratable true intent. There is a long tradition of this type of 'smoke screen' in many viruses intended for commercial benefit, as Mr. Evans would no doubt have discovered if he had researched the article more instead of using it as a pure propeganda platform and drawing unconfirmed conclusions.
I request that the article either be re-labeled as an OPINION piece, removed, or an more factually correct article be posted.
References:
These other news sites, containing articles by researchers willing to do actual research, contain quotes from reputable security and virus research firms confirming the opinion above:
http://thewhir.com/marketwatch/myd012704.cfm
- Contains opinion by London-based firm mi2g
http://www.msnbc.msn.com/id/4113278/
- Contains quotes from researchers at well-known antivirus developer F-Secure and Symantec
http://www.ajc.com/business/content/business/0104
- Contains quotes from various other computer security researchers
Feedback onThis is the feedback I sent. (Score:5, Insightful)
Re:This is the feedback I sent. (Score:4, Insightful)
Re:USE THE FEEDBACK FORM, LUKE!! (Score:4, Interesting)
To whom it may concern,
In the article "Linux cyber-battle turns nasty" Stephen Evans seems to suggest that the MyDoom worm was perpetrated by users of the GNU/Linux operating system, commonly called "Linux."
In fact one of the article's section headings is "Wrath of the geeks." It might be more accurate for it to say "Wrath of the geek." As in the case of suicide bombers, a single person can cause a lot of damage, but that single person should not serve as an indication of the temperment of an entire group of people. The writer of the MyDoom worm might not be a Linux user at all. He or she might have used the DDOS (distributed denial-of-service) attack to cover other, real motives. Or the writer might be exactly what Mr. Evans suggests, and in that case would be disowned and condemned by other Linux users such as myself.
In either case the sentiments of one person should never be used to draw conclusions about a group. This attack on SCO is counter-productive, not to mention morally wrong. Bruce Perens, a leader in the open source community, condemns the attacks and urges others to do the same. In his press release to this effect he also explains some of the reasons this virus may exist:
http://perens.com/Articles/SCO/DOS/
And these following articles indicate that the worm probably has ties to spammers:
http://www.ajc.com/business/content/business/010 4/28worm.html/ 2376200
http://www.chron.com/cs/CDA/ssistory.mpl/business
Finally, this LinuxWorld article explains an investigation into the origins of the virus, which seem to be from an IP address in Russia, according to the Moscow Times:
http://www.linuxworld.com/story/42125.htm
The SCO suit against IBM, if successful for SCO, will not be enforceable in Russia, so why would a Linux user there care?
Before suggesting that an entire community is made up of law-ignoring zealots it might be good to remember that one rogue can cause a lot of headaches, and also that it's important to do a little research before casting stones. I hope that the BBC will follow up this story with the counterpoints I have raised above.
Regards,
Ed Holden
Medford, Massachusetts
Re:mod parent up (informative) (Score:4, Insightful)
Some of the WMD inspectors even quit over this stuff. Perhaps your media neglected to mention these facts, ours did (Belgium).
No one with an ounce of sense actually believed at the time that this information was true. I didn't, no one I spoke to at the time thought there was any merit here.
Re:Why I'm not surprised... (Score:5, Funny)
CmdrTaco! Check your logs for the parent poster's IP address, turn itover to Microsoft, and use the proceeds to hire a coder to incorporate a mandatory spell checker in the Slashdot posting process!
You can use the left-over reward money to buy yourself a T1 line to your house, or get rid of Microsoft ads on Slashdot for a month.
Re:Why I'm not surprised... (Score:5, Insightful)
That's why you hear about Linux communists, Linux hackers (crackers) and Linux virus writers. If they use Microsoft, then it's something else that made them do it. If they use Linux -- why, of course, Linux made them do it.
Condoning Criminals Risks Killing Linux (Score:5, Insightful)
If you don't want viruses to spread, don't...
Viruses don't appear spontaneously. They are spread, not created, by bad security. Someone has to write them and release them That's where to aim your wrath. Otherwise, you're blaming a shooting victim for not wearing a protective vest.
All the BBC commentary (it isn't a news report) did was to make the rather obvious connection between a DoS attack on SCO and the more rabid zealots in the Linux community. This possibility occurred to everyone about 5 minutes after the story broke. Certainly, threats to DoS SCO are not uncommon here on
Association of Linux and viruses in the public eye will spell its end.
Re:Why I'm not surprised... (Score:4, Insightful)
The MyDoom virus represents a new level of sophistication in attacks on company websites.
How is it anymore sophisticated than the last 20 viruses down the pipe that DoS sites?
Methinks SCO has a journo at the BBC bought and paid for...
The page has changed. (Score:5, Interesting)
I had the page loaded in the browser and blindly reloaded the page (not sure why), something changed!
I'm not sure how much changed but the line you quoted is now
The MyDoom virus has triggered a new wave of attacks on company websites.
Apparently, it was last updated 10 hours ago, which is wrong by about 9 hours.
The attack also raises the possibility of internet blackmail, with companies threatened by individuals or even an individual who might be anywhere.
Say what now?
BB
Re:The page has changed. (Score:5, Insightful)
Re:The page has changed. (Score:4, Insightful)
Because then they don't have to take responsibility for poor reporting. The correct way to handle this is to 1) post a retraction, 2) correct the article, and 3) indicate, at the end of the article, a list of changes/corrections made since it's initial publication. Without these things in place, it's all too easy for a news organization to simply hide things when they screw up, which, I think we can agree, is a very bad thing (especially in a publically owned organization).
Re:Why I'm not surprised... (Score:5, Funny)
Re:Why I'm not surprised... (Score:5, Funny)
Re:Why I'm not surprised... (Score:5, Interesting)
Fact of the matter is, where is the proof? The correspondent himself says "There's no proof, of course, but it must be one of the theories at the top of any investigator's list.", referring to the thesis of his article, that "The MyDoom virus represents a new level of sophistication in attacks on company websites. It is also a new front in a war waged by those who want to preserve the open-source Linux operating system."
On one hand, he says there's no proof. On the other hand, the tagline accuses open source as the origination of the MyDoom worm, and slyly insinuates that the reason for this worm is revenge against SCO. This isn't investigative journalism. This isn't even biased reporting of somebody's opinion. This is rumor-mill gossip, and somebody ought to call the BBC on it.
Re:Why I'm not surprised... (Score:5, Interesting)
At present, the opening line of the article reads "... It also looks like a new front in a war..." Assuming you're quoting accurately, someone at the BBC must have decided to tone the statement down a bit. It's still irresponsible journalism, though.
TheFrood
Re:Why I'm not surprised... (Score:4, Interesting)
---
This particular story is factually incorrect, and details contained within could be used inappropriatly.
As it stands there is no evidence to prove that Linux users created this virus. Thats just consequential speculation.
FACT 1: In fact all the major developers of the Linux Kernal and the wider Opensource/Free Software movement have been very quick to condemn the actions of the Virus writer and have gone on record to disassociate themselves from the actions of the writer. This invalidates the implication in the report saying that Linux Developer
FACT 2: The major antivirus vendors and security have formed the conclusion the attack on SCO and Microsoft were most likely a "smokescreen". The main purpose of the virus is that of a Trojan for stealing credit card, and other security info.The attacks on SCO appears to be a topical divertion.
FACT 3: Open Source advocates to not believe all software should be "free" as in free in price. It advocates freedom in development, and access to code. It works on the belief that software will be of higher quality if the development is open allowing anyone access to the code in the help for fixing bugs and adding features. The software itself can be "charged for". It is the difference between free in price, and free in freedom.
FACT 4: Open source advocates are NOT activists on a par with terrorists, etc as your report suggests. Open source advocates act on their principles by creating software that follows their ideals, such as the Linux Kernel, the GNU system, the Apache webserver (used by the BBC), Mozilla Web Browser (used by AOL and Netscape), Sendmail (used to deliver the majority of internet email), the BIND server (used to resolve DNS names, vital for operation of the Internet).
FACT 5: the implication that Linux developers are teenage geeks working in garages is also incorrect. Sure it started as a enthusiasts Operating System, however currently developers and contributers to Linux now include major firms such as, IBM, HP, Silicon Graphics, NASA, Oracle, Samsung, and even SCO.
Please read the GrokLaw website at http://www.groklaw.net/ which assists in making clear the legal and historical contexts of Linux, as well as the hidden danger of publishing misguided articles like this.
Best Regards,
Re:Why I'm not surprised... (Score:5, Informative)
newsonline.complaints@bbc.co.uk [mailto]
Re:Why I'm not surprised... (Score:5, Interesting)
Here is a piece that comes from Lessig and was found in Free Sklyarov mailing list [xenoclast.org].
Re:Pretty hilarious... (Score:5, Insightful)
slashdot is not a news organization, despite its byline. There are no crack investigative journalists working for slashdot and no one pretends that there are. The BBC is a widely respected news source accorded respect by its viewers/listeners, who will tend to accept its pronouncements based on its reputation (recently tarnished anyway) for journalistic integrity. They have a responsibility to check their facts and not spin conspiracy theories for the heck of it.
Reality of course is different.
Re:Pretty hilarious... (Score:5, Interesting)
Re:Pretty hilarious... (Score:4, Funny)
There are, however, "investigative" journalists on crack working for slashdot.
MYDOOM found on MOON!!!!!!!!! (Score:5, Funny)
MYDOOM found on MOON
A group of internet "Hackers" have discovered that the MyDoom Virus was, conceived, compiled and unleashed from a small crater, just five minutes walk from the Tyco Monolith!
Well, it's just as believable...
Re:Pretty hilarious... (Score:5, Insightful)
Re:Pretty hilarious... (Score:4, Informative)
Re:Pretty hilarious... (Score:5, Insightful)
This is NOT just a biased story. This is actually equating a community with criminals without any proof or fact to back up. Its far more serious than just being biased in one's opinion. I dont think many slashdotter would applaud when somebody is unjustifiably treated as criminals.
Re:Pretty hilarious... (Score:4, Insightful)
Re:Pretty hilarious... (Score:5, Funny)
I can't count the number of times I've wished for a "(-1, Martyr)" moderation option.
TheFrood
Re:Pretty hilarious... (Score:4, Insightful)
I have never seen claims like "Windows is a cancer" or "Windows is illegal" or "Windows threatens our way of life" here.
Re:Pretty hilarious... (Score:5, Funny)
Re:Pretty hilarious... (Score:5, Insightful)
Re:Why I'm not surprised... (Score:4, Insightful)
+4 Funny, okay the joke started to get old then. So Slashdot breaks the story, and people get modded up for joking about wanting the virus on their machine. Now, I know what you're thinking "Oh they just meant that like as irony cos nobody'd really do that." Valid argument, except that's not the case I'm making. Folks, the case I'm making is about impressions. Frankly, the impression from that whole thread is "Yay, SCO will be attacked." Unfounded claim my ass. The active Slashdot Community did all but beg for SCO to point the finger at them.
And that's only half of it. The other half of the comments all said something to the effect of "Whoever wrote that, quit it!" or in some other way pointed the finger right back at open source programmers. Fact is, any real open source programmer would have released the source code as GPL (or some other open license) and provided the source code to users. :) Jokes aside, the thing that irritates me the most whenever something like this happens (check out other attacks on SCOs website, for example) is all the guilt-ridden freaks here on slashdot that come up and say "We shouldn't have done that!". Well, now the BBC is saying the same thing. What makes them any different than the whole lot of you that say it?
I mean, really. Sure, the BBC is supposed to be this big trusted media giant and all, but when you can read the article on the BBC and then go to slashdot's coverage of the same virus and see the BBCs "wild accusations" firmly confirmed by the community itself, what conclusion are you going to reach?
I got modded as troll for attacking Bruce Perens in that same thread for reaching the conclusion that the media would make this conclusion, and he was right. But judging from the look of the posts in that specific article and many other posts in many other articles, I can't say the BBC made an "unfounded" accusation. Quite the contrary, the community took responsibility for it, and whether or not the MyDoom virus came from open source programmers, the community should not have taken responsibility for it. We should be out trying to hang the fucker that did it along with SCO. Because now SCO and we have a common enemy, whoever that person really is.
Re:Why I'm not surprised... (Score:5, Insightful)
A little bit of reality check here: you are comparing
Next, maybe BBC should check out *.advocacy.* newsgroups - it could have a lot of guns to turn in a lot of different directions. The BBC article in question qualifies for one of those groups anyway - I just didn't know BBC lowered its bar to the standard (or lack thereof) of online discussion boards.
They got it wrong (Score:5, Insightful)
We just believe that GPL code should STAY free for all like it was when it was published under the GPL. I know such an idea could come only from a zealot... but hey....
Re:They got it wrong (Score:5, Insightful)
That's not what they tuned in to. It's the comments like "I might just let this virus do its work..." that led to that conclusion. If you 'non-zealots' don't want to have the finger pointed in your direction , then I would strongly recommend treating this case with more objectivity instead of cracking anti-SCO comments.
Re:They got it wrong (Score:4, Interesting)
No, you obviously don't, because if that's all you believed you'd release your code under the BSD licence, or simply into the public domain - both of which would do just as good a job at it.
The point of releasing under the GPL is to require other people using GPLed code as a base to develop and distribute their own work to also GPL *their* code. It has nothing whatsoever to do with "preserving the freedom" of *your* code.
Re:They got it wrong (Score:4, Insightful)
The point of releasing under the GPL is to require other people using GPLed code as a base to develop and distribute their own work to also GPL *their* code. It has nothing whatsoever to do with "preserving the freedom" of *your* code.
Both of you are correct imho. The GPL is not there to make code free, it's there to protect the intellectual property of the author. It prevents code from being stolen from the author and used commercially without compensating its author.
The original poster was correct in that GPL advocates don't want to make software free, ie force everyone to relinquish their code to the GPL, they use the GPL to make sure their code will always be free to all to use under the condition they are happy with (take it but in return I want you to share your modifications so we all benefit).
drsmithy has a point that the original poster fell into the trap that the dubious BBC article laid in suggesting the GPL is simply only about code being free, which it's not.
Phillip.
Complain (Score:5, Insightful)
Click 'feedback' at the bottom of the page, fill in the article URL, and explain why this really isn't on.
Keep it civil, folks, and with any luck we can get an apology or at least a retraction.
Re:Complain (Score:5, Funny)
Screw that! Someone write a mydoom variant which targets the BBC. That'll teach them to bad mouth linux zealots.
Re:Complain (Score:5, Insightful)
I'm not a Linux zealot, I don't even use Linux, but I have been following the SCO vs. Linux story for a while now. The article "Linux cyber-battle turns nasty" is far below the high journalistic standards the BBC have set in the past. It contains nothing but bad conclusions without any basis in fact. The fact of the matter is that most computer security experts think exactly the opposite of what is stated in the article: That the MyDoom virus was written by email spammers testing out virus technology to use in future spamming. It is very convenient for the virus writer that the Linux community is blamed for the virus. Simple research on the internet reveals many sources backing this (http://www.ajc.com/business/content/business/010
Please don't let the high quality of factual reporting by the BBC revert to tabloid sensationalism.
Re:Complain (Score:4, Insightful)
"Hutton's assault upon the whole culture of the BBC and journalism is out of all proportion to their offences," former Daily Telegraph editor Max Hastings said in a commentary. "It ignores the huge, ugly reality, that Tony Blair took Britain to war in Iraq on a fraudulent basis."
The BBC as a whole has very high journalistic standards (in my opinion at least).
Re:Complain (Score:5, Interesting)
>>>>>>>>>>
There are several points completele missed in this article. Evidence for my claims is given by the links mentioned below.
1) The main function of the worm is not to attack SCO Servers but to turn the infected desctop into a remote controlled robot with a keylogger.
2) The worm is _very_ likely not written by a private person in his freetime but by the russian Spam mafia wich needs those remotely controlled desktops as mail-relays to send spam.
3) The big majority of the Linux-Community does not think at all that all Software (or even all Operating Systems) have to remain free. They just expect that a license applied to a software is to be honored. This claim should be valid for any license, even the GPL.
http://www.ajc.com/business/content/business/01
http://www.messagelabs.com/news/viru
For more evidence about the complete voidness of SCOs IP-Claims information is gahtered at
http://www.groklaw.net
All information there is elaborated and with information where the source of the information is.
regards
PS: I'm a progammer earning my money with closed source. That does not hinder me to be a fan of Open Source products and to publish something once in a while.
Hope, it was politely enough and the spelling ok. I'm a native German, was never very well in foreign languages.
Re:Complain (Score:5, Interesting)
------
Dear BBC,
Your story "Linux cyber-battle turns nasty" by Stephen Evans has caused me to write in to point out a number of issues with both the tone of the story and the "facts" portrayed by it.
Firstly, Mr Evans has stated that the virus was unleashed by Linux advocates to damage SCO. He has stated this as a fact, not an allegation. The MyDoom virus has, in fact, been traced back to Russia and is believed to be the work of organised crime. Most reputable news sources have reported this and it saddens me that the BBC, which I have always believed to be one of the best news sources, has fallen down badly in this respect, reporting an unsubstantiated allegation (which was easily checked) as fact.
He also states the virus is written specifically to take down SCO's servers. It is not. It appears designed to turn desktops into remote controlled robots that log keystrokes (such as credit card details) and act as spam relays. Thus it would be of great use to organised crime.
He further states that "internet zealots
Overall, the story appears to be slanted unquestioningly against the Open Source community, accepting allegations as facts and ignoring available contradictory evidence. Could you explain why this line has been taken?
It does seem to me to fall well short of the BBC's standards of reporting. It also fails to highlight the largest concern that may affect your readers - the fact that the virus turns their machines into remote controlled traitors, logging their keystrokes (and jeopardising their privacy and any banking details) and relaying illegal spam. A reference to the story of the Dorset father who lost custody of his daughter after a similar trojan deposited child pornography on his computer, acting as a safe remote storage site from a technologically skilled pervert, would not have gone amiss here , to highlight the severity of the case and remind your readers to take care online.
For information on SCO's IP claims against Linux, please see www.groklaw.net.
Re:Complain (Score:5, Insightful)
Hi
This is in relation to the story "Linux cyber-battle turns nasty."
The is telling people who read the Business section that:
"run-of-the-mill geeks" are "wreak[ing] damage on the unsuspecting computer user."
There is no evidence that this has been coded by 'geeks', Linux or otherwise. Most reputable IT news sources are agreed that the main aim of the virus is to install a 'backdoor' to allow spam to be sent through the PC. This means the virus is *much* more likely to have been written by (or partly sponsered by) organized crime.
It's not mentioned once in the article that the virus opens a back door to allow the PC to be remotely controlled. Is this perhaps because it doesn't fit in with the way the article was crafted..?
"in the case of the MyDoom computer worm, the motivation seems clearer. It has attacked a company based in Utah called SCO, bringing down its website with a barrage of emails sent from countless computers" Good lord - if you're going to do a tech story, get a techie to read over the damn thing before you hit 'send'. The attack was *not* carried out using emails. How would you address an email to a website? It was a DDOS attack. Two words - Goo gle. Is is a silly point? Perhaps but when the BBC is writing about computer viruses I tend to expect them to do the tiniest bit of research.
I use Linux, and I think it's aims are noble. I am insulted that this lazy article tars Linux users with these baseless insinuations I ask that you withdraw the article and/or print a retraction.
Re:Complain (Score:5, Insightful)
I'm disappointed by the errors included in the article by Stephen Evans on the MyDoom virus. His statements regarding the intents of the virus creators are treated through most of the article, except in a minor comment near the end, as statements of fact. This is improper, as Stephen could not possibly know the intent.
There are also some blatant factual errors. For example, Stephen writes "[i]t has attacked a company based in Utah called SCO, bringing down its website with a barrage of emails...." This statement is false. The virus attacks the SCO webserver, as is noted later in the article (self consistency was not even maintained).
Finally, the article closes with the statement "[i]t is about malice not money." This is also widely regarded, among the computer security community, to be untrue. The article failed to mention that the virus creates a backdoor on infected machines that can be used to relay spam. The virus appears to have been written by for the purpose of helping spammers. The DoS (denial of service) attack on SCO appears to have been added later, almost as an afterthought, as a way of distracting the news media from the more insidious threat. It is unfortunate that it seems to have succeeded in that goal.
Please feel free to contact me if you have any questions about my statements. I have not included references since this is fairly easy to confirm by visiting any reputable security site. I especially recommend reading the comments of the "incidents" list at www.securityfocus.com to see what experts are saying about the relative importance of the "spam relay" part of the worm to the "attack SCO" part.
It concerns me, when I recognize such blatant reporting errors, that I cannot trust the other articles originating from your site. I hope that this will be an isolated incident.
Re:Complain (Score:5, Informative)
I used yours as a model and wrote my own additions, corrections, and so forth around yours because I liked yours very much. :)
Here's mine:
Thanks!
Can't even get the details right (Score:5, Informative)
It has attacked a company based in Utah called SCO, bringing down its website with a barrage of emails sent from countless computers into which the worm had been insinuated, unbeknownst to the users.
It was HTTP GET requests. Problem is most PHB listen to people like him but they can't even get the freaking details right on small shit like that. Yes they were probably hit bad with MyDoom email viruses but so my 6 user server. HTTP GET DDOS was targeted at them but that has been zero proof of a Linux Zealot targeting them. Let me know when you get evidence not just some speculation.
Re:Can't even get the details right (Score:3, Funny)
There are numerous errors (Score:5, Interesting)
Factual Errors:-
1. "bringing down its website with a barrage of emails"
The MyDoom virus used a barrage of HTTP requests to bring the www.sco.com website down. Websites and mail systems are different, they use different protocols, ports and servers. The virus spread by email, it *did not* use email to perform a DDOS on www.sco.com.
2. "Two years ago, SCO claimed that it owned more than 800,000 lines of the system which had always been available for free and to anyone since its invention in 1991."
This is actually a few errors in one, bravo!
"Two years ago" - This is incorrect, SCO first claimed that Linux contained improperly contributed Unix code in early 2003, this is not two years ago! At that time it did not claim "more than 800,000 lines" that came later.
"...claimed 800,000" - SCO expanded its PR claims in mid 2003 to include the "more than 800,000 lines" quote. This is only 6-7 months ago, not two years ago.
"since 1991" - SCO has claimed that contributions to the Linux kernel post v2.4 impinge on its rights - this is not the code from 1991. It has not yet claimed rights to any of the 1991 code!
3. "On top of that, SCO has sued IBM, accusing it of using SCO property because it too uses Linux."
SCO has sued IBM over a contract dispute, it has not sued IBM because it uses Linux! SCO has claimed that IBM has used Unix methods and trade secrets improperly in its contributions to Linux (SCO claims it is a succesor in interest to Unix copyrights, methods and trade secrets which Novell sold to Tarantella - this is also in dispute).
4. "Despite the law-suits against users by SCO,"
SCO has not sued any Linux users. It has sued IBM, it has been counter sued by IBM, Red Hat has sued SCO, SCO has sued Novell. At no time has SCO sued a Linux user.
5. "Meanwhile the court dispute between SCO and Linux users (rather than the cyberspace war between SCO and the hackers) is scheduled for next year in a court in Utah."
There is no court dispute between SCO and Linux users (see above).
So most of the article is factually incorrect, and then he casts baseless assertions with a follow up disclaimer.
"There seems little doubt that SCO was targeted - illegally and unacceptably, lest anyone be in any doubt - because it has enraged many people devoted to the Linux operating system"
"There's no proof, of course, but it must be one of the theories at the top of any investigator's list."
What sort of journalism is this? This should be in a crappy tabloid not a government owned and respected news service.
Re:Can't even get the details right (Score:5, Informative)
Additionally, it goes on further to say how well Linux has been doing recently in the server market.
Anyone who thinks that there is *no* possibility of *any* link between some Linux zealot with a screw loose and a grudge against SCO and MyDoom is in denial. It's one of many theories, but it's certainly a plausible theory.
I e-mailed (Score:4, Insightful)
Mainstream media... (Score:5, Insightful)
The most important thing is to let people know we don't approve of the actions taken by creators of these viree. Not by shouting about it, but telling people, calmly, whenever given the chance. Tell your neighbour's dog walker if he/she will listen.
Fortunately popular belief does not rule (most) legal systems.
Re:Mainstream media... (Score:5, Insightful)
Silly BBC... (Score:4, Funny)
Silly BBC, your smoking crack again... (Score:5, Funny)
Logic, but not of a good quality. (Score:5, Insightful)
However, there's also the matter of a modus operandi. While the Linux community certainly doesn't like SCO or Microsoft, its members aren't particularly known for writing virus code. In fact, writing Windows virus code would probably require greater... intimacy with Windows than most users of other operating systems would ever want to have.
My guess is that it's either a rogue coder or a coder in the employ of somebody (spammers are "the usual suspects" for employing virus writers lately, but why attack Microsoft and SCO, then?) who's probably using, and used to coding for, Windows. That's far more logical.
New to you (Score:5, Funny)
this is not surprising (Score:5, Insightful)
there is an informed, fair and balanced view
then there is the 15 second layman appraisal from viewing bits of media coverage
clearly, mydoom is an attack by linux zealots in the mind of the average layman
clearly, the truth is linux advocates are horrified at what this script kiddie has done
however, the court of public opinion is 99% of the population and the court of computer scientists is 1% of the population
if we have learned anything about wmd and iraq, the court of public opion matters alot, while the microscopic court of the informed matters very little
so what is mydoom all about? angry linux zealots
scream about how it is not so on slashdot, the turth is mydoom is the work of script kiddies, we all know that, but you are preaching to the choir
in the court of public opinion what mydoom is is very clear, and the informed on the issue can do very little about it
Re:this is not surprising (Score:5, Insightful)
They're hiding it well...
Re:this is not surprising (Score:4, Insightful)
If you were a russian spam 'family,' wouldn't you want your worm-infested zombies to stay uncontrolled for longer due to people not focussing on the real intent of their worm?
Biggest problem with the net... (Score:5, Insightful)
Fact-gathering is passe (Score:5, Funny)
So, it seems likely that the perpetrators of the MyDoom virus and its variants are internet vandals with a specific grudge. SCO is the big, bad company that violates one of their sacred principles, as they would see it.
There's no proof, of course, but it must be one of the theories at the top of any investigator's list.
And this is from a organization which allegedly deals in "news" ?
<grrr>
Just in... (Score:5, Funny)
A Good Sign? (Score:5, Interesting)
Also, I, being a 'run-of-the-mill geek', am quite flattered that I now have the ability to gleefully (and apparently psychotically) 'wreak damage' on people's computers. Guess I picked that up and didn't even realize...
[BBC: "Deep in the darkness of the psyche, vandals and arsonists no doubt have their reasons - and so, presumably, do the run-of-the-mill geeks who wreak damage on the unsuspecting computer user."]
Read the article in full (Score:5, Informative)
So, the BBC aren't actually saying that Linux users are behind it. They're saying that it is a theory that many people give weight to!
Re:Read the article in full (Score:5, Interesting)
Although you're right, the journalist has buried the "no proof" statement deep in the article after making countless statements that do affirmatively link MyDoom to Linux (including the subtitle of the article).
I have a lot of respect for the BBC as a news source, but this is a fine example of poor, lazy journalism. Considering the fact that scores of readers don't make it past the first few paragraphs of any given article, it's also deceitful and misleading.
More and more stereotyping (Score:3, Insightful)
BBC Article is Uninformed (Score:3, Interesting)
SCO is the big, bad company that violates one of their sacred principles, as they would see it."
I don't think this article sees very much of the issue. Why didn't they do a more serious analysis of SCO and the fact that many top executives are dumping stock? Why didn't they look at it from a legal standpoint focusing on the etymology of the code supposedly in question? Why didn't they point out keenly that SCO has not produced any real evidence?
Regardless of what side you're on, you have to look at these things. These facts at least are concrete, vs. the complete lack of evidence specifically implicating a linux user as the author of MyDoom. For all we know, it could be SCO spreading FUD over linux and painting themselves as the victim when they in fact are responsible. We don't know now, do we?
Blackmail (Score:3, Interesting)
The attack also raises the possibility of internet blackmail, with companies threatened by individuals or even an individual who might be anywhere.This attack, though, is not blackmail. It is about malice not money.
Perhaps the MyDoom virus was written to blackmail the Linux community? Without knowing the author how could you establish if it is indeed malice by an over zealous Linux user?
This article wreaks of sensationalism from a writer who sounds like he's on SCO's payroll. Shame on the BBC.
BBC Story Feedback URL (Score:5, Informative)
The bbc accepts feedback on stories. It is worth letting them know that there is no evidence to suggest the involvement of members of the linux community, they may be involved or they may be a handy group to frame. If this wasn't 'scary computers viruses' the media would be be more sceptical of the obvious conclusion.
In an independent study (Score:5, Funny)
I have also linked Saddam Hussein to Iraq and the BBC to Great Britain.
I am very good at linking.
And where is the source? (Score:3, Funny)
Let us not forget our Truth Tables (Score:4, Insightful)
News Article? or Editorial? (Score:3, Interesting)
This sort of baseless conjecture should always be clearly marked as such. To pass this off as "news" smacks of the kind of wild sensationalism the BBC is world famous for.
Seems like Illiad has caught on to this as well... (Score:5, Funny)
http://ars.userfriendly.org/cartoons/?id=200402
BBC North America Business Correspondent (Score:4, Interesting)
Note the "Business" part. The guy has absolutley zero techno savvy and is just parroting the most juicy rumours.
Although, after the Hutton reporty, I am suprised that the BBC would let him get away with statements such as "There's no proof, of course". But I guess as Linux users aren't a particularly organised bunch the BBC feels it can get away with shoddy journalism and unsupported inuendo in this case.
Article text (Score:5, Funny)
By Stephen Evans
BBC North America Business Correspondent
The MyDoom virus has triggered a new wave of attacks from lazy business journalists. It is also looks like a new front [sic] in a war waged by those who want to argue from facts and those who just make up anything that comes into their heads.
It's usually no easier to fathom the motives of virus creators than it is of any other perpetrator of damage for damage's sake. But I'm going to be clever and subtly equate their motives with normal geeks in the first paragraph just to prepare the ground for you. There - done.
In the case of the MyDoom computer worm, the motivation seems clearer. This is a good point and I'll ignore the alarm bells it rings, since I've just said how most virus writers' work is baffling to explain. Then I'll introduce SCO as the victim and assert that the perpetrator was someone devoted to the Linux operating system.
The a quick paragraph on the history of the case which gets almost all major facts wrong followed by an entire section drawn on the very shaky premise that it must have been a geek Linux internet zealot who believes that code should be free to all. A few pointed jabs at Linux users later and I'll quickly admit that there is no proof of any of this, but that my (and of course your) conclusions should be clear.
My conclusion is just as lazy. A nice section of speculation and poor research to finish off - with all the usual trigger phrases like "experts are pondering", "possibility", "might", and "internet blackmail."
By now you can guess that I am an utter moron, with no more qualifications to be a business correspondent than a piece of cheese.
Comment removed (Score:5, Insightful)
The achieved results and possible causes (Score:4, Interesting)
- SCO website down - does it hurt their business? I guess not much, however, it does give them good publicity - that of a victim; Link #1 for Linux (Linuxoid SCO haters).
- Microsoft website targeted but not down -- good publicity for Microsoft; Link #2 for Linux (Linuxoid MS haters).
- Millions of losses and aggravated users - extremely bad publicity for the virus and people associated with it, of course;
So, the net effect of the virus has certainly hurt the reputation of Linux/OpSrc world, because its targets can try to link the virus to L/OS by its choice of targets.Based on the current knowledge of the virus and the above, I would say there are 3 basic motivations for the virus creator(s):
- Spammers testing their tools, as indicated in the above
/. comments. In that case SCO/MS attack would simply be a way to have publicity for checking to see how their virus is doing.
- A zealot trying to hurt SCO/MS. In that case he was very dumb -- of course it is not impossible though, so we can't rule this possibility out.
- It was a publicity stunt by Microsoft. Could be linked to first motivation too. Note that the net effect of the virus for Microsoft has been beneficial PR wise. After all, their systems withstood the attack -- never mind it was said that the attack on MS was much weaker.
Noting also that the virus creator has had considerable Windows programming skills (which is not the experience generally associated with OpenSource programmers), I believe that the 3d motivation is not entirely impossible either. Especially if it was linked with first.Spammers, Spammers, and oh yes, Spammers... (Score:4, Insightful)
While this is not a clear indication that the spammers sent Mydoom and other viri around the same time, it is mighty curious.
Editorial NOT news (Score:4, Informative)
That fact seems to have escaped a lot of the posters so far.
Sure, it was riddled with inconsistancies and I'm by no means excusing the author but don't criticise the beeb, criticise the author of this piece of editorial.
Evans is a shill (Score:5, Informative)
Take for example this piece [bbc.co.uk] where Mr Evans comments: "Many students seem to think, apparently, that the internet is a law free zone." Oh yeah?
You mean... (Score:4, Interesting)
The same BBC that has in recent years showed a steady decline of journalistic integrity?
The same BBC that has had a string of resignations at high levels because of the fallout for such things?
I never would have guessed....
Well We All Know (Score:4, Funny)
One bad turn deserves another.
-Peter
Reply from BBC Business News Editor (Score:4, Informative)
Thanks for your e-mail.
I have noted the points you made - as well as the vigorous debate on Slashdot.org about this article.
Well, Stephen Evan's weekly "stateside" column is not a news story, but an analytical look at major events and business trends in the United States.
It is, of course, debatable whether MyDoom/Novarg/Shimgapi was written just to bring down the SCO website, or whether the installation of spamming tools on numerous computers was an additional - or even the main - motive.
That was not the point of Stephen's article.
In his piece he wanted to draw the attention of BBC News Online's audience - many of whom are unlikely to know the ins and outs of the Open Source debate - to the rapid spread of Linux as a commercial application, SCO's attempts to cash in on this fact, and the deep anger that SCO has caused within the Linux community through its legal actions.
Stephen is not the first to draw the link between MyDoom and SCO's actions over Linux - plenty of others have done that before, including virus experts.
Regards,
Tim Weber
Business Editor
BBC News Interactive - www.bbc.co.uk/businessnews
Unpossible (Score:5, Funny)
If it really were a bunch of Linux/Open Source zealots, they'd have shared the MyDoom source code.
Spammers, Windows, Anti-Spammers, and Linux (Score:4, Interesting)
What's happening with the MyDoom trojan sounds like spammers are trying to use the attacks against SCO and Microsoft (and maybe more targets) as a diversion for what they really want to do: send spam and discredit the groups that seek to eliminate spam. In their perception, Linux and the anti-spam movement are closely related. Discrediting one side of the pairing will eventually weaken the other.
Ask yourself this: If SCO wins and starts charging $699.00 per copy for Linux, what's the average user of Linux going to do? Probably switch to a Microsoft product and give spammers another system to use for a DDOE (Distributed Denial of E-mail) zombie.
silly trick (Score:4, Insightful)
This writer is as stupid as that teacher was. Believing the obvious is easy. Thinking is the hard part.
My Feedback (Score:5, Insightful)
At a time when the is reeling from the aftermath of the Hutton report, and needs to demonstrate its journalistic and editorial integrity how does one of the most scurrilous and dishonest reports I have ever had the misfortune to read come to be published on the BBC's website. I refer to Stephen Evans's piece entitled "Linux cyber-battle turns nasty". This one sided and nasty piece of polemic is a far cry from the type of objective comment that should be expected from a BBC correspondent.
Firstly I would object to the way that Mr. Stephens denigrates and stereotypes computer programmers. In his third paragraph he states:
"Deep in the darkness of the psyche, vandals and arsonists no doubt have their reasons - and so, presumably, do the run-of-the-mill geeks who wreak damage on the unsuspecting computer user."
The run of the mill geek is the person who writes the software and maintains the systems upon which computer user depends. It is the run of the mill geek who has to clear up the mess created by the individuals who write and propagate trojans such as MyDoom. If Mr. Evans had the gumption to research his piece he would have known this, all he would have had to do is talk to a few of the technical support staff at the BBC. He would have found that the average geek detests such behaviour, and is heartily sick of dealing with the mess created by it.
While it is true that the creators of such malicious code are geeks is does not follow that the run of the mill geek creates such destruction. Vandals and arsonists are members of the public but they are hardly representative of the average member of the public. Mr. Evans is a journalist but I would hope and expect that the run of the mill journalist shows more integrity than Mr. Evans.
The article goes on to claim that the motive for 'seems clear', I wish that I had Mr. Evans powers of divination. It is certainly possible that MyDoom was created by a misguided proponent of the Free Software movement, but there are two other equally plausible theories. MyDoom also carries a payload that allows it to be used by spammers to use infected machines as gateways for unsolicited bulk email, and has been linked to Russian spammers. It also neatly coincides with SCO's Darl McBride's agenda of demonising the creators and advocates of fee software as a criminal and 'unamerican' threat to the right to profit. An agenda which lazy and biased reports like that Mr. Evans parrot.
Until those responsible for MyDoom are caught their motives can only remain a matter for speculation, and any objective reporter should not favour any one plausible theory over another.
The article goes on to portray open source advocates as zealots and extremists, Mr. Evans is entitled to this viewpoint, but he should not allow it to colour his reporting. Nor should he allow it to stand in the way of his reporting of facts the contempt for SCO is not because of it being a 'big bad company' it is because SCO has demanded money from other companies, and individuals, for property it claims without providing any evidence to back up these claims. It appears to many that SCO's actions amount to little more than an attempt at extortion. There is already a court order in Germany prohibiting SCO from making such demands until such time that they can prove ownership of the code in question.
Mr. Evans finishes his article by raising the specter of individuals blackmailing companies through denial of service attacks. Such blackmail is already part of the internet experience for millions of ordinary computer users. They are subjected to a barrage of pop-ad's for software to block these self same pop-ups (http://news.com.com/2100-1023-975298.html?tag=prn tfr). Unfortunately because these attacks are made by companies on individuals the legal authorities seem to be blind to the criminality of such behaviour. The problem of internet blackmail is a real one and it precede
Re:Well, duh (Score:3, Insightful)
Assume your implication is correct, and it is obvious that the virus writer must have been some Linux-warrior. Then it would make sense for anyone who wants to discredit Linux to write such a virus.
Thus, SCO, M$ or someone else who dislikes Linux could have written it.