# Software > Ασφάλεια >  Mydoom called the biggest virus ever

## wiresounds

Πηγή: iht

*Security experts believe firm that licenses Linux is ultimate target*

An antivirus company on Wednesday declared Mydoom, the latest global computer virus, as the biggest ever, spreading at a pace likely to make it larger than the Sobig virus of last year.

Mydoom clogged the Internet with *100 million infected e-mails in its first 36 hours* and is being investigated by U.S. law enforcement.

Mikko Hypponen, head of antivirus research at the Finnish company F-Secure, said the Sobig virus, which struck in August, had infected millions of computers and caused over 300 million infected e-mails to be sent during its first week. But normally computer virus outbreaks wane after 24 hours, when most computer users have had a chance to update their antivirus protection software, and Mydoom showed no signs of abating on Wednesday, two days after being first detected. It was continuing to spread rapidly throughout the world.

Mydoom, an example of the type of program called *a worm*, is also known as Norvag and by other names. It proliferates through e-mail attachments and file-sharing services. Several computer-security experts said there were no apparent clues in the worm's code to indicate its origins. While the replication of Mydoom had not slowed general Internet response time, several Internet security analysts said, some servers were collapsing under the deluge of mail or were being forced offline. Hypponen said he had received reports of overwhelmed servers from U.S. and European companies. *Mydoom is spread as an attachment* to seemingly harmless e-mail messages that may carry plausible subject lines like "hello" or "Mail Transaction Failed." Recipients who click on the attachment will release Mydoom into their computers, where it installs a so-called back door that allows hackers easy access to the hard drive. In addition, the worm trawls the infected computer's files searching for e-mail addresses to which it will, in turn, send itself as an attachment in new e-mail messages.

Security analysts say they believe the ultimate purpose of Mydoom, embodied in its instructions to infected computers, is to bombard the Web site of the SCO Group, which owns licensing rights to the Unix operating system, a competitor of Microsoft Windows.

Unless an infected computer is immediately cleaned of Mydoom, the worm will instruct the computer to connect to the SCO Group's Web site beginning Sunday. The cumulative effect of the worldwide barrage, which is intended to last until Feb. 12, could be to shut the site down.

SCO has run afoul of many computer users because it contends that the free, open-source Linux operating system, a variant of Unix, violates its license and copyright. Linux users and fans deny that and say the company's rights are nowhere near as broad as SCO says.

Last year, SCO began a campaign to collect fees from the companies that support and use Linux. SCO first sued IBM, the world's largest computer company and a leading corporate champion of Linux, accusing it of illegally contributing Unix code to Linux. IBM has denied the accusations.

*SCO offered a reward of $250,000* for information leading to the arrest and conviction of the individual or individuals responsible for creating Mydoom.

The company's president and chief executive, Darl McBride, said Mydoom was the fourth attempted denial-of-service attack against the company in the past 10 months, and that it provided a window into what he called "the darker side of the Linux community we've been fighting."

"This is obviously by far the largest-scale attack we've seen come against us," he said in a telephone interview. The attackers, he said, "are effectively engaging every computer user around the world as proxies to fight us."

Though McBride said the company had never identified a specific individual or group of individuals as responsible for the attacks, he said he suspected that they came from within the community of Linux users opposed to the company's legal claims. Vendors of antivirus programs, including Symantec and McAfee Security, have posted on their Web sites updated antivirus definitions and removal tools that can detect the worm and clean infected computers.(AFP, NYT)

----------


## shock

Κάποτε (97-9 ::  είχαν ρωτήσει τον CEO της Creative Labs πως και η εταιρεία του ασχολείται με το Linux και είχε πει:
"Δε θέλω να ξυπνήσω ένα πρωί και να βρεθώ χωρίς λεφτά στο λογαριασμό μου και καταχρεωμένη την πιστωτική μου κάρτα επειδή κάποιοι νευρίασαν με τη στάση της εταιρείας μου απέναντι στο αγαπημένο τους OS"

----------


## MerNion

Μιας και δημιουργήθηκε αυτό το thread ας δώσω ορισμένα links για να κατεβάσετε removal tools για αυτόν τον ιοSymantec Navarg (mydoom) Removal tool (οδηγίες)
Mcafee Stinger (odigies stinger)
Panda QuickRemove (θέλει username/password που το βρίσκετε με απλο register) (οδηγίες)
Sophos MYDOOGUI (οδηγίες)

Εγω εχω χρησιμοποιήσει επιτυχώς το πρώτο (symantec) και δουλεύει μια χαρα.. οποιο προτιμάει ας χρησιμοποιήσει ο καθένας

----------


## wiresounds

Πηγή: newsday
Πηγή: dailypress

*'Mydoom' Virus Will Spread Until Feb. 12*

HELSINKI, Finland -- The Internet computer virus known as "Mydoom" will continue to hit e-mails on computers worldwide until Feb. 12, when it is programmed to stop, a leading computer security company said Friday. 

"After that date it won't spread if the tainted computers are dated correctly," said Mikko Hypponen, director of antivirus research at F-Secure. "Of course, all computer clocks aren't always accurate, or dated correctly." 

F-Secure, a Helsinki-based computer security company, was one of the first to warn of the dangers of the e-mail worm, also known as "Novarg," earlier this week. 

The worm spreads in e-mail attachments on computers *using Microsoft Corp.'s Windows operating systems* and is activated when people read their mail. It is programmed to launch a worldwide attack on the Web site of SCO, one of the largest unix vendors in the world. Security experts described it as the biggest virus-like outbreak in months, made more problematic by its timing. 

Unlike most computer worms which usually strike only once, Mydoom is particularly vicious because it will spread continuously from infected computers until Feb. 12, Hypponen said. 

"It's hit hundreds of thousands of users worldwide, but we aren't quite sure how many hundreds of thousands. Anyhow, it's all over the place," Hypponen told The Associated Press. 

He said his company had contacted officials in various countries, but were no closer to finding out who was behind the worm. 

"We don't know where it's come from. There have been very few clues as to where to look, and we don't even know which continent we should be looking at," Hypponen said. 

On Thursday, Microsoft Corp. promised to pay US$250,000 to anyone who helps authorities find and prosecute the author of the fast-spreading virus. The cash reward is the third so far under a US$5 million program Microsoft announced in November to help U.S. authorities catch authors of unusually damaging Internet infections aimed at consumers of the company's software products. 

Hypponen said the original Mydoom.A worm is still the most active, while the feared B worm -- by the same author as the A worm -- had proved to be much milder. Experts are not sure if Mydoom.B has been programmed to end at a specific time. 

"It's of little significance really, because it hasn't spread very wide," Hypponen said.

----------


## wiresounds

Πηγή: globetechnology

*Is MyDoom part of a Linux war?*

Who's being hurt the most by the latest rash of viruses? In the final analysis, it may be the wrong people.

A mass-mailing worm called Mimail has arrived in 18 different mutations since it first appeared in November, and although it still poses a major on-line threat, it has taken a back seat to the even nastier Mydoom, released this week.

Mydoom sped to second place in London-based security company mi2g's list of costliest viruses; in just five days it doubled the value of the damage done by Mimail in two months. Moreover, security experts are saying there is still no indication that Mydoom is a weakening force.

Mimail now stands in fourth place, while the all-time king of damage remains SoBig,

Worse, a new variant called Mydoom.b is racing through the Internet; it is scanning for the ports left open by MyDoom.a so that it can copy itself to machines infected with the ".a" version.

Utah-based SCO Group has placed a $250,000 (U.S.) bounty on the makers of Mydoom.a, which is set to launch a denial-of-service attack against the company's website between Sunday Feb. 1 and Feb. 12.

Microsoft has placed a $250,000 bounty of its own on the makers of Mydoom.b, which has been designed to trigger a denial-of-service (DoS) attack on Microsoft's website.

What makes the arrival of these new viruses different is that observers are jumping to the conclusion that they originated from the open-source community, home of the Linux operating system.

Both SCO and Microsoft are the main targets of an increasingly restive and abrasive community of Linux supporters — the first (*SCO*) because it is involved in a campaign *to stop the Linux community's alleged copyright infringement* on its UNIX intellectual property, and the second (*Microsoft*) because *it's the dominant maker of operating systems*.

Things were not looking too good for the Linux Friday, when Mikko Hyppoenen, head of anti-virus research at the Finnish group F-Secure, told the Agence France-Presse that some Linux users are very angry at SCO Group for trying to make a profit off Linux, leaving open the possibility that Mydoom was created by a rogue Linux supporter.

And researchers at Sophos, another anti-virus company, have also suggested that Mydoom may have been deliberately constructed as a weapon in the current battle of the Linux wars.

The flames were fanned Wednesday when security expert Dan Geer blamed the attacks on the "Microsoft monoculture" of the Internet, suggesting it is Microsoft's own fault for being so rapacious and arrogant in its market domination.

Mr. Geer's words were taken very seriously — he achieved cult status last year when he co-authored a controversial paper on the subject of the Windows monoculture, and was subsequently fired from a company that counted Microsoft among its customers.

Some Linux supporters have weighed in to distance the open-source community from the virus. Some have suggested Mydoom *clearly came from Russia* — the security firm Kaspersky Labs found it there first — where it was the product of spammers who installed key-logging routines designed to capture passwords and bank account numbers.

"It is not something any conscientious Open Source developer would participate in," said an anonymous writer in a typical defence of Linux in a discussion on Messagelabs.com's bulletin board.

Yet virus analysts found a distinctly un-Russian clue to the authors in the Mydoom.b code, which contained the line *"(sync-1.01; andy; I'm just doing my job, nothing personal, sorry)."*  ::  

Moreover, Mydoom.a and Mydoom.b are likely to have come from the same source.

"To develop a new version of the worm would require source code of the program and time to learn how it works," Denis Zenkin, head of corporate affairs for Kasperky, said Friday. "The source code was not published, and a virus writer had no time to learn the code to create a revamped version."

Whatever "Andy's" friend's job is, his product is affecting more people more quickly than most other viruses have. One of the most rapidly spreading worms in Internet history, MyDoom was infecting as much as *one in every 12 e-mails* sent over the Internet, security experts at New-York-based MessageLabs Inc. said. The worm has also been blamed for slow performance from Web servers over the past few days, as corporate firewalls and filters struggle to cope with increased traffic.

Almost no one has been immune — corporate computer networks and private computer owners are finding their mailboxes jammed with messages generated directly or indirectly by Mydoom. The resulting flood of mail is slowing down the Internet and mail servers everywhere, even if they are running on the Linux platform or are adequately protected with anti-virus software.

The resulting slowdown has been unprecedented, and the anger has grown proportionally. Some 200 countries have reported millions of machines infected, and the U.S. *FBI is launching a global investigation*.

The security people at mi2g report an increase in Internet activity testing machines for ports (access points) left open by Mydoom, but add that the search is not necessarily done by Mydoom makers.

"The digital attackers are opportunistic in each country and some are cross-country," mi2g said in a statement, "but they are not thought to be linked to the original author(s) of the MyDoom malware at this stage."

D.K. Matai, mi2g chairman, pushed the point further. "MyDoom is answering the prayers of hackers, spammers and phishing scam perpetrators worldwide," he said, "because it provides a ready-made set of computing power and storage capacity that can be hijacked easily and exploited at will."

And that kind of opportunism will allow fingers to be pointed at many different sources for the nastiest virus yet, few of them the likely culprits.

*And as long as the tech news sources keep speculating about the worm's possible birth in the open-source community, few people will emerge unscathed.*

----------


## mbjp

MyDoom Knocks Down SCO Web Site
Sun 1 February, 2004 22:13 

By Reed Stevenson and Bernhard Warner

SEATTLE/LONDON (Reuters) - The MyDoom Internet worm on Sunday knocked down the Web site of a small software company by bombarding it with a flood of data as Microsoft Corp. MSFT.O prepared for a similar, planned attack by the virus-like program this week.

The SCO Group Inc., SCOX.O a software company that has drawn the ire of Linux advocates for trying to collect license fees for the freely available software system, confirmed MyDoom had knocked its Web site, http://www.sco.com, out of commission.

After defending the site in the early stage of the attack, SCO shut its site down entirely.

"Rather than try to continue to fight, we felt it was more advantageous to bring the site down and make that bandwidth available or other users," said SCO spokesman Blake Stowell, adding that the company would get the site up and running again on Monday.

SCO and Microsoft, which is being targeted by a variant of the MyDoom worm, have each offered a bounty of $250,000 for information leading to the capture of the author of the malicious program.

The world's largest software maker said was it preparing for an attack by the variant worm, called MyDoom.B, which security experts have said will happen on Tuesday.

"Microsoft remains diligent," a company spokesman said.

The speed and severity of the attack surprised security officials, although there were no other reports of outages or slowdowns elsewhere online due to the worm.

But experts warned that the main threat remained to unsuspecting recipients of the worm, which spreads by spamming itself to millions e-mail accounts around the globe.

"At this particular point people shouldn't lose sight of the fact that the virus is still spreading," said Vincent Gullotto, vice president of the anti-virus emergency response team at Network Associates Inc. NET.N 

WILL IT GET WORSE?

MyDoom.A, also known as Novarg or Shimgapi, emerged nearly a week ago in the form of a spam e-mail message that contained a well-disguised virus attachment and has been described as the most-damaging attack since last summer's twin Blaster and SoBig outbreaks.

MyDoom was programmed to take control of unsuspecting computer users' PCs from which it launched a debilitating denial-of-service attack on SCO on Sunday.

SCO has drawn the ire of the so-called "open source" programming community who object to the company's claim that it has copyright control over key pieces of the Linux operating system.

The MyDoom attack trigger was set for 11:09 a.m. EST on Sunday. But with so many computer clocks incorrectly set, the infected machines began firing off data requests at SCO.com hours earlier, said Mikko Hypponen, research manager at Finnish anti-virus firm F-Secure.

"It will only get worse for SCO as time goes on," Hypponen added.

The MyDoom.B variant, which is also programmed to attack SCO, has not spread nearly as rapidly as MyDoom.A. MyDoom.A is believed to have infected more than one million personal computers.

Security officials have warned computer users to delete suspicious e-mail messages that appear to come from "Mail Administrator" and other official-looking addresses that contains a file attachment.

----------

http://www.reuters.co.uk/newsArticle...5&section=news

----------


## Ataraxos

Τα νεύρα μου με αυτό το virus  ::  
Κάθε μέρα μου έρχονται και 3-4 μολυσμένα e-mail...
Ας είναι καλά ο nortonas που έτυχε να εγκαταστήσω πρόσφατα  ::

----------


## Mick Flemm

MyDoom.B Rapidly Spreading

Mydoom.B is a new variant of the Mydoom worm and is about 29,184
bytes. This variant attempts to perform a Distributed Denial of
Service (DDoS) attack against Microsoft.com. Details regarding this
new worm are still emerging, but it has been validated as spreading in
the wild. Facts about the worm will be further qualified with follow
up reports following this initial analysis.

For the latest information about this worm from US-CERT, readers are
encouraged to visit http://www.us-cert.gov/cas/techalerts/TA04-028A.html.

E-mails sent out by Mydoom.B are highly randomized. The From address
may be spoofed to include one of the following domains: aol.com,
msn.com, yahoo.com and hotmail.com. A randomized string value may then
be combined with these to generate new e-mails. This may result in
overload e-mail servers with many false addresses and auto-replies
associated with such traffic.

The subject is randomized to include one of the following
following:

* Delivery Error
* hello
* Error
* Mail Delivery System
* Mail Transaction Failed
* Returned mail
* Server Report
* Status
* Unable to deliver the message

The subject may also contain randomized data as seen in a recent live
sample: "RE: I still love you fLctv".

The message body is also randomized to include one of the
following:

* RANDOMIZED CHARACTERS
* test
* The message cannot be represented in 7-bit ASCII encoding and has
been sent as a binary attachment.
* sendmail daemon reported: Error #804 occured during SMTP session.
Partial message has been received.
* The message contains Unicode characters and has been sent as a
binary attachment.
* The message contains MIME-encoded graphics and has been sent as a
binary attachment.
* Mail transaction failed. Partial message is available.

The attachments have a randomized filename selected from one of the
following string values:

* body
* doc
* text
* document
* data
* file
* readme
* message

The randomized string value is then combined with a randomized
extension: .exe, .bat, .scr, .cmd or .pif. If the malicious attachment
is executed, it then opens notepad.exe and displays garbled data
(binary).

Once executed, the worm attempts to create the following files in the
Windows System directory: explorer.exe and dtfmon.dll. The Windows
registry is then modified to run the worm in memory upon Windows
startup:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Explorer=C:WINDOWS SYSTEM DIRECTORY\explorer.exe

The DLL component is associated with a backdoor feature of this worm.
It is likely that this Trojan worms like the one in Mydoom.A. It scans
through a range of TCP addresses looking for inbound TCP traffic.
Inbound TCP traffic can be used to configure the infected computer as
a proxy computer or to install code of choice on the infected
computer. More importantly, attackers are already working on tools to
hijack Mydoom infected computers to install code of choice.

The DDoS attack of Mydoom.B is against http://www.microsoft.com. There is
information claiming that it may also be directed at sco.com, but this
is unsubstantiated at this time. It appears that the more credible
data is that it only performs a DDoS attack against http://www.microsoft.com,
though a previosu version of the virus is confirmed to attack SCO.

To spread over the KaZaA P2P network, Mydoom.B creates copies of
itself in the KaZaA shared directory with randomized filenames.
Filenames include:

* attackXP-1.26
* BlackIce_Firewall_Enterpriseactivation_crack
* MS04-01_hotfix
* NessusScan_pro
* icq2004-final
* winamp5
* xsharez_scanner
* zapSetup_40_148

A randomized extension is then added to the filename selected above,
being .exe, .scr, .pif or .bat.

Mydoom.B attempts to harvest e-mails from Temporary Internet files as
well as via randomized e-mails aforementioned. It does not include any
e-mails containing the following strings: abuse, accoun, certific,
listserv, ntivi, icrosoft, admin, page, the.bat, gold-certs, feste,
submit, help, service, privacy, somebody, soft, contact, site, rating,
bugs, your, someone, anyone, nothing, nobody, noone, webmaster,
postmaster, support, samples, info, root, ruslis, nodomai, mydomai,
example, inpris, borlan, nai., sopho, foo., .mil, gov., .gov, panda,
icrosof, syma, kasper, mozilla, utgers.ed, tanford.e, acketst, secur,
isc.o, isi.e, ripe., arin., sendmail, rfc-ed, ietf, iana, usenet,
fido, linux, kernel, google, ibm.com, fsf., mit.e, math, unix,
berkeley and spam.

Mydoom.B also opens TCP port 10080. The worm contains the following
string: "sync-1.01; andy; I'm just doing my job, nothing personal,
sorry".

Alias: Mydoom, Novarg, Mydoom.B

Sources:

F-Secure Corp. (http://www.f-secure.com/v-descs/mydoom_b.shtml),
Jan. 28, 2004

Bit Defender
(http://www.bitdefender.com/bd/site/viru ... 1&v_id=186), 
Jan. 28, 2004

iDEFENSE Intelligence Operations, Jan. 28, 2004 Sensible Security
Solutions Inc. (http://www.sss.ca/), Jan. 28, 2004

According to iDEFENSE, this new variant of Mydoom appears to have
different MIMI data for malicious e-mails. The content type appears to
be plain text and includes a ZIP extension. Mydoom.A had a content
type of application/octet-stream and multipart/mixed data. It is
likely that this newest variant of Mydoom will become very widespread
in the wild. The first variant had well over 3M interceptions by just
two sources in the first 18 hours of the outbreak.

Look for questionable files about 29,184 bytes. Look for notepad.exe
to be opened, displaying binary data (garbled text). Also look for the
Windows registry created by the worm.

Recovery: Remove all files and the Windows registry key modifications
associated with this malicious code threat. Restore corrupted or
damaged files with clean backup copies.

Workaround: Configure e-mail servers and workstations to block file
types commonly used by malicious code to spread to other computers.
Block ZIP and executable extensions on the gateway and groupware
level. Also monitor traffic on the network and block ports associated
with Mydoom, especially inbound TCP ports for the backdoor Trojan
component and the outbound TCP 10080 port data. Administrators may
also find value in monitoring traffic associated with the DDoS
component. Carefully manage all new files, scanning them with updated
anti-virus software using heuristics prior to use.

Vendor Fix: Anti-virus vendors will likely release updated signature
files to protect against this malicious code in the near future. Some
anti-virus applications may detect this malicious code heuristically.

Name of Malicious Code: Mydoom.B
Aliases:
Mydoom.B
Mydoom
Novarg
Size in Bytes: 29184
Subjects: RE: I still love you fLctv
Body: Error 551: We are sorry your UTF-8 encoding is not supported
by the server, so the text was automatically zipped and attached to
this message.
Attachments: message.zip

This document was developed based on material contributed by iDEFENSE.
Our thanks for their contribution.

Last updated January 28, 2004

----------


## Mick Flemm

You can find information on Symantec's web page.

Blocking: same port as last time, 3127.

Gadi Evron

Αρχίστε να κόβετε..

----------


## Mick Flemm

In-Reply-To: <[email protected]>

it's not mydoom.c - his name is Vesser (W32.HLLW.Deadhat) :

Vesser mainly targets computers that have previously been infected with the Mydoom.A or Mydoom.B worms. Vesser scans for the backdoors in those worms on IP addresses. While doing that it connects to TCP ports 
* ***********************************
Κλείστε κι αυτές τις πόρτες στο firewall σας...
1080. 3127 and 3128
************************************
and tries to copy itself there in a specially-crafted package. 

http://www.f-secure.com/v-descs/vesser.shtml
http://securityresponse.symantec.com/av ... adhat.html

Regards.



C. Bekrar - Security Consultant
K-OTik Security (France)
http://www.k-otik.com

----------


## wiresounds

Πηγή: sophos

*Doomjuice "plants evidence" on innocent computers. Is MyDoom author trying to hide in the crowd? asks Sophos*

Sophos virus experts have an interesting theory on a peculiar payload of the W32/Doomjuice-A worm. The Doomjuice worm drops a copy of the prevalent W32/MyDoom-A's source code onto infected computers, possibly in an attempt to make it more difficult to convict the true author. 



The Doomjuice worm drops a compressed copy of MyDoom's C source code into a number of directories on the infected user's PC. Detectives investigating the authorship of the MyDoom worm would normally treat discovery of the source code on a computer as a significant clue. 

"There is already a $500,000 reward for information leading to the conviction of MyDoom's author," said Graham Cluley, senior technology consultant for Sophos. "If he has spread his code around the net onto innocent computers in an attempt to hide in the crowd, then he's more sneaky than the average virus writer." 

"The other possibility is that MyDoom's author is spreading the code to encourage others to write copy-cat viruses which try and mimic MyDoom's global spread. The need for sensible security policies and multi-tier virus protection has never been greater," continued Cluley. 

The Doomjuice worm attempts to launch a distributed denial of service attack against Microsoft's website: http://www.microsoft.com

----------


## avel

Ας γραψω κι εγω κατι για να γελασουμε λιγο...

-----

Μεγάλα επιχειρηματικά συμφέροντα στις τέσσερις γωνιές του πλανήτη εντοπίζουν οι αναλυτές της αγοράς πληροφορικής πίσω από την ταχύτατη εξάπλωση του ηλεκτρονικού ιού «My Doom». 

Το καινούριο... σκουλήκι, που εξαπλώνεται μέσω του ηλεκτρονικού ταχυδρομείου, κρύβει πίσω του διαμάχες που συνδέονται με το Linux, τον ανοιχτό κώδικα που αμφισβητεί την παντοκρατορία του Bill Gates, της Microsoft και των Windows. 

Ο ιός «My Doom» απειλεί να πλήξει σήμερα, 1η Φεβρουαρίου, την αμερικανική εταιρεία SCO, η οποία κατέχει τα πνευματικά δικαιώματα πολλών τμημάτων του κώδικα Unix. Πολλοί θεωρούν το Unix «παππού» του Linux. Το λειτουργικό πρόγραμμα Linux (που στηρίζει όλη τη λειτουργία του υπολογιστή όπως τα Windows) αναπτύχθηκε το 1991 από έναν πιτσιρικά Φιλανδό, τον 33χρονο σήμερα Linus Thornvald, ο οποίος διέθεσε όλο τον κώδικα δωρεάν στο Internet. Εκτοτε το πρόγραμμα βελτιώνεται από... οποιονδήποτε επιθυμεί, με την υποχρέωση να το διαθέτει δωρεάν. Υπάρχει ολόκληρη κοινότητα φανατικών υποστηρικτών του Linux, που αποκαλούν τον Thornvald «ηγέτη του ελεύθερου κόσμου». 

Η SCO ήρθε πέρυσι στην πρώτη γραμμή της επικαιρότητας όταν αποφάσισε να καταθέσει μηνύσεις σε πολλούς «γίγαντες» της παγκόσμιας τεχνολογικής αγοράς, όπως η ΙΒΜ και η Novell. Σύμφωνα με τους ισχυρισμούς στελεχών της SCO, οι δύο αυτές εταιρείες έχουν παραβιάσει τη νομοθεσία περί πνευματικών δικαιωμάτων, διότι διέθεσαν προγράμματα τα οποία ναι μεν στηρίζονταν στον ανοιχτό κώδικα Linux, υιοθετούσαν όμως «πατέντες» Unix, ιδιοκτησίας της SCO. 

Οι μηνύσεις αυτές προκάλεσαν μεγάλη δυσαρέσκεια στους οπαδούς του Linux, οι οποίοι θεώρησαν ότι με αυτό τον τρόπο θα καθυστερήσει η ταχύτατη εξάπλωση του ανοιχτού κώδικα, του μεγαλύτερου «ανταγωνιστή» που είχαν ποτέ τα προϊόντα της Microsoft. Ετσι, ανεξάρτητα από την έκβαση της δικαστικής διαμάχης και παρά το γεγονός ότι προς το παρόν δεν υπάρχει καμία απολύτως απόδειξη, ο «ένοχος» για τη δημιουργία και την εξάπλωση του ιού «My Doom» καταζητείται μεταξύ των οπαδών του Linux. Τόσο η SCO όσο και η Microsoft έχουν επικηρύξει τον ένοχο προσφέροντας αμοιβή 250.000 δολαρίων. 

Οι οικονομικές επιπτώσεις πάντως από την εξάπλωση του ιού εκτιμάται ότι θα είναι υψηλότερες από κάθε άλλη φορά. Οι αναλυτές κάνουν λόγο για ζημίες 250 εκατ. δολαρίων.

"Πηγή": Ελευθεροτυπία

Πλάκα δεν είχε;

Ο Linus Thornvald φταίει για όλα!!!

----------


## avel

> Κλείστε κι αυτές τις πόρτες στο firewall σας...
> 1080. 3127 and 3128


Ελπίζω ότι όποιος χρησιμοποιεί firewall είναι 'sane enough' ώστε να έχει default policy το drop / reject. Οπότε μπορεί απλά να *μην ανοίξει* αυτές τις πόρτες. :-) :-P

----------


## racer

> Αρχική Δημοσίευση από Mick Flemm
> 
> Κλείστε κι αυτές τις πόρτες στο firewall σας...
> 1080. 3127 and 3128
> 
> 
> Ελπίζω ότι όποιος χρησιμοποιεί firewall είναι 'sane enough' ώστε να έχει default policy το drop / reject. Οπότε μπορεί απλά να *μην ανοίξει* αυτές τις πόρτες.



Εμείς στα Βριλησσια μπορεί να είμαστε αρχιτσιφλικαδοκλικαδόροι όμως υποστιρήζουμε την ελέυθερη διακίνηση δεδομένων. Default is to accept.

Τις 1080, 3127 τις έκλεισα, μήν τολμίσει κανείς να κλήσει την 3128 (squid) γιατί θα τον καταραστώ!

----------


## wiresounds

Πηγή: zdnet

*RIAA to face MyDoom's music?*

A variant of the MyDoom virus has started spreading, albeit slowly, and security experts expect it to target the main Web site of the music industry. 

The variant, MyDoom.F, *deletes* several different types of files stored on an infected computer and aims to attack the Web sites of *Microsoft* and the *RIAA* (Recording Industry Association of America) with a flood of data, antivirus companies said Friday. 

Neither site may feel much pain, however, as the virus has failed to spread quickly. 

"It is not very prevalent," said Craig Schmugar, virus research manager for Network Associates' vulnerability emergency response team. "We haven't seen anything beyond (a single) sample in the past 24 hours." 

The original MyDoom spread through e-mail in late January, infecting a new computer every time an unwary person opened the attached file containing the program. Between several hundred thousand and 2 million computers were infected, according to estimates. 

Antivirus firms believe that the writer of the MyDoom.F virus is different from the person believed to have authored the first two versions of the code. A later worm, Doomjuice, spread to computers that were already infected by MyDoom and dropped copies of the original virus' source code. It's thought that the author of MyDoom.F used that code to write this new virus. 

"Right now, it feels like someone took the original one and modified it," said Vincent Weafer, senior director for the antivirus research center at security company Symantec. "That's just a gut feeling." 

The MyDoom.F virus spreads using a variety of subject lines and message text, usually attaching itself to the message as a *Zip compressed file*. The virus infects Windows computers when the user opens the file. 

PCs compromised by the virus send out virus-laden e-mail messages using random addresses found in a variety of files, such as *cached Web pages and the Windows address book*. The virus also *deletes Word documents, JPG picture files, Audio Video Interleaved files, Excel spreadsheets and a few other types of files*.

----------

