LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Morning Ireland piece on MyDoom virus

[ILUG] Morning Ireland piece on MyDoom virus

NW Dublin linux at esatclear.ie
Mon Feb 2 15:43:50 GMT 2004 

See comments inline with transcript.

Gavin McCullagh wrote:

>Hi,
>
>On Mon, 02 Feb 2004, Peter Aherne wrote:
>
>  
>
>>On Mon, 02 Feb 2004, Gavin McCullagh said the following:
>>    
>>
>>>On Mon, 02 Feb 2004, Breathnach, Proinnsias (Dublin) wrote:
>>>
>>>      
>>>
>>>>http://www.rte.ie/news/2004/0202/morningireland/morningireland5a.smil
>>>>
>>>>Is the link ... anyone got the time to transcribe ?
>>>>        
>>>>
>>>I'll do it over lunch, if that's early enough.  If someone else is working
>>>on it let mw know and I won't bother.
>>>
>>>      
>>>
>>Here is a partial transcript, I skipped the intro about what a worm is
>>etc...I paticularly like his explanation of why SCO was targetted...
>>    
>>
>
>Well that'll teach me to do things earlier than I said I would!  Here's
>mine.
>
>
>############################################################################
>Transcript of Morning Ireland's piece about the MyDoom email virus.  
>Aired live on RTE Radio 1 at 7:45am approx, Monday 2nd February 2003.
>
>http://www.rte.ie/news/2004/0202/morningireland/morningireland5a.smil
>############################################################################
>
>David Hanley: 'The fastest spreading email worm in history' is how internet
>security experts describe the so-called 'MyDoom' email worm.  The MyDoom email
>worm was primed to attack S-C-O's website on Sunday.  The experts say it'll
>move on to target Microsoft Corporation tomorrow.  S-C-O's website www.sco.com
>remained offline last night.  'A large scale Denial of Service attack has
>started that has made the company's website www.sco.com completely unavailable,'
>the S-C-O said in a statement.  
>
>Now, we're joined in the centre city studio by the director of BUI Training,
>computer expert William Campbell.
>
>William Campbell: Good morning.
>
>DH: Good morning William Campbell.
>
>WC: Good morning.
>
>DH: Would you explain to me on behalf of others as ignorant as I am about email
>and all to do with it, what is an email worm? 
>
>WC: An email worm is, is a computer virus and a computer virus is a program
>that runs like Microsoft Word on your computer but it's one that got on there
>when you didn't want it to get on, em, usually by some sureptitious means, by
>somebody em, em, em sending it to you and getting it onto your computer like
>that.
>
>DH: How does it manifest itself?
>
>WC: Em, it's possible you mightn't notice at all.  But, if your friends have
>this you're probably getting lots of strange emails eh, from people who are,
>who are, eh, perhaps familiar to you, with an attachment saying 'Please open
>this attachment'.  Now, those emails are coming from the virus on somebody
>else's computer and if you open that then you'll probably be caught.
>
>DH: How?
>
>WC: Em, the reason you'll be caught is because that will then install a little
>program on your computer and if you're connected to the internet --- which you
>probably are if you have email --- then your computer will be taken over like a
>zombie and will act as though you're trying to get through to this S-C-O
>website and make millions of requests for information from it and the
>cumulative effect of this, it's like em, a million people ringing the RTE
>switchboard number at the same time.  It'll just knock out the system.   
>
>DH: So you'll be completely disabled.
>
>WC: Em, no. The, the website will be completely disabled. You'll be...
>
>DH: The website, I mean.
>
>WC: Yes, yes.  and, and effectively that's what happened.  So it was, it was
>successful in that respect.
>
>  
>
MyDoom actually performs numerous acts if run.

1.   It installs itself into your system, ensuring it returns after a 
reboot.
2.   It gathers email addresses on your computer and sends itself by 
email to them.
3.   It opens ports to allow for possible remote administration.
4.   It attempts to copy itself so that it will distributed on the Kazaa 
file sharing network.
5.   It launches a DoS against www.sco.com

To confuse things, there is then also MyDoom.B which along with the 
above also:

1.   Launches a DoS against www.microsoft.com.
2.   Blocks access to a list of computers.

No mention is made of the other effects by WC.   No mention of the 
variants is made by WC.

>DH: Why is this happening?
>
>WC: Oh, oh, oh.  This goes back to what's called the 'Browser Wars' whereby
>Microsoft put, effectively put Netscape, eh out of business by giving away a
>competitor product for free using their, all their money to do that.  They did
>much the same with Apple, although Apple hasn't gone out of business and em,
>the people who are behind this virus I would suspect are people who, who, em,
>are promoting what is called Open Sof... Open, eh, eh, .... Open System
>Software whereby eh, you can em, eh, have competitors for the Microsoft
>products which, are essentially free.  
>  
>
WC is drawing his own conclusions based on no facts without providing 
any reasoning.   Secondly he is attributing the effects of two different 
(though derived) virii with distrinct authors to one virus, this is 
factually incorrect.

Fundamentally there is no tenable connection between MyDoom and the 
'Browser Wars', besides Microsofts history of abuse behaviour to third 
party software vendors began earlier when Microsoft were found guitly of 
copying a competitors code into dos for disk drive compression.   Also 
as the first MyDoom virus targetted SCO, the direct ancestory of any 
battle between SCO and Linux would have to be either simply Darl 
McBride, the current SCO CEO, deiciding to base the company on 
litigation and licensing or all the way back to the origins of Unix.   
The 'Browser Wars' were simply the basis of an anti-trust case.   In 
Europe, server interoperability appears to be the basis for a potential 
anti-trust case.

>DH: But would the attackers then eh, almost by definition be competitors?
>
>WC: Em, no because, ... these competitors, they don't really exist as a
>company, although there are some companies such as openoffice.org and eh em,
>StarOffice and eh Lynux  but em, Microsoft has essentially put all the
>_commercial_ competition either out of business or they've bought them up or
>whatever.  Eh, em Open Source Software is developed by eh, volunteers and,
>anybody can go into a website, have a look at how the program is developing and
>throw in a suggestion and say you know, you should include my little ...
>
>  
>
Firstly, there are many companies and many organisations who are 
'almost' competitiors but the examples are bizarre in the least.   
OpenOffice.org is not a company, it is an organisation but it would be a 
competitor to Microsoft in the area of Office Suites.   StarOffice is 
simply a product, built by Sun Microsystems which most certainly is a 
company.   Linux is the trademarked name of a piece of software, no 
company and not even an organisation.   To say that Microsoft has 
essentially put all the _commercial_ competition out of business is 
farcical, ask IBM, Sun, HP, RedHat, Mandrake, SuSe, Novell or Apple let 
alone looking further out from the core PC marketplace and seeing Palm, 
Sony (Playstation), Tivo, Symbian and many many more.   Microsoft have 
been found guilty of abusing an effective monopoly to prevent 
competition, this does not mean they have actually prevented any 
competitior from having any success though, especially the further you 
get from their core products where they hold the monopoly, Windows and 
Office.

It is disingenuous to say Open Source Software is developed by 
volunteers.   Any piece of software which is written and subsequently 
licensed under an Open Source Licence has been placed under that licence 
voluntarily by the author.   The author may be a company or an 
individual who may or may not receive any payment for the work, but in 
fact a lot of work is done by employees within commercial companies (IBM 
and Sun to take 2 well known examples).

>DH: yeah.
>
>WC: ... my little suggestion.  
>
>DH: The experts say they're going to move on Microsoft tomorrow.  Eh, is this
>worm an expression of hatred of Microsoft?
>
>WC: Absolutely, that's exactly what it is.  And, and also the reason this S-C-O
>company was targetted was because eh, if you go to a website such as
>openoffice.org you can ..., you can download a free copy of what is a
>competitor for Microsoft Office.  So an equivalent of Microsoft Word, an
>equivalent of Microsoft Excel which probably most of your listeners have on
>their computers.
>
>DH: Willi
>
How are these worms an expression of hatred for Microsoft?   The 
original worm did not target Microsoft.   The second worm targets 
Microsoft in addition to the original target of SCO.   Note that SCO was 
not removed as a target, simply Microsoft was added.   Also the second 
worm also blocks the computer from accessing a list of computers on the 
internet including microsoft sites, anti-virus sites and banner ad 
serving sites.   Blocking microsoft and the anti-virus companies is 
simply an attempt to remain undetected.   Blocking the banner ad serving 
sites serves no apparent function and yet the authot added this feature 
to the virus, what does this say about hatred of Microsoft?   The most 
likely reason for the DoS aspect of MyDoom is to generate traffic which 
makes any infiltration of computers less obvious, and also to distract 
attention away from the remote control aspects of the worm and towards 
the high profile targets of the DoS.   By discussing the connections 
between a virus writer picking SCO as a target for a DoS and the issues 
around OSS, Sco and Microsoft you have played into their hands.

There is no connection to Office anywhere within this entire story and 
no connection between SCO and openoffice.org.   This entire paragraph 
does nicely bring to the publics attention the beautiful openoffice.org 
suite, but it has no connection to MyDoom.

>am, is their any protection against this?
>
>WC: Em, eh, yes.  Two things you can do.  Number one, em, if you have Windows
>and you have Microsoft Office get the updated versions by connecting to the
>internet and, and go into the Microsoft website and downloading it, but if you
>have ... that won't protect you if you have the virus already and if you do the
>thing to do is, first of all do no harm so unplug your computer from the
>internet and plug it out of the network if you're connected to a network and
>then use a different computer, maybe go to a, a, a, em, a web cafe to go to
>sophos.com who, who, which is an anti-virus company and you can download onto a
>floppy disk their, em, a free eh, eh, cleaning utility which will clean up your
>computer.  
>
>DH: Very good.  William Campbell, director of BUA Training, computer expert,
>thank you for that.  It's ten minutes to eight....
>  
>
Is their any protection against this?   Yes, do not receive traing from WC!

Number one, use anti-virus software and keep it up to date.
Number two, ensure all your software is kept free from security problems 
by monitoring for security updates.   Most important is your Operating 
System (e.g. Windows, Linux or OS X).  For Windows you can use Windows 
Update and can set it up to automatically monitor for security updates 
when they are released and to notify you.   If you use Linux or OS X you 
would not be effected by this virus and in practice there have been 
essentially zero virus in the wild for these systems, virus are nearly 
exclusively a Microsoft preserve based on the dominence (and hence the 
large number of targets) and their poor security record.   Where you 
have an IT department, they should have a policy on things like this, 
when you are at home you really need to just install all security 
updates unless you know what you are doing.
Number three, never ever open an attachment on an email unless ALL of 
the following are true:
    A: You trust the person who sent you the email
    B:  It is clear what the attachment is
    C:  You would expect this person to send you this item
    D:  You can tell from the language that it was actually sent by the 
person you believe sent it
If all the above are not true, but you would still like to open the 
attachment because some of them are true then you should confirm with 
the sender that they did in fact send you the file and that it is what 
you want to see.   If you receive an email regarding security problems, 
you should always confirm what it is advising you to do elsewhere and 
with a trusted source before taking any actions.

If you are willing to suffer a bit more inconvienince for the sake of 
safety then the motto is to never open an attachment unless you are 
expecting what you recieve from the person who sent it!

The Bottom line is this entire interview is worthless except in 
informing people that their is another virus running wild and providing 
a url for a free cleaning utility.

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell