See comments inline with transcript.
Gavin McCullagh wrote:
>>On Mon, 02 Feb 2004, Peter Aherne wrote:
>>>>>On Mon, 02 Feb 2004, Gavin McCullagh said the following:
>>>>>>>On Mon, 02 Feb 2004, Breathnach, Proinnsias (Dublin) wrote:
>>>>>>>>>>>>>http://www.rte.ie/news/2004/0202/morningireland/morningireland5a.smil>>>>>>>>Is the link ... anyone got the time to transcribe ?
>>>>>>>>>>>I'll do it over lunch, if that's early enough. If someone else is working
>>>on it let mw know and I won't bother.
>>>>>>>>>>>Here is a partial transcript, I skipped the intro about what a worm is
>>etc...I paticularly like his explanation of why SCO was targetted...
>>>>>>Well that'll teach me to do things earlier than I said I would! Here's
>Transcript of Morning Ireland's piece about the MyDoom email virus.
>Aired live on RTE Radio 1 at 7:45am approx, Monday 2nd February 2003.
>>David Hanley: 'The fastest spreading email worm in history' is how internet
>security experts describe the so-called 'MyDoom' email worm. The MyDoom email
>worm was primed to attack S-C-O's website on Sunday. The experts say it'll
>move on to target Microsoft Corporation tomorrow. S-C-O's website www.sco.com
>remained offline last night. 'A large scale Denial of Service attack has
>started that has made the company's website www.sco.com completely unavailable,'
>the S-C-O said in a statement.
>>Now, we're joined in the centre city studio by the director of BUI Training,
>computer expert William Campbell.
>>William Campbell: Good morning.
>>DH: Good morning William Campbell.
>>WC: Good morning.
>>DH: Would you explain to me on behalf of others as ignorant as I am about email
>and all to do with it, what is an email worm?
>>WC: An email worm is, is a computer virus and a computer virus is a program
>that runs like Microsoft Word on your computer but it's one that got on there
>when you didn't want it to get on, em, usually by some sureptitious means, by
>somebody em, em, em sending it to you and getting it onto your computer like
>>DH: How does it manifest itself?
>>WC: Em, it's possible you mightn't notice at all. But, if your friends have
>this you're probably getting lots of strange emails eh, from people who are,
>who are, eh, perhaps familiar to you, with an attachment saying 'Please open
>this attachment'. Now, those emails are coming from the virus on somebody
>else's computer and if you open that then you'll probably be caught.
>>WC: Em, the reason you'll be caught is because that will then install a little
>program on your computer and if you're connected to the internet --- which you
>probably are if you have email --- then your computer will be taken over like a
>zombie and will act as though you're trying to get through to this S-C-O
>website and make millions of requests for information from it and the
>cumulative effect of this, it's like em, a million people ringing the RTE
>switchboard number at the same time. It'll just knock out the system.
>>DH: So you'll be completely disabled.
>>WC: Em, no. The, the website will be completely disabled. You'll be...
>>DH: The website, I mean.
>>WC: Yes, yes. and, and effectively that's what happened. So it was, it was
>successful in that respect.
>>>MyDoom actually performs numerous acts if run.
1. It installs itself into your system, ensuring it returns after a
2. It gathers email addresses on your computer and sends itself by
email to them.
3. It opens ports to allow for possible remote administration.
4. It attempts to copy itself so that it will distributed on the Kazaa
file sharing network.
5. It launches a DoS against www.sco.com
To confuse things, there is then also MyDoom.B which along with the
1. Launches a DoS against www.microsoft.com.
2. Blocks access to a list of computers.
No mention is made of the other effects by WC. No mention of the
variants is made by WC.
>DH: Why is this happening?
>>WC: Oh, oh, oh. This goes back to what's called the 'Browser Wars' whereby
>Microsoft put, effectively put Netscape, eh out of business by giving away a
>competitor product for free using their, all their money to do that. They did
>much the same with Apple, although Apple hasn't gone out of business and em,
>the people who are behind this virus I would suspect are people who, who, em,
>are promoting what is called Open Sof... Open, eh, eh, .... Open System
>Software whereby eh, you can em, eh, have competitors for the Microsoft
>products which, are essentially free.
>>WC is drawing his own conclusions based on no facts without providing
any reasoning. Secondly he is attributing the effects of two different
(though derived) virii with distrinct authors to one virus, this is
Fundamentally there is no tenable connection between MyDoom and the
'Browser Wars', besides Microsofts history of abuse behaviour to third
party software vendors began earlier when Microsoft were found guitly of
copying a competitors code into dos for disk drive compression. Also
as the first MyDoom virus targetted SCO, the direct ancestory of any
battle between SCO and Linux would have to be either simply Darl
McBride, the current SCO CEO, deiciding to base the company on
litigation and licensing or all the way back to the origins of Unix.
The 'Browser Wars' were simply the basis of an anti-trust case. In
Europe, server interoperability appears to be the basis for a potential
>DH: But would the attackers then eh, almost by definition be competitors?
>>WC: Em, no because, ... these competitors, they don't really exist as a
>company, although there are some companies such as openoffice.org and eh em,
>StarOffice and eh Lynux but em, Microsoft has essentially put all the
>_commercial_ competition either out of business or they've bought them up or
>whatever. Eh, em Open Source Software is developed by eh, volunteers and,
>anybody can go into a website, have a look at how the program is developing and
>throw in a suggestion and say you know, you should include my little ...
>>>Firstly, there are many companies and many organisations who are
'almost' competitiors but the examples are bizarre in the least.
OpenOffice.org is not a company, it is an organisation but it would be a
competitor to Microsoft in the area of Office Suites. StarOffice is
simply a product, built by Sun Microsystems which most certainly is a
company. Linux is the trademarked name of a piece of software, no
company and not even an organisation. To say that Microsoft has
essentially put all the _commercial_ competition out of business is
farcical, ask IBM, Sun, HP, RedHat, Mandrake, SuSe, Novell or Apple let
alone looking further out from the core PC marketplace and seeing Palm,
Sony (Playstation), Tivo, Symbian and many many more. Microsoft have
been found guilty of abusing an effective monopoly to prevent
competition, this does not mean they have actually prevented any
competitior from having any success though, especially the further you
get from their core products where they hold the monopoly, Windows and
It is disingenuous to say Open Source Software is developed by
volunteers. Any piece of software which is written and subsequently
licensed under an Open Source Licence has been placed under that licence
voluntarily by the author. The author may be a company or an
individual who may or may not receive any payment for the work, but in
fact a lot of work is done by employees within commercial companies (IBM
and Sun to take 2 well known examples).
>>WC: ... my little suggestion.
>>DH: The experts say they're going to move on Microsoft tomorrow. Eh, is this
>worm an expression of hatred of Microsoft?
>>WC: Absolutely, that's exactly what it is. And, and also the reason this S-C-O
>company was targetted was because eh, if you go to a website such as
>openoffice.org you can ..., you can download a free copy of what is a
>competitor for Microsoft Office. So an equivalent of Microsoft Word, an
>equivalent of Microsoft Excel which probably most of your listeners have on
>How are these worms an expression of hatred for Microsoft? The
original worm did not target Microsoft. The second worm targets
Microsoft in addition to the original target of SCO. Note that SCO was
not removed as a target, simply Microsoft was added. Also the second
worm also blocks the computer from accessing a list of computers on the
internet including microsoft sites, anti-virus sites and banner ad
serving sites. Blocking microsoft and the anti-virus companies is
simply an attempt to remain undetected. Blocking the banner ad serving
sites serves no apparent function and yet the authot added this feature
to the virus, what does this say about hatred of Microsoft? The most
likely reason for the DoS aspect of MyDoom is to generate traffic which
makes any infiltration of computers less obvious, and also to distract
attention away from the remote control aspects of the worm and towards
the high profile targets of the DoS. By discussing the connections
between a virus writer picking SCO as a target for a DoS and the issues
around OSS, Sco and Microsoft you have played into their hands.
There is no connection to Office anywhere within this entire story and
no connection between SCO and openoffice.org. This entire paragraph
does nicely bring to the publics attention the beautiful openoffice.org
suite, but it has no connection to MyDoom.
>am, is their any protection against this?
>>WC: Em, eh, yes. Two things you can do. Number one, em, if you have Windows
>and you have Microsoft Office get the updated versions by connecting to the
>internet and, and go into the Microsoft website and downloading it, but if you
>have ... that won't protect you if you have the virus already and if you do the
>thing to do is, first of all do no harm so unplug your computer from the
>internet and plug it out of the network if you're connected to a network and
>then use a different computer, maybe go to a, a, a, em, a web cafe to go to
>sophos.com who, who, which is an anti-virus company and you can download onto a
>floppy disk their, em, a free eh, eh, cleaning utility which will clean up your
>>DH: Very good. William Campbell, director of BUA Training, computer expert,
>thank you for that. It's ten minutes to eight....
>>Is their any protection against this? Yes, do not receive traing from WC!
Number one, use anti-virus software and keep it up to date.
Number two, ensure all your software is kept free from security problems
by monitoring for security updates. Most important is your Operating
System (e.g. Windows, Linux or OS X). For Windows you can use Windows
Update and can set it up to automatically monitor for security updates
when they are released and to notify you. If you use Linux or OS X you
would not be effected by this virus and in practice there have been
essentially zero virus in the wild for these systems, virus are nearly
exclusively a Microsoft preserve based on the dominence (and hence the
large number of targets) and their poor security record. Where you
have an IT department, they should have a policy on things like this,
when you are at home you really need to just install all security
updates unless you know what you are doing.
Number three, never ever open an attachment on an email unless ALL of
the following are true:
A: You trust the person who sent you the email
B: It is clear what the attachment is
C: You would expect this person to send you this item
D: You can tell from the language that it was actually sent by the
person you believe sent it
If all the above are not true, but you would still like to open the
attachment because some of them are true then you should confirm with
the sender that they did in fact send you the file and that it is what
you want to see. If you receive an email regarding security problems,
you should always confirm what it is advising you to do elsewhere and
with a trusted source before taking any actions.
If you are willing to suffer a bit more inconvienince for the sake of
safety then the motto is to never open an attachment unless you are
expecting what you recieve from the person who sent it!
The Bottom line is this entire interview is worthless except in
informing people that their is another virus running wild and providing
a url for a free cleaning utility.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!