[brlug-general] Seeing new DDOS SCO worm on my mail server; how bout you?
willhill at canadaisp.net
Wed Jan 28 22:14:14 CST 2004
On 2004.01.28 08:15 Shannon Roddy wrote:
> Doesn't matter if I have any windows systems running. The virus spoofs
> the sender's address. So, if you are in someone's address book,
> chances are "you" are sending out copies of the virus.
That's not what I'm getting at. I want to prove that Microsoft is behind the attack. First, prove that the spoofs were just that - the messages did not come from your own machines. Then look for a pattern in those chosen to be spoofed. There's something very suspicious going on here. Bruce Perens compared MyDumb to the Reichstag fire and I agree.
If the virus did not get your address off your machine, where did it get it and why? Showing that the virus did not get addresses from your machines, just show that you did not run M$ and monitor your network's traffic. Then ask why would a virus spoof an address found on a computer rather than the computer user's own address? It's the computer user's name that will be trusted by people on their list, not a name pulled from from the computer user's address list. I may know A and B and they might all trust an attachment from me, but none of them are sure to know each other. Practically, it makes not sense. I can think of only reasons a virus would spoof A or B's address in mail sent off my machine. The first is that A or B are trusted administrators, that would not hold true across a person's address book. The second is that the virus writer wanted to embarrass A or B. Either of these options would require some kind of an external list and great premeditation. Your inclusion, as a Linux Zealot is suspicious.
Being a good zealot myself, I think that Microsoft is behind this and wants to make free software users look as bad as they can. They have lists of their "enemies" who advocate free software and occasionally complain when Microsoft failures and design flaws cause internet turmoil, restrictive ISP policies, and utility blackouts. They have already suckered CNN and others to run headlines about "Linux War Weapons", and others have run articles filled with giggling anarchist straw men. A miltibillion dollar press just used the latest Microsoft transmitted disease to smear people who give their work away without expectations of reward. It's disgusting, but hopefully transparent enough to backfire.
So, is it true? Shannon, were your machines clean? Has anyone else here been smeared by spoofing? Is there enough mail lying around to build a solid statistical case?
More information about the General