The Great Micro$oft Conspiracy was Re: [brlug-general] Seeing new DDOS SCO worm on my mail server; how bout you?
johnahebert at yahoo.com
Thu Jan 29 00:39:53 CST 2004
--- will hill <willhill at canadaisp.net> wrote:
> On 2004.01.28 08:15 Shannon Roddy wrote:
> > Doesn't matter if I have any windows systems
> running. The virus spoofs
> > the sender's address. So, if you are in someone's
> address book,
> > chances are "you" are sending out copies of the
> That's not what I'm getting at. I want to prove
> that Microsoft is behind the attack.
That's not science, that's politics. Or religion,
considering your zealotry. Have you even read the
analysis on how this virus works?
> First, prove
> that the spoofs were just that - the messages did
> not come from your own machines. Then look for a
> pattern in those chosen to be spoofed.
Patterns? You are now leaving the realm of science and
moving into the realm of Bible Code.
> something very suspicious going on here. Bruce
> Perens compared MyDumb to the Reichstag fire and I
Will, I thought you were trained as an engineer. How
can you let your anti-Microsoft bias relieve you of
reason? You are perceiving the facts in a biased
manner to prove a forgone conclusion... Have you
considered a career in law?
> If the virus did not get your address off your
> machine, where did it get it and why?
ANOTHER person's machine, specifically the Outlook
address book of an infected machine. Somebody who had
Shannon in their Outlook Address book was dumb enough
to open the attachment in a MyDoom-laced email. This
starts a program that reads the address book in that
Outlook client and starts sending emails using it's
own SMTP server with a modified "From:" header, among
doing other things.
> Showing that
> the virus did not get addresses from your machines,
> just show that you did not run M$ and monitor your
> network's traffic.
Say what? What exactly will that prove?
> Then ask why would a virus spoof
> an address found on a computer rather than the
> computer user's own address?
To propagate itself in the most effective manner
possible by sending emails out from a number of
different email addresses rather than just one email
address of the user's infected computer, which could
be easily blocked and/or traced back to the user, who
could be notified and then that user could take
> It's the computer
> user's name that will be trusted by people on their
> list, not a name pulled from from the computer
> user's address list.
Why? What's the difference? Most email users have
never looked at an email header and even if they did,
they wouldn't know how to read the "Received:" header
tag to determine the actual SMTP server sending the
> I may know A and B and they
> might all trust an attachment from me, but none of
> them are sure to know each other.
Maybe you aren't aware of the huge numbers of emails
being sent. I've read estimates of 1 out of 12 emails
sent during this worm infestation are MyDoom. Odds are
some _will_ know each other, at least enough to
propagate. I think the actual extent of the
propagation shows that it is working.
> Practically, it
> makes not sense.
Same thing I was thinking.
> I can think of only reasons a
> virus would spoof A or B's address in mail sent off
> my machine.
I'm afraid to ask.
> The first is that A or B are trusted
> administrators, that would not hold true across a
> person's address book.
> The second is that the virus
> writer wanted to embarrass A or B.
I really doubt that. Maximum propagation of a SCO DDOS
attack is the intent.
By the way, I heard a report on the radio today that a
variant is now spreading that will attack Microsoft
during the same time period as SCO. If what you are
saying is true and Microsoft is propagating a DDOS
attack against itself to make Linux users look like
nasty hackers, either Bill Gates is an evil genius or
a stupid idiot.
I hardly think the world will blame Linux for the
actions of a few. Even SCO is not that stupid (note
their $250K reward for turning in the virus writer).
> Either of these
> options would require some kind of an external list
> and great premeditation. Your inclusion, as a Linux
> Zealot is suspicious.
Will, you really need to get out of the house more.
> Being a good zealot myself, I think that Microsoft
> is behind this and wants to make free software users
> look as bad as they can.
> They have lists of their
> "enemies" who advocate free software and
> occasionally complain when Microsoft failures and
> design flaws cause internet turmoil, restrictive ISP
> policies, and utility blackouts.
Waitasec. You're kidding. Right? This is funny.
> They have already
> suckered CNN and others to run headlines about
> "Linux War Weapons", and others have run articles
> filled with giggling anarchist straw men.
Now I get it! That's pretty funny... I really hope
> miltibillion dollar press just used the latest
> Microsoft transmitted disease to smear people who
> give their work away without expectations of reward.
If you are not kidding, then you are one spooky dude.
> It's disgusting, but hopefully transparent enough
> to backfire.
Please keep at least 100' away from me in the future.
> So, is it true? Shannon, were your machines clean?
> Has anyone else here been smeared by spoofing? Is
> there enough mail lying around to build a solid
> statistical case?
Wow. I'm not sure how to respond to that. I've run out
of humorous comebacks.
So here's a practical one: Read any good introductory
textbook on deductive logic. _Deduction_ by Daniel
Bonevac is a good one.
'cat /dev/random | perl'
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
More information about the General