[ILUG] interesting article otherwise known as the smell of napalm
in the morning.
fuzzbucket at eircom.net
Fri Feb 6 00:41:34 GMT 2004
> direct quote
> "There seems little doubt that SCO was targeted - illegally and
> unacceptably, lest anyone be in any doubt - because it has enraged
> many people devoted to the Linux operating system."
> Is this fair comment?
> Why could they have been targetted?
> a) - disgruntled employee b) - the law suits c) - random domain name
> d) - the colour of the sunset on a friday in november e) - the smell
> of napalm in the morning.
> Of all the various reasons behind it, what is the most likely answer.
> and since i am not a lawyer lets attempt logic ;-)
> If one says that <insert random race here> are responsible for
> certain attacks - thats racism right?
> If one says that <insert random gender here> are responsible for
> certain attacks - thats sexist right?
> If one says that <insert random philosophy here> are responsible for
> certain attacks - thats obviously alright.
> Its quite possible that in some countries, and under some conditions,
> "fair comment" can be mistaken for incitement.
I read that article this morning - where to begin?
I reckon the DDoS component of the virus was inserted to take attention
away from the backdoor/trojan component. It looks to be a professional
job (professional as in for money - nothing to do with ability or
integrity) and in what appears to be a qualm of conscience the author
inserted a message into the code reading "I'm just doing my job, nothing
personal, sorry." (see
This article mentions the virus being signed "Andy" but it seems more
likely this Andy is the intended recipient of the message - much
Assuming this is the case it is easy to speculate who commissioned the
code. An immediate suspect is SCO given their history of gaining press
columns by claiming malicious attacks against them but looking at the
backdoor component I would be more inclined to point at spammers - as I
said the DDoS aspect looks like a decoy, it being the aspect of the
infection more likely to gain press inches.
I have also seen many people point the finger at the Russian mafia.
While some exploits have come from that end of organised crime (online
protection rackets targeted at financial institusions) my guess is that
the origin would be stateside given the research showing the pure volume
of spam that originates there and that a common purpose of many of
todays viruses/trojans is to create mail relays.
Than again, I am probably mistaken - I have a history of that sort of
</slightly drunken response>
More information about the ILUG