Daniel Wallace

Subscribe to Daniel Wallace: eMailAlertsEmail Alerts
Get Daniel Wallace: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


LINUX VIEWPOINT: MyDoom Worm "Harmful to Linux Reputation"

"It's time to yell from the mountain tops that your community will take the high road and not resort to such lowly tactics. Deno

In some circles of the system administration world, the Linux user community holds a bad reputation as a pack of dysfunctional script kiddies.

Now of course not all Linux users are bad people. By human nature, though, we tend to remember the worst out of any group.

I'm sure as time goes by and more businesses and professionals start to take Linux seriously, this reputation is less deserved; but nonetheless if you say "Linux" to many seasoned administrators (especially IRCops), the first thing they think of will be script kiddies - the online equivalent of vandals.

They are of little clue (just enough to cause trouble) and absolutely no positive conflict resolution skill whatsoever. These are nerds who think that launching denial of service attacks affecting thousands or millions of users is an acceptable response to being insulted on IRC. They plague more than just the Linux community, but for whatever reason the Linux script kiddies seem to be more memorable. Perhaps our expectations of Linux are higher - the new guy always has to prove himself - and so failings and disappointments are more memorable.

Now the MyDoom e-mail worm that's been causing so much trouble on the Internet over the past week has deployed its payload, attacking SCO with a massive distributed denial of service attack from infected machines, despite a bug causing the attack to fail from about 75% of infected machines.

It's no secret that SCO has drawn the ire of many a Linux user for its claim that Linux source code stole copyrighted Unix code. The relative merits of SCO's case are beside the point; that matter will be decided not by any of us, but by the courts.

Now there's no direct evidence linking the MyDoom worm to the Linux community. But it would be amazing for someone who was not at least sympathetic to the Linux community's battle with SCO to choose such a relatively-obscure target for attack otherwise. A second variant of the MyDoom virus is set to attack another Linux "enemy": Microsoft.

Even if we suppose that the author of MyDoom and MyDoom.b chose the Microsoft and SCO targets completely at random and their apparent grudge has nothing to do with Linux at all, this action still isn't good for the Linux user community. People are going to put 2 and 2 together anyway. Notably absent from the news articles about the worm are leaders from the Linux community condemning this type of behaviour. The media itself may be partly to blame, but I can't help but wonder if more could be done to get the message out there.

The problem is that even if it isn't deserved and even if Linux has nothing whatsoever to do with it, Internet vandalism on this scale to enact some kind of vengeance on an "enemy" of the Linux community still reflects badly on that community, making it look childish, immature, dysfunctional, and desperate. Outsiders will associate the Linux community with the person or persons who wrote the worm, regardless of whether that's fair.

Outsiders may also assume that "silence = consent." Linux users, take advantage of this opportunity to take a stand against script kiddies and worm hackers. Make it clear that this kind of behaviour is not tolerated within your community. Where are your leaders saying, "Even though we disagree with SCO, this is not the right way to show our disapproval?" Why isn't someone saying, "This is not how we solve problems and resolve conflict?"

It's good to see that open-source advocate Eric Raymond voiced similar concerns [as did Bruce Perens here at LinuxWorld]; now let's hear from folks who control the direction and development of Linux itself.

I know we geek types don't like being thrust into political leadership situations. We'd all much rather bury our heads in code and go about our creative process. Unfortunately, once a community develops around a product, its developers are unavoidably forced into these situations. The community forces the leaders to think about things like PR, conflict resolution, influence and other political nonsense. To migrate to and survive in the business world, you must think and act like the business world thinks and acts. Microsoft didn't hesitate to offer a massive reward for the head of the worm's author. Why was there silence from Linux?

When someone makes your organization and community look bad, it's time to engage PR (hey, it works for Microsoft). It's time to yell from the mountain tops that your community will take the high road and not resort to such lowly tactics. Denounce Net vandalism and disown the vandals. Develop a culture that says this kind of childish behaviour is below your community standards.

You must get the word out (use PR Newswire or get help from allies like IBM if necessary), or folks like me are going to read the news about the next Internet worm that attacks a well-known "enemy" of Linux or open-source and say, "the Linux kiddies are at it again."

More Stories By Nick Johnson

SysAdmin Nick Johnson writes for a number of sites including morons.org where an earlier version of this piece was posted. This version is written specifically for Linux.SYS-CON.com.

Comments (17) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

Most Recent Comments
Pete 08/09/04 02:28:57 AM EDT

I think the news media is making the news agian/still.
My feelings about SCO is slightly less than bad and my wish for them straighten up and quit being a lap dog for MS is strong.
After the actions of their fearless leader in this less than intellegent venture so far I would venture the whole Doom issue to be planted by MS or SCO.
I certianly hope it isn't some Linux folk.
The code is so sofphmoirsh as to have been put by a script kiddy but most of that junk is downloaded from WAREZ sites that are devoted to MS anyway.
I truly hope SCO looses their shirt. I don't wish the honest working blokes there harm but this jerk at the top of that heap is out of his ever loving mind!
Where's the evidence McBride!!!!?????

vic 02/08/04 11:54:54 AM EST

Just a quick note. Any time there is a virus outbreak everyone starts blaming someone else, and start asking for better anti-virus software. I have yet to read any journalist that fingers the real culprit and offers the real solution: stop using OutLook! I will not even say stop using Windows, I'll keep my opinions on that issue. Tehere is a spanish saying that gose something like this: 'if there is no dog, then there is no rabbies' OutLook is the dog, MyDoom and others are rabbies.

Nick 02/05/04 07:58:23 PM EST

I'm not the among the paranoid kind of people, but this could've been easily a Microsoft (and maybe SCO's too) "little" conspiracy against Linux. They both want Linux out of the way. Why ? Microsoft can't keep up with their patches for their buggy Windows and SCO can't make a better UNIX even with their BIG NAME and experience and FUNDS. So let's find the real problem INCLUDING THE BACKDOOR. Now this a scenario:
One day, a very knowledgeble guy breaks into microsoft.com and fools around. Later, he gets caught. Microsoft has two choices. Throw him in jail for a long time or use him for free, forcing him to make something really nasty at the perfect time - right when SCO threatens the Linux world and everyone would point the finger at the Linux users. They could've thought about the first impression on MyDoom and the world now knows MyDoom infected MANY computers and SCO was down for a while because of DDoS attacks. They could've also counted on some guys to notice the backdoor, so that way spammers might me suspected for stealing private information. Nice one. Now they'd be fully covered. Well... keeping in mind this scenario will somehow make sense the following quote:

"The creator of what anti-virus experts say is the fastest spreading virus ever on the Internet signed MyDoom and MyDoom.B with "andy," and left the following message in the latter version: "I'm just doing my job, nothing personal, sorry." Check this link: http://news.softpedia.com/news/2/2004/February/6956.shtml
Seems like someone's sorry. May be true or may be not. But I've never heard anything like that in a virus. What's also interesting is the fact that - and I quote again - "The attack is programmed to continue on the company's Web site until Feb. 12, according to messages left inside the virus' code. " - from the same source. Yes, interesting... I wonder why everything should stop after Feb. 12. So SCO can go on with their business making MyDoom history just like that ? Something's really rotten in here in my opinion. I've heard about viruses doing things at a specific time and/or date and viruses that just do things whenever they are unleashed but viruses that go away nicely after a few days ? Weird. And that's all I can say about that.
Message to SCO: Keep up with the world and don't throw shit in hard working people. Be men and fight Linux the programming way, not the court way. Prove you're better.
Message to Microsoft: Try Linux. Have fun. Have security. Have quality services. Have your own contribution to it. Have it shared for free, as the other ones. Enjoy. We already are.

anuj sethi 02/05/04 07:37:25 PM EST

I am a windows user (with a broadband connection). Please don't hate me for, "I don't want to be bothered by what goes on inside my computer". As a netizen, I can do my duty to remain clean, if I have "a effective & free anti-virus".

'My loss' is the community's loss. Save me.

warren crossing 02/05/04 06:00:49 PM EST

warning - this is NOT a terrorist attack
attention passengers - this is a H4XX0< 4774K [hacker attack]

a terriost uses VIOLENCE to further his POLITICAL agenda
how is MyDoom voilence and how is SCO political - oh wait
are you trying to define the concept of virtual violence [VIRTUAL TERRORISM] in the 22C?

get real - the attack on sco is not political it's purley commercial. ie sco stole linusesusuesses code! shake your money maker!

stop watching so much tv and read a book you @ [monkey]

Kurt 02/05/04 01:52:23 PM EST

I agree with Photocrimes the DoS attack was a cover for the backdoor and key logger. The hammer will drop again when the results of the spammers gains from the backdoor and key logger hit. Even with the massive news coverage thousands of "novice" windows users will not do anything to take care of infected machines. There are a mass number of WIndows users that have no clue as to what goes on inside their machines. It's a mentality supported by the "click it and everything takes care of itself" mentality of Windows. It doesn't require the operator to know much to make it go. Most home users on broadband connections do not have a system admin to make sure virus definitions are updated and firewalls are set up and all security patches are applied. I have worked on a number of systems that have not been updated since first boot. The Linux community should disavow themselves from all the "script-kiddies" and other people who break into, or otherwise compromise, systems for maliscious intent. But to "stand up and shout" about a specific event is to own it. We don't own this one. Instead point out how this wouldn't happen on a Linux box running OS sofware, offer solutions and help out those of us who have to recover Windows systems affected (I run Linux at home but support DOS/WinNt/Win2K/WinXP at work). Building good will will go a lot further than more shouting.

Bryn 02/05/04 06:05:17 AM EST

'Keeping the viruses coming' will give only the most moronic members of society 'a laugh' and will not 'show the world that linux users are a force to be reckoned with'. It will turn the uninitiated away from linux, because every time SCO is the subject of a DDoS attack, the media will again associate the virus attacks with the Linux vs SCO dispute and the general population will make the association Linux = virus writers. They will, understandably, be turned off any thoughts of investiagting the virtues of Linux for themselves and so Linux will end up suffering more than SCO.

The logic that says Linux advocates are incapable of writing Win viruses is also completely flawed. Linux users are on the whole more technically capable than the average Win user. The writer of MyDoom was almost certainly a supporter of Linux, though this obviously does not mean they are a contributor (almost certainly not, I would guess).

We must all utterly condemn this terrorism, for that is what it is, and demonstrate that we are way above this idiotic level of thinking. We do not need to silence SCO to defeat them, quite the contrary.

Greg 02/05/04 02:35:00 AM EST

We're living in a system of law and order. I certainly agree that the law does not always apear just and certainly not fast enough. However, while there are justified cases of self-defence, MyDoom is certainly not among these cases. MyDoom is more like terrorism. It only destroys for the sole sake of destroying and doesn't show better (or at least other) ways. Assuming it's targeted at SCO, how much sense does that make and secondly what about the collateral damage?

Viruses, Worms and the like appear to be funny, as long as you're not among the victims. There seem to be few effective ways agains epidemics and plagues. One of them is certainly respect, another might be carefulness. I'm convinced that mischievousness, either passive or active, is the rather wrong approach!

Don't keep those viruses coming. Any such virus author must be condemned and be brought to trial. The Internet has become a vital part of the (civilized) world. Help your legal system with facts and it will work much better towards what you expect. Be responsible yourself and avoid any such virus could be spread through yourself! Don't ask what the legal system can do for you, ask what you can do for the legal system. Don't ask what the Internet can do for you, ask what you can do for the Internet! The Internet needs you!

Tore in Sweden 02/05/04 02:18:04 AM EST

The so called 'Linux script kiddies' are what you say,
Linux script kiddies, and if they are real Linux kiddies
they will not start hacking in a Win-box. No this is just
bad guys with Windows knowledge.
And as we see, I'not alone with this opinion.

warren crossing 02/04/04 11:42:04 PM EST

well one thing is established so far - and that is linux users are not prepared to put up with software commodities and the political capitalist-driven bs that goes along with it. i myself dont run windows because of critical security limitations with the os architecture, and am not affected by the windows user-land viruses

why its microsofts inability to produce a stable platform and the users' ignorance who run such a floppy piece of application code that causes this to happen in the first place -

why doesn't sco sue ms for allowing this to happen?? surley this would make solid sense. are sco paranoid or what??

i say keep the viruses comming - give us all a laugh and show the world that linux users are a force to be reckoned with!!!

G.I. Taylor 02/04/04 11:12:02 PM EST

SCO and Microsoft are quick to offer rewards. Microsoft was quick to pay for some IP License when SCO started their Lawsuit against IBM. I Think SCO and Microsoft are behind the Mydoom Virus in Order to taint Linux Growing reputation.
A virus hackers do not care who gets infected as long as their goals are met. I do not agree with the statement that we should shout from the top as if to admit liability.

Richard C. L. Li 02/04/04 07:53:27 PM EST

It is clear that the creator of MyDoom is expert in Windows, since MyDoom is Windows based coding. Therefore it is quite clear that it is not by any "die hard" Linux users and/or hackers.

Did Microsoft funded the journalist to mislead the community to think that it is Linux guys behind the MyDoom?

VoiceOfCommonSense 02/04/04 10:25:16 AM EST

What can the Linux community do when the press doesn't do their homework? Do you have a suggestion?
Erroneous press, like SCO's accusations that the Linux community is behind the MyDoom worms, is harming Linux's reputation. Perhaps in some circles that may be true, but I'm not seeing it affect Linux's adoption in the business world and little if any affect in the consumer market.

Why don't the Windows users take a stance against "script kiddies", as you call them, or "professional spammers" as others have called them? It's their systems and their ignorance that's being exploited. Why doesn't every networked computer user take a stance? It's their network that's being clogged, their mailboxes that's being polluted. This isn't just a Linux community problem, it's society's problem.

Martin Vermeer 02/03/04 10:45:26 AM EST

I disagree with the idea that we should shout from the mountain tops
'we have nothing to do with this' and 'we condemn it in the strongest
terms'. It works just the other way around: doing so will only taint
us stronger in the public eye. That's precisely what a politician
would do; who would take them at face value or even seriously? Such
holier-than-thou is routinely disbelieved and rightly so.

We should, if asked, comment in ways that explain the situation. By
all means volunteer explanations where opportunity arises... but
dispense positive messages, not reactive ones! E.g., we could quietly
point out that

1) though Linux is pretty immune to viruses, the spam hits us just as
hard as the Windows world (and yes, mix viruses and spammers
rhetorically, it's more than just rhetoric!). So, we have no interest in
this and in fact, the community has produced some great anti-spam
software and services already benefiting all Internet users

2) every basket has its rotten apples, but this particular basket is
too busy keeping the Internet and corporate networks running to be
bothered with childish tinkering, and

3) contrary to some (i.e., journalists, but you don't have to say that
aloud :-) we actually know what we are doing and happy to share our
knowledge freely. With a link to Groklaw...

ashishK 02/03/04 10:41:15 AM EST

Agree, but i think Bruce Perens already said much of this:

Thus, I urge all persons who have sympathy for Free Software, Open Source, and Linux:

Do not cheer on attacks on the SCO site. By doing so, you falsely implicate our community in the attacks, in the eyes of outsiders who read your words. Our community believes in freedom of speech, not silencing our opponent's speech through net attacks. We will defeat SCO using the truth, not by gagging them.

Publicly deplore the attacks as an attempt to defame us, and not an effort of our community. Show others this notice. Continue to fight SCO, using all legal means at your disposal. Show others the analysis of SCO's ongoing fraud at Groklaw.net and elsewhere, and explain to them your own experience as a participant in the Free Software community.

Continue the visible presence of Free Software as a force for good in the world by producing excellent original software for everyone's free use and deploying it wherever possible. Promote these projects to the press and public as you carry them out. Do what you can for other public-good projects such as schools and non-profit organizations. FreeGeek.org is an excellent example of how to carry this out.

Show others by example that our side always takes the high road. When they see a low-road sort of action like denial-of-service, spam, or stock fraud, they'll know who to blame.
Remember that your actions count. You are ambassadors of our community.

Many Thanks

Mark potochnik 02/03/04 09:17:59 AM EST

Although I have heard a couple of negative comments about Linux people. When they said that they didn't want to go online today because of the virus. I told them that I had a solution. I gave them a copy of virus safe Knoppix, and they were happy to get it... A first...


Photocrimes 02/03/04 08:37:34 AM EST

I find it surprising that biased journalism is still being posted well "after" the experts in the community have stated that the MyDoom trojan was the product of a Russian Spam house. Using SCO and Microsoft was all smoke meant to draw your focus away from the true intent of the trojan, plant a back door and key logger. Cudos, it worked. It has fooled every journalist out there and smeared our good name while planting back doors in some 500,000 PC's ready for the spamers to use. Of course nobody points to the spamers, they are all too wrapped up in blaming Linux users, or trash talking them.

Don't you think it's fair to point out that this was a Windows based trojan? In fact Linux users are seldom refered to as "script kiddies" as they are often highly educated. It takes a fair amount of skill to be versed in using any Unix/Linux system. It is safe to say that this trojan could of been created with NO KNOWLEDGE of Unix/Linux whatsoever!

It troubles me that a journalist would overlook all of the other evidense and base his conclusion only on the words "Microsoft" and "SCO"

It looks like we overlooked one small part of this trojans payload. Not only did it plant a back door and keyloger, it also planted a bunch of journalist.