[Dshield] MyDoom-A/B

Coxe, John B. JOHN.B.COXE at saic.com
Mon Feb 2 17:29:16 GMT 2004

Based on some strings and code structure, there looked to be some similarity
to the Cyberpunk 2020 folks.  But it is a bit of a WAG.

I don't get the Russia connection.  If investigators are considering early
infections, even looking at hosts exploiting open relays/proxies for those
initial seeds, that was likely taken into full consideration by the culprit
anyway.  It was planned with resources that probably wouldn't give up any
decent logs.  Not to say that it isn't worth pursuing.  But as they said,
most of these guys are caught only because they felt a need to brag and get
the credit.  That approval dependency that fuels these guys is their

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of Rick Klinge
Sent: Monday, February 02, 2004 7:11 AM
To: 'General DShield Discussion List'
Subject: RE: [Dshield] MyDoom-A/B

Well I would best guess that Russia was just the target or patsy .. Not the
originators of the Virus.  I would agree on your synopsis though.  BTW,
Since when did sco convert to tarantella?


> On Mon, Feb 02, 2004 at 05:12:03AM -0800, Pete Cap wrote:
> > Date: Mon, 2 Feb 2004 05:12:03 -0800 (PST)
> > From: Pete Cap <peteoutside at yahoo.com>
> > Subject: Re: [Dshield] MyDoom-A/B
> > To: General DShield Discussion List <list at dshield.org>
> > 
> > John,
> > 
> > Think sneakier.
> > SCO is claiming that the Open Source community in general 
> represents a 
> > threat to truth, justice, and the American Way.  They want 
> to paint a 
> > picture of Linux users as renegades who do not care for standard 
> > business practices.  With this in mind it would make sense 
> for them to 
> > release a "pro-Linux / anti-SCO" virus and target themselves.
> > 
> > Did anyone else hear that the code contains some message along the 
> > lines of "Sorry, nothing personal, I'm just doing my job."
> > 
> > Is the author that much of a jerk, or was he paid to write this?
> >  
> > Hmm...
> One line of thinking is that the real purpose of 
> MyDoom/novarg is to set up backdoored zombies that can be 
> used at a later date to send spam.
> The apparent Russian origin has some thinking that Russian 
> organized crime is somehow involved.
> SCO (and the resulting Linux connection) is just a smokescreen.
> If there is such a phrase in the source code, it may be that 
> someone did write MyDoom for pay...
> - John
> -- 
> "Mad cow? You'd be mad too, if someone was trying to eat you."

Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.

list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list