Mydoom author sorry for his sins...

Discussion in 'News' started by SimonV, Feb 3, 2004.

  1. SimonV
    Honorary Member

    SimonV Petabyte Poster Gold Member

    [​IMG]<font size="3">Mydoom author sorry for his sins...</font>

    A variant of the virus has a cryptic message in which the author appears to apologize for creating the infection. The MyDoom variant that joined the original virus in wreaking havoc on the Internet last week contains a cryptic message in which the author appears to apologize for the malicious code, security experts say.

    The creator of what anti-virus experts say is the fastest spreading virus ever on the Internet signed MyDoom and MyDoom.B with "andy," and left the following message in the latter version: "I'm just doing my job, nothing personal, sorry."

    Full Story:
    Certifications: MOS Master 2003, CompTIA A+, MCSA:M, MCSE
    WIP: Keeping CF Alive...


  • Thread Status:
    Not open for further replies.
    1. flex22
    2. Jakamoko
      I DON'T CARE :evil: Let the bar-steward swing, I say :evil:

      All I've had the last 48 hours is one crashed Mail Server and thousands of angry customers demanding I switch it back on immediately, or "just buy a new one, can't you ?"

      Not happy :x
    3. AJ
      Sorry, Sorry Bull****

      That does dosn't help the poor people who got caught with this or the companies who have lost valuable £ and $ sorting the bloody thing out

      In my humbler opinion
    4. Jakamoko
    5. flex22
    6. Phil
      Yup I'm with you guys, now we've got the lynch mob together lets roll, oh and don't forget the flaming torches :)
    7. AJ
      "A witch, a witch let's burn 'em"
    8. dreec
      I'm sorry, but I feel I must put the other case. The biggest problem with worms / virus is not the actual code but users.

      You get an e-mail with an attachement which you know nothing about, you open the attachement BANG you get infected. Is the the code's fault or the education of the users?

      I know I will probably get nailed to the floor about this but if sysadmins trained users and made sure that everyone was security aware then the only problem should be with the number of e-mails you receive with the virus / worm contained..... but hang on a minute if all people did their job correctly then no one would open the attachement and the virus / worm would not propergate... wow a SOLUTION to the problem

      As for mydoom it arrives with undeliverable in the subject line. If you have not got an e-mail rule / event handler set up to trap undeliverables and only allow access to admins. then sorry folks but you deserve what you get.

      I know many people on this site are relative newbies to the IT industry but please people as the great Flava Flav once said "don't.. don't... don't.. don't belive the hype!"

      The easiest way to stop this sort of activity is to train users not to open unknown attachements, configure your e-mail environment to trap undeliverables, auto config anti-virus software to update on a regular basis (thats once per DAY, MINIMUM) and keep upto date with security patches from software vendors, . It might sound like a lot of work but Mydoomw as discovered Jan 26th, thats 10 days ago, anyone still getting infected and spreading the worm are the people causing the problem NOT the worm itself.

      Jak - sorry my friend but if you have got and I quote "thousands of users" and only one mail server then you should really look into a back-up which can be brought online within a 10 - 20 minutes configured to block the newest / latest virus. I know servers cost money, but how much is goodwill and service worth to your company?

      AJ - "It doesn't help the poor people who have lost thousands" serves them right if they did not get their act together quick enough.

      As I said above folks, sorry but sometimes the users and admins have to take responsibilites. It's to easy to blame someone else.

      Right I'm off to hide somwhere fireproof as I can feel the flames already licking at my inbox.
    9. Jakamoko
      Don't worry - that's not how it works around here - out you come :lol:

      As for me, I don't fortunately have the luxury of purchasing the Servers for our company, but I know that we're investigatiing fail-over set-ups at the minute.

      Also, your reply "from the other point of view" seems to focus largely if not entirely on the office/workplace scenario (frogive me - I did skim-read, and will prob kick myself after I post ...). My original gripe, if not eloquent, was describing a situation in my workplace, derived not from bad practice by staff, but from the fact that we are now having to deal with the effects of a virus released into the wild, which is affecting home users prob much more tyhan any no. of businesses. The end result being that we(the ISP) have the problem, propagated by the thousands of users, the results of which are the felt by those same users.

      Its fair to say education would help ignorance, but who's gonna tell Joe User at home that he / she must implement good security practice on a daily basis, when all he / she is interested in is sending 2 emails a year to "Auntie in Canada", download some recipes, music, porn, holidays tickets, etc.

      Again, this is maybe a hasty and slapdash reply (not without thought tho;), and is in no way a backlash to your or anyone elses opinions. As I say - its how we do stuff around C/f we'll all still be chatting this time tomorrow :thumbleft

      Take it easy ... :D
    10. Phil
      Hi dreec

      I would say I agree with you to a point, there wouldn't be half the problems there are if users had a higher awareness of security issues. However I think you're taking a very onesided view of things, the virus writers deserve to take a large portion of the blame, they are creating code to purposely do damage to online systems and the fallout affects millions of users. They can't argue that all they're trying to do is spotlight security flaws in Operating Systems because the payload they include is malicious. Most if not all corporate networks should be well shielded by now but as Gav says, who is there to train the home users ?

      Anyway you can't say this Sysadmin doesn't take Security seriously, I even bullied my assistant into installing a firewall at home last night, he did it in the end just to shut me up :D
    11. flex22
      If it was simply left to users who don't know how to make a virus, then a virus would never, ever, ever, never be created, EVER :!: :!:
      Likewise, if there were no nuclear scientist, then we would have no nuclear weapons.
      These things don't spontaneously occur, but if they do then can someone tell me, maybe computer virus's can occur spontaneously, but anyway I'm talking in the context of manually created virus's.

      On the other hand if there were millions of computers, but only one computer user (the virus maker) then he would have to spread it himself by accessing all these machines.
      So yes, the users help to spread the virus.

      I know my explanation is pretty obvious, but I'm just making the point.

      -No virus creater - never a virus code in the first place.

      -No dumb users - code less likely to spread, but very likely to still spread to a degree.Human error, it's always there.

      Depends really what you mean by the "biggest problem."

      If you mean the spread, then yes the uneducated user's are the problem.

      If you mean for creating the virus in the first place, then that's the virus creater problem.

      A virus that doesn't exist cannot spread.

      Oh I can't be ar$ed writing any more
    12. dreec
      Phil - I agree I did take a one-sided view this was primarily to balance the 'hang em an burn em' type of posts. And to maybe start a debate on a topic I feel strongly about!

      In respect to your assistant installing a firewall at home doing it just to "shut you up" who cares as long as the job is done!

      As for the virus writers taking responsibility, yes I agree that they do have to take responsibility to a degree.
      mydoom - yes the original problem was caused by the writer, but the continuance is caused by lazy sysadmins or uneducated home users. (see below for my thoughts on home users)

      Blaster was written almost 3 months AFTER Microsoft announced the vulnerability and released the patch. Who's to blame for that one? users or the writers?

      As for home users and being made security aware are you seriously trying to tell me that a large number of home users do not watch TV, read newspapers, listen to the radio? mydoom and the way to avoid infection and to protect your system was mentioned so many times on the above media I was, in some respects, surprised I received 8 copies at home. (for the record I always keep one machine in my lab as vanilla install and whenever new virus / worm advertised use this to collect e-mails. I then save to floppy, disconnect machine from network then run the virus just to see what happens.)

      Maybe the way to prevent this happening in the future and to stop such a rapid spread is to prevent home users having 24/7 broadband connections unless they can pass a basic network / security test. Lets face it nothing spread this fast on 56kbps modems!
      But then the ISPs would probably get all steamed up as they can't charge the same rates for dial-up and lets face it broadband connectivity in this country (UK) is an absolute rip-off, the ISPs are raking it in.
      To protect the home user I feel the ISP has to take some responsibilty after all they are "Service Providers".
      In what other industry would you pay for a service have problems which COULD be prevented and still pay the bill next month?

      I just feel that the 'black hat' community have a very raw deal and are demonised by certain sectors of the industry to hide the fact that those sectors of the industry could do more but will not has it has impact on profits. And to be honest I fell that it the crux of the problem.

      Just one other thought;

      Have any of you seen the source code for a virus, looked at it, followed the logic? They are some of the best sources of programming information I have ever seen.

      I once modified a virus in order to add some additional lines of code to a web site I was bulding (an include file the client had forgotton to mention). By hand I would have had to modify over 100 pages, @ roughly 5 mins a page that would have been a days work. With the virus it took me approx an hour to work it out, 5 mins to modify and less than 10 SECONDS to run and complete what I wanted to do.
      (Yes I did charge the client for a full days work, hey it was their mistake!)

      All I am trying to say is that their are two sides to everything, instead of jumping on the bandwagon and joing the popular "wooa virus writers are evil" campaign. Try stepping back and thinking about it.

      PS: For the record my real name is NOT "andy". :wink:
    13. dreec
      whilst writing the above, flex nipped in with his post which I feel I must reply to.

      flex - Virus's exist. End of story. The question is how to prevent the type of damage caused by the likes of mydoom, the answer;

      Educate the user & FORCE the ISPs to take responsibilty to prevent this.

      At the end of the day an ISP is just an IT department with thousands of users connecting remotely, if using dial-up, via a RAS Server and with thousands of users directly connected, if using broadband. The ISP stores and forwards the e-mail to the user who is PAYING for this service.

      Sorry Jak, not having a pop at you, my friend I just feel every time something like this happens nobody seems to mention the role of the ISP's

      I know the above is over simpified but I'm pretty sure thats the gist of it. If an ISP works vastly different to the above then please tell me.
    14. Phil
      You make some valid points, the ISP's will always be motivated by profit and they could do a lot more to protect their users. On the other hand they also have to walk a fine line, at what point does their protection become over protective and start interfering with their customers service ? How far do they go, block all exe's, viruses and binaries ? Also how will you get all ISP's to implement these measures ?

      Security issues are constantly in the news and the home users are becoming more aware. With every man and his dog now having a computer there is always going to be a proportion of them who are just not technically inclined or too new to computers and will not manage to have the precautions in place. So even if you could implement an education program for users it isn't going to stamp out the problems.

      At the end of the day you'll never get above a certain % of the public educated nor will you stop the virus writers finding new ways to attack our systems. So that just leaves us doing what we are doing, manning the battlements and fending off the next wave.

      One thing I'm afraid we will never see eye to eye on is the virus writers getting a raw deal, they are the ones who take delight in wreaking havoc wherever they can so I'm afraid I can not feel any sort of sympathy for them.......are you sure you name's not Andy ? :wink:
    15. AJ
      This thread seems to have taken a very seriuos route and quiet rightly! We have somewhere in the region of 1500 users and about 500 machine in the school and only 2 machines have so far been infected by mydoom (and that was the same user using 2 different machines). They were quickly removed from the network and disinfected and put back to use. We had our virus pattens updated just before the virus became rife and emailed everyone in the school about what to do regarding emails with attachments. That's not to say the virus hasn't been in the school. Everyday we are getting a number of phone calls from users asking what to do about this or that email. They know the answer, "Don't open it, delete it straight away". But they still need that reassurance that it is the right thing to do.

      Both Dreec and Phil raise valid points regarding educating users about viruses. How many people have bought PC's in the past few years for home just because it is the thing to do, or next door has one, or so little Jonney came use the internet to do his homework. These are the people who are most at risk. The suppliers of this equipement should also have the finger pointed at them. It is no good supplying a PC to a person and expect them to know how to use it. I know if you buy a washing machine you get an instruction bookklet. That does not happen with a PC. Yes I know that if you pay the extra you can get a bod come down and setup your new toy and give you 1/2 hours training, but is that enough. Shops who are in sell PC's for a fast buck are as much trouble as the virus writers themselves.

      People at work do have the backup and hopefully the training from their IT Dept plus the security of a good firewall and virus scanners. That's our job and if we train our users right and stay on top of the patches, patterns etc then our networks are as protected as they can be and our users are suitably trained. That's our job. People at home are at risk.

      ISP's should be helping, but as Phil says, at what point does their protection become an invasion of privacy. Microsoft should also take some of the flak. If they were on top of releasing patches as soon as holes appear then viruses would have a harder time (if of course everybody patches their machines), ie blaster.

      It would be interesting to see if Dreec's suggestion of a basic test for users to pass before broadband can be obtained could be done. Who would police it? ISP's, only for a price and all they want to do is sell.

      Anyway, for what it's worth, that's my opinion. Right or wrong.

      After all that, time for a lie down and a coffee.
    16. SimonV
      In a working environment I would agree that some of the responsibility does fall at the IT departments door, they are employed to oversee all aspects of IT within a business. But it has to fall to the individual to use some common sense. You don't see the guys at a DIY store giving lessons on how to use a drill and they don't get the blame when somebody drills into the water pipe.

      Coming from a training background its easy to see how a large percentage of users just don't have a clue when it comes to computers never mind the aspects of security and viruses. Your not telling me that when you get a letter through the letterbox that looks like junk mail that you don't open it "just to see".

      Allot of new computer users see an email in there in-box and with that small sense of satisfaction that somebody has sent them "something" they go ahead and open it. I think we forget that not everyone has an interest in computers and only know how to carry out limited actions. I've seen numerous amounts of users panic in situations that they are unfamiliar with and their reaction is to click anything and everything.

      Basically in business I'd say that some of the responsibility does fall with the IT departments to take necessary action quickly and thoroughly to prevent the further spread of viruses within their responsible domain with both educating users and keeping systems up to date. But this also highlights a training need to educate users in the importance of these issues that I feel doesn't fall with the responsibility of an IT dept.

      Home users however cant be blamed for ignorance of these issues as most home users really don't care.

      Thinking about the length of time computers have been a part of family life and the volume of information surrounding the subject it no wonder these situations occur, people have not been using computers long enough to have any awareness of viruses, firewalls etc.

      I do think that these situations can and will benefit the development of individuals in awareness but unfortunately at a cost, I can say I have had a virus and lost data but this was when I knew very little about computers but after that I made sure I didn't get another.

      Crap got to get back to work :D
    17. flex22
      As an option when signing up this would be good practice, but it would never be mandatory.I can't ever imagine the there being a law, so that it's illegal to sell broadband to anyone who hasn't passed a test.
      And lord do we really need more laws, I mean it's probably illegal to walk the wrong way around the block these days.

      If it wasn't mandatory by law, but a responsible ISP (ok this is theory, bare with me), made it mandatory, then all the customers would think:

      "hey this ISP looks a good deal, oh but you have to pass a test, ah well we'll go for this one that doesn't require a test"

      And I wouldn't blame the customers one bit, because comps still scare the life out of me, and I know a little about them, and I still remember not long ago when I knew zip about them, I would have felt the same about a test.

      I still remember how scary computers used to be, clicking anywhere on the screen, just total confusion about doing anything.No offence to anyone, but as you get more into this, you probably forget more and more what that is like, if in fact, anyone experienced that in the first place.
      Some of you know so much and are very technically minded that the most basic things are so second nature to you that it's hard to imagine how this could cause anyone any problem for anyone.
      I'm not saying that people are inconsiderate, no, but it's like once a baby can walk they look at a baby that can't even crawl and think "hey it's simple to crawl, why is it having such a problem.

      There does have to be an effort to educate all the millions of internet users, it's just how you do that that needs to bbe sorted.
    18. dreec
      Agreed ISPs do have to walk a fine line between protection and invasion of privacy, and this raises another point re the Internet.
      At the moment the Internt is pretty much unregulated, which is the way I like it, but with this freedom comes a responsibility.
      If, as I suggested, ISPs started to protect home users more then to some degree the 'net becomes regulated, the same applies if a test was brought in to get broadband.

      So it would seem that we are all in agreement that the we like the freedom the Internet currently offers. However freedom is a double edged sword.

      We can't all shout about having freedom but with the assumption of what WE call freedom is correct. Who says that my idea of freedom is right, who's to say anyone else's idea of freedom is right. Surely freedom is exactly that - the ability to do whatever you like, whenever you like. If someone decides to right a virus and release it, is that not their personal idea of freedom? Is it wrong? If so why? Yes they can cause damage, yes it can cost money but going back to the responsibility point is it not your responsibilty to ensure you are protected? As it is as much their responsibility not to release it, but responsiblity is a completely different issue.

      I may not agree with the actions people take but I will always defend their right to take them

      Imagine a scenrio where you have £1,000,000 in cash in a bag. The responsible thing to do is to get it into a bank ASAP, but you have the freedom to walk down the road carrying it. You drop the bag and someone else picks it up with no witnessess around and no way of knowing who it belongs to. The responsible thing, and the right thing, would be to hand it in to the police, but they have the freedom to pocket it.

      The point I am trying to make is that freedom can only be one thing which is total, and we have to live with the consequences good or bad.

      Phil - As to virus writers getting a raw deal the point I was trying to make here is that everyone seems to blame all the problems caused, on virus writers (read the first few posts in this thread). But when people are asked to think, well read the latter posts in this thread

      SimonV wrote "some of the responsibilty does fall at the IT department door" and "the individual to use some common sense"

      AJ wrote "The suppliers of the equipement should have the fingers pointed at them as well" and "shops who sell PCs for a fast buck are as much trouble" and a certain software vendor "should take some of the flak"

      So you can see the problem is caused not only by the writer of the malicious code but also;

      ISP's, Software Vendors, Suppliers, IT Departments, Shops

      In other words it is an industry problem and is caused by the ENTIRE industry.
      Last edited by a moderator: Jan 2, 2015
    19. Phil
      At face value I couldn't agree more with that statement, but I don't think it covers the virus writers. Yes they have the freedom to write such programs but what gives them the right to inflict their "freedom" on other people. Are you saying you would defend the right of terrorists to fly aircraft packed with innocent civilians into skyscrapers packed with more innocent civilians ? That's an extreme example and the concequences are nowhere near as dire but it's the same principal, these virus writers are inflicting their "freedom" on a large number of people with malicious intent. As you say with freedom comes responsibilty, if people can not exercise their freedom without consciously doing damage to others then they deserve all the condemnation they get.

      Yes it is an industry problem, but the Industry consists of so many parties with their own agendas I don't think they will be capable of combatting these problems in the near future. Virus writers have been around for donkeys years, they have moved from the boot sector to email with far more devastating concequences. They'll be around for a long time to come.

    Share This Page

    Thread Status:
    Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.