Linux Faithful Still Getting It Wrong

Posted on by

As the continuing saga of the myDoom virus/worm unfolds, the Linux faithful are sticking with their kneejerk reaction that this cannot be the work of an OSS user/sympathizer. (See preceding blog entry for more detail.)

The lastest salvo? LinuxWorld – which should know better – has reprinted an article from the Moscow Times that says the virus has been traced back to a Russian ISP.

OK.

But the article is reprinted with this article summary (provided by LinuxWorld):

In a story that would completely exonerate the Linux community, accused by SCO of perhaps being behind this week’s e-mail virus, the Moscow Times is carrying a story this morning that the first e-mails infected with MyDoom back to addresses with Russian Internet providers.
MyDoom Comes From Russia With Hate, Moscow Times Confirms, Jan. 30,2004

How does this exonerate the Linux community?

Let’s look at the facts as they exists:

  • The virus appears to have originated from a Russian ISP.

  • The virus has many functions; it appears to be predominately coded to install trojan spam engines. It also targets (depending on variant) either SCO or Microsoft for DDOS attacks. It seems to at least try to install a keylogger, as well.

  • It targets Windows boxes only.

OK. So how does this Russian connection/spam-zombie reality exonerate the Linux community?

Let’s look at some other generalities that may come into play with this situation:

  • Most viruses target Windows, for two reasons: 1) Largest installed base, so best bang for your viral buck, and 2) As the Top Dog in software, MS is a target. Would be the same if Sun or Novell or Apple were software king. So myDoom targetting Windows is nothing exceptional.

  • Why would a virus target SCO for a DDOS? Really, the primary reason would be a grudge against SCO’s anti-Linux lawsuits. There could be some personal reason that the virus writer targeted SCO (old girlfriend works there…), but this one makes the most sense as a rule of thumb. So the writer is probably an OSS sympathizer.

  • The virus written for Windows does not mean that the virus writer likes MS apps; it means the opposite. Yet I’ve seen many comments that “Linux coders would never write for Windows….” Well, not for profit, maybe, but for destruction?? And would Windows coders – black hats or not – really care much about SCO? Why would a VB/C++ coder care about all this Linux/OSS stuff? If they were rabid MS fans, they’d probably welcome the SCO actions, not attack SCO.

  • The virus originated from a Russian ISP. Some facts:

    • The writer could be Russian or not.

    • The writer could live in Russia or not.

    • The writer appears skilled; this virus could have been written anywhere just hit the Internet via this Russian ISP (spoofed or real).

    • Russians are part of the Linux community – which is a global community

    • Russians – especially Russian OSS fans – are likely to be just as annoyed at SCO’s efforts against Linux as I am (I’m in the US).

So – again – how does the knowledge that the virus seems to be a spam bot and coming from Russia exonerate the Linux community?

The fact that the virus targets SCO – again, why??? – means that a skilled programmer wrote a spam bot that has an easter egg that nails SCO. Just for kicks.

Why SCO? Why not Amazon, Excite, some other higher-profile site? Because there is a grudge of sorts against SCO.

All the unfolding information appears to tell us is that this virus’ primary intent is not to thumb its nose at SCO.

That’s just gravy.

And it still points, sadly, to a Linux sympathizer behind the code. This does not mean the community condones such acts – for the most part, they deplore this and other similar acts – but it does mean that there is at least one OSS fan out there that has an active agenda against SCO.