Legal Bytes: So … What Does Unix/Linux Have To Do With
The MyDoom/Norvag Virus?
by John Brewer February 2004
The New York Times reported this week “that some computer security analysts are predicting the latest virus attack will become the largest ever outbreak of viral e-mail. The virus-like program is a worm and is known by a variety of names, including Mydoom and Norvag. It is proliferating through e-mail attachments and file-sharing services. Some computer security analysts said that in terms of volume, it had already surpassed recent Internet plagues such as those caused by the Sobig and Mimail family of viruses.
"It's the biggest e-mail outbreak we've had," said Mikko Hyppönen, director of antivirus research at F-Secure, a computer security company based in Helsinki, Finland. "It's a massive, worldwide issue." He estimated that by early this afternoon, close to 20 percent of all e-mail traffic in the world could be attributed to the proliferation of Mydoom.”
Another virus attack exploiting Windows has become old hat to computer users. How is this latest attack different from prior experiences?
Security experts report that the virus is embedded with instructions to infect computers hosting the Web site of the SCO Group, of Lindon, Utah. SCO Group owns the licensing rights to the Unix operating system. Reports state the virus will instruct an infected computer to connect to the SCO Group's Web site beginning the first of February. The attack is intended to last until the 12th of February and shut down the site. These types of attacks are commonly called “denial of service” attacks. So, why is someone, whether one or more, picking on the SCO Group?
The New York Times article says the “SCO Group contends that the popular Linux operating system, a variant of Unix, violates the company's license and copyright. Users and fans of Linux, which is free and was developed communally by numerous contributors around the world, reject the SCO Group's accusations and say the company's rights are nowhere near as broad as it contends.
Last year, the SCO Group began a campaign to collect fees from the firms that support and use Linux. The SCO Group first sued I.B.M., the world's largest computer company and a leading corporate champion of Linux, accusing it of illegally contributing Unix code to Linux and seeking $1 billion in damages. I.B.M. has denied the accusations.
The SCO Group today offered a reward of up to $250,000 for information leading to the arrest and conviction of the people responsible for creating Mydoom.
The SCO Group's president and chief executive, Darl McBride, said Mydoom is the fourth attempted denial-of-service attack against the company in the past 10 months, and provides a window into what he called "the darker side of the Linux community we've been fighting."
"This is obviously by far the largest-scale attack we've seen come against us," he said in a telephone interview. "The first three were coordinated attacks directly against our Web site." Now,” he said, “the attackers are effectively engaging every computer user around the world as proxies to fight us."
McBride continued that "we think this is a slippery slope going to a bad location," he said. "We just want to have our claims heard in a courtroom, and now we have a bunch of people showing up with pitchforks trying to prevent us from getting into the courthouse."
Reports also state that the virus creates a back-door on infected computers. Hackers can use the back-door to install other programs that can convert the computers into relay points for spam e-mail.
Viruses "would not be a problem if we did a better job of educating the public with the do's and don'ts," said Marty Lindner, a computer security expert at the CERT Coordination Center, a computer security response team operated by Carnegie Mellon University in Pittsburgh. “In spite of repeated outbreaks of malicious programs that have crippled systems worldwide,” he said, “people still cannot resist opening mysterious attachments that arrive in their in-boxes.”
The SCO Group was previously known as Caldera International and is one of the well known Unix and Linux vendors. The name change occurred in August of 2002.
CNet opines that “the company's strategy is less about the legal merits of its claims and more about compelling additional Linux users into paying its license fees. They knocked on one door and didn't get any money, and now they're moving to the next door," said Phil Albert, a partner at intellectual property law firm Townsend and Townsend and Crew LLP, in San Francisco. "Part of their strategy may be that it doesn't really matter if they have any copyright claim." “Proving a copyright claim is difficult, and SCO will need to overcome major hurdles to do so,” legal experts said. “But the fear of litigation alone may force a defendant company into a settlement, which would set an example that could push other Linux-using companies to pay SCO the license fees it has been seeking from end-users,” they say.
Bruce Perens, a leading spokesman for the open source software movement, has responded to the latest attack with the following advice, “Thus, I urge all persons who have sympathy for Free Software, Open Source, and Linux: Do not cheer on attacks on the SCO site. By doing so, you falsely implicate our community in the attacks, in the eyes of outsiders who read your words. Our community believes in freedom of speech, not silencing our opponent's speech through net attacks. We will defeat SCO using the truth, not by gagging them.”
Publicly deplore the attacks as an attempt to defame us, and not an effort of our community. Show others this notice. Continue to fight SCO, using all legal means at your disposal. Show others the analysis of SCO's ongoing fraud at Groklaw.net and elsewhere, and explain to them your own experience as a participant in the Free Software community.
Continue the visible presence of Free Software as a force for good in the world by producing excellent original software for everyone's free use and deploying it wherever possible. Promote these projects to the press and public as you carry them out. Do what you can for other public-good projects such as schools and non-profit organizations. FreeGeek.org is an excellent example of how to carry this out.
Show others by example that our side always takes the high road. When they see a low-road sort of action like denial-of-service, spam, or stock fraud, they'll know who to blame.”
The bottom line is that the latest virus attack may be part of a scheme of corporate espionage. Watch the news for further developments.
John Brewer practices law in Oklahoma City, is a member of the Governor’s and Legislative Task Force for E-Commerce, and enjoys issues relating to eBusiness and cyberspace. Comments and questions are welcome and can be emailed to: