www.sco.com is a weapon of mass destruction

Much of the commentary on the SCO distributed denial of service scenario, including our own, has been based on the premise that SCO badly wants to keep their web site running. This may not be the case: unlike Microsoft, which has a real business to run and a real need to keep its web site operational, SCO Executives may not strongly care about the availability of www.sco.com. After all, Michael Doyle’s half a billion dollar patent win against Microsoft scarcely hinged on the response times of the Eolas web site.

In fact, the author of the MyDoom virus has delegated control of the most enormous volume of http traffic that the Internet has yet seen to hostmaster@sco.com. On a whim, SCO can direct that Tsunami at an object of their choosing, simply by changing an A record in named.conf in time for the change to propagate by Sunday.

In this context, SCO Executives may have latitude to consider alternative defenses which do not involve having to parlay with low-down-no-good-Linux-loving-CDN-providers.

Continue reading

Phishers expand into telephony

Further evidence of the financial rewards presently available from phishing is that fraudsters can afford the time and labour of making the attacks by phone rather than being constrained to electronic mail. A mail we received continues the story.

My husband was called on Wednesday by "VISA" and I was called on Thursday by "MasterCard". It worked like this:

Person calling says, "This is Carl Patterson (any name) and I'm calling from the Security and Fraud department at VISA. My Badge number is 12460. Your card has been flagged for an unusual purchase pattern, and I'm calling to verify. This would be on your VISA card. Did you purchase an Anti-Telemarketing Device / any expensive item for £497.99 from a marketing company based in 'Anywhere'?"

Continue reading

SCO legal case poses a conundrum on how it should defend a DDoS

While Microsoft has a track record of deflecting DDoS attacks, the SCO Group's ability to defend its web site is complicated by the company's legal battle with Linux users. Both companies will be targeted Sunday by denial of service attacks from Windows computers infected by the MyDoom worm.

Content distribution networks (CDN) can play a key role in defeating DDoS attacks, using their large and widely distributed networks of servers to blunt their impact. Microsoft used a CDN service from Akamai to keep its web site online last August, when the Blaster worm programmed machines to launch a DDoS on the Windows Update site. Microsoft's strategy drew considerable attention, as the front page of the www.microsoft.com site was served by Linux machines on Akamai's network.

The largest CDN providers - Akamai, Cable & Wireless and Speedera - all make extensive use of Linux servers. That's a problem for SCO, which contends that Linux includes copyrighted code from its own operating system, and is asking Linux users to pay $699 per server for the right to use its intellectual property. It’s implausible that any of the CDN providers would pay this licence fee. If SCO feels that it is unable to patronise a very prominent Linux user, this eliminates one of the most proven defences and contrasts strongly with Microsoft’s practical and prosaic approach.

Continue reading

Via Net.Works Acquires Amen Hosting

Via Net.Works has bought the French hosting company Amen, and is eyeing further acquisitions, the company said today. Via Net.Works, which is based in Amsterdam and has operations in the U.S. and Europe, paid 7 million Euros ($8.7 million) for Amen, one of the fastest-growing hosts in 2003.

Top European Hosting Companies By Hostnames, Dec 03
Hosting Company Dec 03 Country
1&1 Internet AG 3,505,880 Germany
Strato AG 1,918,889 Germany
Host Europe 545,336 United Kingdom
FastHosts 379,553 United Kingdom
UK2.net 342,715 United Kingdom
Deutsche Telekom AG 313,468 Germany
Komplex 309,451 Germany
IP Exchange GmbH 280,407 Germany
Thus 273,965 United Kingdom
Tiscali 229,814 Italy
Via Net.Works/Amen 191,211 Netherlands
EasyNet 190,775 United Kingdom

The merger will more than double Via Net.Works' European hosting customers. Amen hosts 111K hostnames, with growth of 104 percent in 2003, while Via Net.Works hosts about 81K hostnames. The purchase of Paris-based Amen adds a "cash generating pre-paid business model" that will immediately boost the company's earnings.

Continue reading

MyDoom Variant Target Microsoft Site

A variant of the MyDoom worm will launch a denial of service attack against the Microsoft web site this Sunday, according to Kaspersky Labs.

The variant, dubbed MyDoom.b, is being circulated by computers infected with the original MyDoom, according to Kaspersky. The new version is identical to MyDoom, but includes www.microsoft.com in the targets of its DDoS component, along with www.sco.com. Both attacks are programmed to begin Feb. 1 and continue through Feb. 12.

Continue reading

Microsoft to remove support for usernames in http urls

A forthcoming update to Internet Explorer will disallow the use of the "@" character in URLs, addressing an issue which has helped fraudsters to obscure the true destination in a web site addresses. Once the update is installed, including the @ symbol in urls will return an "invalid syntax error" message. Microsoft's advisory did not say when the update would be available. Continue reading