Inevitably, this will lead to speculation that SCO might add the RIAA to the list of Linux using organizations currently receiving attention from its lawyers.
Of course, the RIAA is itself well endowed with lawyers should it need to defend itself, and just yesterday announced the latest in its own series of lawsuits against Internet users it believes are improperly sharing copyrighted music files.
If MyDoom.F was indeed the culprit, it raises an ongoing threat for the RIAA site, as the malware is programmed to launch its DDoS between the 17th and 22nd days of every month.
ASP Cookies offered by the site indicate that the Linux machine has probably been inserted as a reverse proxy in front of the existing Windows servers as part of an attempt to improve site availability.
% telnet www.riaa.com http HEAD / HTTP/1.1 Host: www.riaa.com 200 OK Cache-Control: private Connection: keep-alive Date: Wed, 24 Mar 2004 17:06:46 GMT Accept-Ranges: none Server: TST-SECURE-OS Content-Length: 15036 Content-Type: text/html Expires: Wed, 24 Mar 2004 17:06:46 GMT Client-Date: Wed, 24 Mar 2004 17:06:36 GMT Client-Peer: 126.96.36.199:80 Client-Response-Num: 1 Set-Cookie: ASPSESSIONIDACCAQQTA=JFDOPGDADGIMCADEOPMCBFCI; path=/ Set-Cookie: tstid=1e1bcc1010b6de32734c584317443b31.00.2618aad9df7cdf5ccc840a9df9a5275f;
domain=.riaa.com; path=/ Set-Cookie: tstid_wat_.riaa.com= ASPSESSIONIDACCAQQTA=ec9f3581e5a946cc2f1de6fb0600d9c1; domain=.riaa.com; path=/