OPINION

The MyDoom Effect: Crossing the Line into Terrorism

Last Thursday morning, the topic on the Today Show was the MyDoom worm. Matt Lauer, one of the show’s two anchors, was interviewing an Internet expert and asked a question near and dear to my own heart: “Is this new virus cyberterrorism?” The expert said no, it was more like cyber vandalism. Clearly, IT experts are seeing a difference that many reporters and I don’t see anymore. Even the Terrorism Research Center is now tracking the MyDoom virus.

I think of vandalism as something someone does to someone else’s property that visibly defaces it. In the online world, that, to me, would be parallel with defacing a Web site. But what if someone went into a medical site and changed a critical recommendation, switched one drug for another, and someone who used that information died? Would that still be vandalism or terrorism?

Now vandalism, as defined by the American Heritage Dictionary, is the “willful or malicious destruction of public or private property.” This doesn’t seem to fit well to me because the MyDoom worm is not just a personal attack against SCO and Microsoft, but it is also an attack on the millions of users of Microsoft products, particularly users who don’t have sophisticated security measures in place, like children, small-business owners and the elderly.

So what is the definition of terrorism? According to the same dictionary, it is “the unlawful use or threatened use of force or violence by a person or an organized group against people or property with the intent of intimidating or coercing societies or governments, often for ideological or political reasons.”

Just as it did last year in my TechNewsWorld column “Pros, Priests and Zealots: The Three Faces of Linux,” this still sounds like a match to me. Whether you agree with that definition or not, you can define cyberterrorism, at least according to AskJeeves, as “an assault on electronics communications networks.” When we look back on history, we’ll see the MyDoom worm as a classic example of cyberterrorism.

Attack on SCO or Attack on US

What I find particularly despicable is the nature of this worm that turns innocent computer users into soldiers for a cause. This worm turns their PCs into attack platforms focused on SCO, and — with the MyDoom.B variant — on Microsoft.

But what I find really amazing are some of the comments coming from the Linux community. As reported in Wired, some Linux advocates are saying they would load this virus “gladly” just so they could harm strangers who did nothing more than work for SCO or run an OS they don’t like. The words “civil liability” come to mind, and this is one of the few instances in which I hope the legal community sees blood in the water and does something meaningful with class-action litigation. We are talking about billions of dollars in damages.

I hold dear the right to choose the products I use and to feel safe from attack in my home. The ability to open e-mailed files from friends is an important part of my life. This attack has been as much against my rights as it has been against SCO or Microsoft.

After this worm attack, I will no longer look at Linux in the same way again. I mean, if the product is a good product, then why should I be forced to move to it against my will? Over the last few months, I’ve learned of several companies that have begun to move down the Linux path — only to reverse direction because of technology, legal problems or the out-of-control advocates who are giving Linux advocacy a bad name.

You won’t hear of these firms by name because they are afraid that if they were to go public, they would be attacked mercilessly by the Linux community. For these companies, freedom of speech is now a distant memory denied to them by these Linux thugs.

Opening Opportunities for Terrorists

This attack might not be enough to galvanize the nation against this sort of thing. Then again, as I was writing this, I received a notification from Symantec that it was tracking activity that suggests those who wrote the virus, or someone else, are now scanning for port 3127 in an attempt to take control of the thousands of machines infected by the worm. The results likely will not be pleasant.

This scenario suggests a “what if.” What if a known terrorist organization now makes use of the backdoors created by the MyDoom worm to attack government sites? Worse, what if this terrorist organization can now take down the security systems for power grids, aviation firms or law enforcement organizations? Once a known backdoor is open, there are no rules surrounding who uses it or what they use it for. The end result could be truly catastrophic.

If you think this is unlikely to happen, wander over to The Register and read about a briefing from the FBI. Also, be aware that the U.S. government just rolled out a Cyber Alert system that mirrors its physical terrorist alert system. The government is clearly getting serous about these threats.

The Only Viable Solution?

So, what do we need to do? Personally, I think it is high time we bite the bullet and move to some form of real user authentication. Whether to protect ourselves from a worm like MyDoom — clearly, there will be more such worms in the works — or to protect our children from predators, we need to know that the people we are communicating with in cyberspace are really who we think they are.

And people need to be held accountable for the damage they do, regardless of who they victimize. Too often are the elderly preyed upon by scam artists claiming to be what they aren’t and taking away the financial security that these folks have worked so hard to achieve. Too often are children approached by predators who prey on their inexperience to violate them verbally. And too often are our identities stolen by communications that appear to come from trusted sources.

An increased focus on trusted computing has never been more important than it is now, and it could be the only way to stop the spread of future worms. In the end, regardless of who does it, this kind of terrorist behavior is unacceptable. And if we don’t do something meaningful to stop it now, we will be as much at fault as the perpetrators.


Rob Enderle, a TechNewsWorld columnist, is the Principal Analyst for the Enderle Group, a company founded on the concept of providing a unique perspective on personal technology products and trends.


21 Comments

  • Before weighing the merits of Rant for Rent Rob’s vapid preverications, one should take the following into account:
    It’s official! Rob Enderle is a paid PR flack for Microsoft! Follow the link below:
    http://www.eweek.com/print_article/0,3048,a=110659,00.asp
    ‘Editor’s note: Microsoft Corp. is a client of the Enderle Group, the consulting firm headed by Rob Enderle.’
    Need I elaborate? You have all been duped by ECT into reading planted MS propaganda written by Rob Enderle for months.
    That’s right – it’s a con. This forum is a cynical joke on us all.
    So, ignore Rant for Rent Rob – he’s nothing more than a shill. Oh, and be suer to tell your friends! 😀

      • "Really? Where?
        .
        $100 says I don’t get an answer."
        .
        Slashdot. Can I have the $100?? 🙂
        However, it seems that Mr Enderly can’t recognise humour. None of the people posting such comments were serious. It’s called joking Rob.
        .
        "If Microsoft is too stupid to figure out how to do this, I’ll do it for a mere $100,000 in 2 months – just have them respond to this post. I AM willing to work freelance. "
        .
        Oooo, if you do get the $100,000 then you can most definatly send me the $100 😉

        • "What a dreadfully biased article. The author ignores the other effects of MyDoom to push his own agenda."
          Welcome to Rob Enderly’s Career.
          .
          "Most Linux proponents abhor viruses and their authors just as much as anyone else. If SCO wanted to get good publicity for their jihad against Linux, this is it. No linux advocate could believe that releasing a virus to attack SCO and Microsoft would advance their position or viewpoint."
          .
          Oh yes they would. You can’t say that the linux community is free of immature extreamists. You CAN say that the majority of the community would like to see (linux advocate or not) the culprit brought to justice. I don’t think I’ve ever come accross a linux (or OSS) advocate that thinks this sort of behaviour is helpful.
          .
          "I feel that the author has displayed a lack of perspective on this issue and has accordingly lost integrity and credibility."
          .
          Mr Enderly seems to like being bias and totally one sided in his arguments. My advice: ignore him.

          • "First, to the comment that "Linux is immune." I think the corrent statement is "Linux is ignored." This virus is a social engineering virus, sending an email that some individuals open and run, when they shouldn’t. Yes, there are probably some changes to the Windows environment where the privileges of the user should be lowered, but I’ve seen many people running as root in a UNIX/Linux environment when they don’t need to."
            .
            Nobody I knows runs UNIX/Linux as root, even admins do not in the course of their work. You must know some pretty stupid people.
            .
            This is a basic security problem with MS Outlook that has existed since it’s creation. I’m a competent programmer. With access to an MS DLL or two, I can setup the system so that it’s IMPOSSIBLE to transmit *any* virus though email, and I’ll do it for $100,000 on a contractual basis.
            .
            It’s trivial to do. All you need to do is augment a DLL that cannot be overwritten because it’s always in use, that will check to see when a POP or SMTP port is being accessed and show a pop up window asking for permission for the application to use the port. Since this is part of the funcationality of a DLL that cannot be overwritten while the system is running, running as admin still won’t make this method defeatable.
            .
            It’s *trivial* to fix the vast majority of worms on the net that travel through "social engineering" as you call it. You should be placing blame where it belongs, Microsoft. This same type of worm has existed for almost 10 YEARS now, when is Microsoft going to fix it?
            .
            Here’s a question – why don’t MS make a worm to FIX THE PROBLEM? Send out a virus that cures the first virus?
            .
            Why doesn’t MS setup IE and Outlook to check a central repository for viruses before downloading information from the net or your POP server?
            .
            There are literally dozens of ways this can be fixed, and Microsoft hasn’t done any of them. They are acting just like a monopoly normally acts, unconcerned with defection from their products, unconcerned with product quality, and unconcerned with their customers, period.
            .
            There will be more viruses to come after this too. Do you think Microsoft is going to do anything to prevent it? It’s Microsoft’s fault that this stupid virus, that can be written by a CHILD, exists.

          • "First, to the comment that "Linux is immune." I think the corrent statement is "Linux is ignored." This virus is a social engineering virus, sending an email that some individuals open and run, when they shouldn’t. Yes, there are probably some changes to the Windows environment where the privileges of the user should be lowered, but I’ve seen many people running as root in a UNIX/Linux environment when they don’t need to."
            .
            Nobody I knows runs UNIX/Linux as root, even admins do not in the course of their work. You must know some pretty stupid people.
            .
            This is a basic security problem with MS Outlook that has existed since it’s creation. I’m a competent programmer. With access to an MS DLL or two, I can setup the system so that it’s IMPOSSIBLE to transmit *any* virus though email, and I’ll do it for $100,000 on a contractual basis.
            .
            It’s trivial to do. All you need to do is augment a DLL that cannot be overwritten because it’s always in use, that will check to see when a POP or SMTP port is being accessed and show a pop up window asking for permission for the application to use the port. Since this is part of the funcationality of a DLL that cannot be overwritten while the system is running, running as admin still won’t make this method defeatable.
            .
            It’s *trivial* to fix the vast majority of worms on the net that travel through "social engineering" as you call it. You should be placing blame where it belongs, Microsoft. This same type of worm has existed for almost 10 YEARS now, when is Microsoft going to fix it?
            .
            Here’s a question – why don’t MS make a worm to FIX THE PROBLEM? Send out a virus that cures the first virus?
            .
            Why doesn’t MS setup IE and Outlook to check a central repository for viruses before downloading information from the net or your POP server?
            .
            There are literally dozens of ways this can be fixed, and Microsoft hasn’t done any of them. They are acting just like a monopoly normally acts, unconcerned with defection from their products, unconcerned with product quality, and unconcerned with their customers, period.
            .
            There will be more viruses to come after this too. Do you think Microsoft is going to do anything to prevent it? It’s Microsoft’s fault that this stupid virus, that can be written by a CHILD, exists.

          • Why is the Linux community being blamed for this?
            .
            The virus is from Russia, it installs a keylogger, and it’s a vector for spam. We all know how every tech person just LOVES spam (that’s sarcasm).. The virus does nothing to help Linux advocates and it’s been shown since the first DDOS attack (that may or may not have actually happened to SCO) that it’s frowned upon by anybody that is in prominence in the Linux community.
            .
            There is no motive for the Linux community to have done this, and it’s quite unlikely that anyone did, expecially considering that the virus is written to work on Microsoft Windows.
            .
            It’s sure helping SCO’s FUD though. You know what they say about the press: any coverage is good coverage, and SCO – a tiny company which has about as much alligiance to the truth as a compulsive liar, is getting a lot of coverage.

          • > "If Microsoft is too stupid to figure out how to
            > do this, I’ll do it for a mere $100,000 in 2
            > months – just have them respond to this post. I AM
            > willing to work freelance. "
            > .
            > Oooo, if you do get the $100,000 then you can most
            > definatly send me the $100 😉
            .
            I’m absolutely serious about the offer. Microsoft has had a gaping security hole since Windows 95 which is trivially fixed.
            .
            The company is lazy and bloated. I know, I worked for them. Here’s a security hole that costs billions of dollars when exploited and it can be fixed in a week by anybody that is familiar with the code, by a single person. It can be fixed at multiple points, but it’s mostly a bug with Outlook, or rather, a "feature" which is so catastropic is might as well be considered a bug. The feature isn’t used by anybody except script kiddies, of course, but that’s no reason to remove it after a decade! – Maybe somebody will actually use it in a non Internet crippling way..
            .
            The OS security is inherently weak. It is impossible for you to install software on my computer without me being able to detect it, because I run Linux. It would be just as impossible with BSD, or even SCO Unix. I cannot say the same about Windows. Try running Adaware on your machine by the way…
            .
            Linux isn’t going to trample Microsoft because it’s so much better, it’s because Microsoft is so lazy and unproductive that a bunch of freeware programers screwing around in their free time can make a system just as good. Microsoft is pathetic.
            .
            By the way, I’m no fan of Apple, but even they are poised to wipe out Microsoft at this point. They are running Unix on a 64 bit chip under BSD. Try pricing a Sun workstation versus a Mac today.
            .
            Do any analysts spot any of these upcoming upheavels? No, they just tell you that MS will reign forever because they’ve been right so far. Enderle is so comically uninformed about the industry it’s a wonder anybody lets him write anything but you don’t have to be informed when one company consistently comes out ahead for whatever reason, you just ride the coat-tails. The real fun begins when the leader starts to fall apart, which began 6 months ago, but Enderle is too ignorant about the industry to recognize it, or even recognize why. Hint: it’s got very little to do with a better product and it’s the same thing that MS used to destroy all their competitors, including Unix(TM).

  • It is irresponsible to align linux users with terrorists. Why?
    1. Terrorist kill people. Lots of them. To align linux users with terrorists is demeaning to linux users and cheapens the language. Obviously, there are those who are deeply threatened by linux, why else would they make such an unwarrenteed comparison? Why paint such an extreme portrait? I AM certain that there exists a mass murder somewhere that has used Windows, but I don’t call Window users murders.
    2. In the face of SCO’s actions, the response from the linux community has been very muted. And remeber what SCO is trying to do: steal the labor of all the volunteers who have worked on GNU/linux software by invalidating the GPL. GNU represents a substantial effort on the part of the not-for-profit sector, and those that have contributed have every right to be angry that SCO is trying invalidate/make illegal their work.
    3. The conclusion is that: there are for profit companies that can not compete with non-profit action. Their revenue model is being destroyed. But society as a whole will, and always has benefited by such economic action, termed "creative destruction" Everyone will have free software, that is in effect a standard, in exactly the same way IDE or SCSI is a standard–an OS should be just such a standard, but on a higher level. Yes those deriving profits from OS are going to hurt, but everyone else will benefit.

  • With out a doubt, these stories need to focus on the fact the these virus writers have been, and continue to count on the publics help to commit there acts of cyberterrorism. You can write the most lethal and dangerous virus ever, but without a distribution path it would do no harm.
    My question is, why doesn’t a magazine or newspaper write a frontpage headline that say "You Idiots, 7.5 Million of you helped another terrorist commit his crime", because when it come down to it, the user has to make the conscious choice to open/view that email, or go to that webpage.

  • You bet it’s terrorism. Using random attacks against innocent people to influence an essentially political process is terrorism. The first time someone’s 911 dispatch system doesn’t work because its DSL line is tied up with MyDoom traffic, we’ll have real life-and-death consequences. As with people’s jobs that are threatened by unnecessarily high IT costs defending against the thing.
    I have a better, more positive suggestion for those opposing the Microsoft juggernaut – work on public education. Try to sway people TO your point of view with facts and clear speech. It shouldn’t be hard when your opponant is as hard to like as Microsoft.
    You can’t win friends with bombs, either physical or digital.

  • Having read the article and the comments, I have some comments of my own:
    First, to the comment that "Linux is immune." I think the corrent statement is "Linux is ignored." This virus is a social engineering virus, sending an email that some individuals open and run, when they shouldn’t. Yes, there are probably some changes to the Windows environment where the privileges of the user should be lowered, but I’ve seen many people running as root in a UNIX/Linux environment when they don’t need to. The point is, for maximum impact, having a payload that runs on Linux would have not significantly influenced the results. The payback in developing and testing such a payload just wasn’t worth the effort
    This virus doesn’t really exploit any specific security flaw within Windows. It does things that you want to let people do, within reason. A decent AV program would have caught, quarantined and notified the user that this was a bad email. The need to properly secure your computing environment is important. However, at this time, there is no social stigma attached to it. Just like seatbelts, smoking, and drinking and driving, we need to educate people on the negative impacts of running a wide open computing environment.
    While most individuals in computer industry abhore this behaviour, there are still some who encourage it. Yes, it is the radical fringe we’re talking about, but they’re the radical fringe of some movement, in this case Linux/Open Source. Just as the actions of the Animal Liberation Front detract from the serious message of the preventing cruelty to animals, these types of attacks on legitimate companies must be condemned. The comment about Linux advocates gladly loading the virus was made on slashdot. While said as a joke, it was clearly something that resonated with the readership. I laughed, as did others, but the message got out there and the author of the comment actually retracted it!
    The view that by simply preventing the delivery of automatic emails the problem would be solved is myopic. Computer systems send unattended emails every day. Changing that behaviour would require some significant changes to how we manage those systems today. In the same vein, changing email programs to prevent users from running programs/applications would significantly reduce the usability of the computer. You can configure most email programs to prevent users from running a program with a single click of the mouse, but most users disable this functionality. The prevailing mindset is: "I’m in control, I know what I’m doing, quit bothering me with these stupid warnings." Yes, I know that you and I know how (and when) to save and then run a program, but my mother doesn’t. All I can do is: keep her system secure and up-to-date (both os and system patches), have good internet security software installed and up-to-date (firewall, AV, …), and educate her on what behaviour is (and isn’t) appropriate. Anyone who had read the news and had a working AV program on there system should have been aware of what was happening and been able to exercise some caution in running those programs. Lock down the system so much that they can’t and the system become unusable. Then people will just disable the mechanisms that provide the security and the problem is bigger.
    I agree with the point that Rob makes in this commentary (and that the other commenters seem to ignore). This type of behaviour is unacceptable and unless we take the steps to stop it now, we are at fault.

  • What a dreadfully biased article. The author ignores the other effects of MyDoom to push his own agenda. What about the potential for mass identity theft due to the back door mechanism? What about the fact that SCO themselves had a simple fix, and were never really affected?
    The concensus of opinion seems to be that the author is a professional programmer somewhere in Russia with aims other than interference with SCO and Microsoft – to wit, identity theft and financial gain therefrom.
    The virus was written by someone who clearly knows Windows and it’s many, many flaws very well, and only affects Windows based machines. Linux is immune.
    Most Linux proponents abhor viruses and their authors just as much as anyone else. If SCO wanted to get good publicity for their jihad against Linux, this is it. No linux advocate could believe that releasing a virus to attack SCO and Microsoft would advance their position or viewpoint.
    Terrorism or vandalism it may well be, but I don’t think it has anything to do with Linux. Please cite the "linux advocates" who would "gladly" host and disseminate the virus. The rest of us want nothing to do with this behaviour. If the culprits are identified, the full penalty of law should apply.
    I feel that the author has displayed a lack of perspective on this issue and has accordingly lost integrity and credibility. If he wants "to feel secure from attack in his home", then he should put pressure on Microsoft to produce more robust security in their OS and associated tools (that DOESN’T mean "trusted computing" – that’s just another way to keep the consumer under the thumb and lock out competition).
    By the way, the web server which serves up the author’s article is running – you guessed it – Linux!

  • I’ve read a few articles wrote by you before, first when I first found this site, I didn’t even know who you were, but still went ahead and read along cause maybe you’d have some interesting things to say. But the more I read the more it becomes evident, you are SO in the Microsoft payroll aren’t you?, I mean you seem to be looking for every chance you get to say something bad and discredit the Linux community. So some guy wrote a virus that attacks SCO, which so casualy happens to be at war with Linux throwing some bogus accusations that they stole their code. What code exactly is it? Who knows? Not even them.
    Is that reason enough to blame the entire community? In the scenario that the virus was in fact written by a Linux user, does it mean everyone else is going to go down that road? If that was the case every site owned by you or that had any connection to you would be down by now, don’t you think?
    On a final note, it was pretty funny how you even managed to squeeze in how much we need a "trusted computing" platform. Hey, I’ve got a better idea. How about we all just take our computers over to Redmond and leave them there for them to do everything they want with them? Since that’s pretty much what’s going to happen if (god forbid) they actually manage to go ahead with "trusted computing"
    Like someone else said on a previous reply, what we really need is for Microsoft to stop fooling around and roll out something that is actually secure enough not to leave any script kiddie easily exploit all the vulnerabilities left by years or embedding everything they can to lock out the competitors.
    At least I hope your soul was worth good money when you sold it over to M$.

  • Come on, this is FUD. It seems now that the virus comes from true spammer using the SCO problems to hide their activities. Plus, if it were from a Linux zealot, would it mean that if a democrat do something really illegal because he hates so much Mr. Bush then all democrats are to be suspected also?
    Plus, it also seems, if you perform researches and take a look at what Netcraft people are saying (the true people whose real speciality is to monitor the internet and to give real facts not PR), then you’ll see that this virus may be not so big as it was said (take a look at netcraft title "SCO drop http://www.sco.com from the DNS") and that SCO might not have been forced to switch off andr changes the name of their site because they were overwhelmed by DDOS.

  • "But what I find really AM azing are some of the comments coming from the Linux community. Some Linux advocates are saying they would load this virus "gladly" just so they could harm strangers who did nothing more than work for SCO or run an OS they don’t like. The words "civil liability" come to mind, and this is one of the few instances in which I hope the legal community sees blood in the water and does something meaningful with class-action litigation. We are talking about billions of dollars in damages."
    .
    Really? Where?
    .
    $100 says I don’t get an answer.
    .
    You know what would prevent this virus outbreak by the way? Better security from Microsoft. Over 75% of all websites are being run on Unix, Linux, or BSD and – but for some reason, idiot script kiddies chose to attack via Microsoft Windows. This is because the Unix, Linux and BSD actually worry about security problems and fix them. Microsoft doesn’t.
    .
    There is a very simple fix for this virus problem too. All Microsoft has to do is prevent applications from sending email without your permission. A single pop up that says "application X is trying to send an email, allow this for the rest of your current session?" and problem completely solved. Microsoft doesn’t care about security. If Microsoft is too stupid to figure out how to do this, I’ll do it for a mere $100,000 in 2 months – just have them respond to this post. I AM willing to work freelance.

  • It is interesting that you report the speculation that the Linux community is to blame as if it was fact. Why did you not include the other speculations what the virus is believed to be tied to Russian spammers?
    I think if "the legal community" was to bring about some kind of class-action lawsuit against the Linux community, they would need some sort of proof of their involvement. Actually, they might start by finding out who actually did do it.
    You also might want to tone down blaming the entire Linux community for "terrorism", since most of the talk I’ve seen on the web from Linux advocates has been about denouncing the virus. That would be like me saying, "All tech journalists write biased stories". "Those journalists are just terrorists bent on destroying our community".

  • Last time I checked, the virus was most likely written by russian authors looking to steal credit card information.
    Linux is not a hacker club. It is not a terrorist organization.
    Linux is an operating system, and your attemps to imply it is associated with terrorism or computer virii fail because you have no factual basis base your arguments upon. This is yet another opinion peace that is long on noise and short on signal.
    Your argument fails because you still do not know what exactly Linux is, and it is because of this that the ignorance with which you write is most painfully clear.

  • Personally I run linux and windows XP, I have found any virus annoying, triggering my antivirus software as I download emails.
    I feel that MyDoom only became linked to linux becuase of SCO’s statement, and timing of the release of the virus. If there were no legal desputes occuring the virus would be blaimed on the so called "script kiddies" who have nothing better to do but to fuel their desire for attention.
    I don’t know how much research was done on this artical, but I’ve been reading that Security and Virus experts believe that the virus originated from an email spammer possably to use their victums computers as email proxies as governments try to close off open email servers to stem the spread of spam.
    Also in reguards to the 3 faces of linux article, I’m not sure where I fit in there, I advocate linux but in the sence that its a cheap alternative when you haven’t got much money to play with. I use linux for developing software for windows and linux, and find it a much cheaper alternative than paying the hundreds of dollars it would cost to use Microsoft or Borland development tools.
    So, with my my view that you use windows if you want desktop usability, or linux if you want affordability, and unix/FreeBSD/linux for any servers cause they have prooven more robust even for older slower computers than windows servers, your article left me out in the cold.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

E-commerce Times Channels