SCO Site Attacked Again

 
 
By Steven Vaughan-Nichols  |  Posted 2004-11-29
 
 
 

The SCO Group Inc.s Web site has once again been attacked, but this time hackers didnt just target the site for a distributed-denial-of-service attack—they defaced the Web site itself.

The site was altered in at least two ways sometime during the Thanksgiving weekend. The most obvious attack was on SCOs home page, where a banner image for SCO Web seminars has been replaced with a JPEG image that says, "We own all your code. Pay us all your money." In the background, a woman appears to be writing "realloc(," a common C language function used to change the size of a memory block. The image was still on the site at the time this report was written.

In addition to the main SCO Web site, the Lindon, Utah-based Unix companys alternative sites, www.thescogroup.com and www.caldera.com, were also showing the hacked image.

Earlier, the site had been hacked so that the page "Red Hat v. SCO," which gives SCOs side of its case with Red Hat Inc., was altered to "SCO vs. World." It included the following text: "Recently we found parts of our code in almost all Microsoft(R) software. We want to bring an action against Microsoft(R) and our legal department is working on that. … Currently we are checking older MS-DOS sources. Its obvious, that all while (1){ do_something; } and for (i = 0; i < 16; i++) loops came from our code."

This page was corrected by early Monday morning. Sometime soon after, the site was again cracked and the bogus JPEG was put in place.

Prior to the hacks, the SCO site appeared to have been under attack off and on since 9 a.m. EST Saturday, according to Internet research company Netcraft Ltd. of Bath, England. The SCO site was offline at least three times during the holiday weekend, according to Netcraft.

Earlier this year and late last year, SCO suffered multiple DDoS attacks. These attacks were caused by the Windows-based MyDoom virus (dubbed Novarg.A by Symantec Corp. and MiMail.R by Trend Micro Inc.). With the SCO Web site completely swamped, the company resorted at that time to launching a new site, www.thescogroup.com.

No one then, or now, has claimed responsibility for those attacks or the current series of attacks. SCO offered a reward of $250,000 for information leading to the arrest and conviction of the individual or individuals responsible for creating MyDoom.

As for this latest attack, SCO public relations director Blake Stowell said, "On November 28 and 29, The SCO Groups web site experienced two intrusions by a malicious hacker that temporarily altered two web pages. The company quickly took steps to bring the web site back to normal, and removed the vulnerability that was identified as the way in which the hacker altered the sites content. The company believes that it has effectively addressed the issue to avoid further unauthorized intrusions of this kind."

Check out eWEEK.coms for the latest open-source news, reviews and analysis.

Rocket Fuel