Latest MyDoom Variant Gives Google Problems 607
Devil's BSD writes "It seems like the latest MyDoom worm variant has caused a bit of an Internet storm. Google, at this time (12:28 EDT), is returning 503 errors on all queries submitted from certain locations. The MyDoom variant searches the user's address book for email domains (i.e. @yahoo.com) and searches various engines (such as Google) for email addresses in that domain."
Alright, this means war (Score:5, Funny)
Re:Alright, this means war (Score:5, Funny)
Re:Alright, this means war (Score:3, Insightful)
Doesn't seem like it would be all that efficient to google for email addresses. You'd have to do some parsing on the other end to dig them out of the rest of the page content, maybe a little work to make sure they weren't spam armored. Of course, I guess if you've hijacked some poor slobs computer, CPU cycles aren't really your problem anymore.
Re:Alright, this means war (Score:4, Interesting)
It is likely a phishing attack (Score:3, Interesting)
It is efficient enough to spread fast and wide. By the time Google had a chance to respond to this the virus had probably attacked 90% of the targets at least once. All Google could do is to reduce followon attacks somewhat. I was hit 450 times, that is not counting the attacks that the spam filter just disconnected on.
I don't think the real target was Google. MyDoom has been launched several times and 2 out of 3 times there h
Re:Alright, this means war (Score:5, Interesting)
Forbidden
Your client does not have permission to get URL
Please see Google's Terms of Service posted at http://www.google.com/terms_of_service.html [google.com]
If you believe that you have received this response in error, please send email to forbidden@google.com. Before sending this email, however, please make sure to take a look at our Terms of Service (http://www.google.com/terms_of_service.html). In your email, please send us the entire code displayed below. Please also send us any information you may know about how you are performing your Google searches-- for example, "I'm using the Opera browser on Linux to do searches from home. My Internet access is through a dial-up account I have with the FooCorp ISP." or "I'm using the Konqueror browser on Linux to search from my job at myFoo.com. My machine's IP address is 10.20.30.40, but all of myFoo's web traffic goes through some kind of proxy server whose IP address is 10.11.12.13." (If you don't know any information like this, that's OK. But this kind of information can help us track down problems, so please tell us what you can.)
We will use all this information to diagnose the problem, and we'll hopefully have you back up and searching with Google again quickly!
Please note that although we read all the email we receive, we are not always able to send a personal response to each and every email. So don't despair if you don't hear back from us!
Also note that if you do not send us the entire code below, we will not be able to help you.
[long-ass-code removed]
Google can probably take this in stride (Score:5, Interesting)
They'll have this patched over in less than 24 hours, for certain.
Oh no (Score:2, Funny)
i was wondering (Score:3, Informative)
gmail still works tho, hrm.
Re:i was wondering (Score:2)
Re:i was wondering (Score:2)
Re:i was wondering (Score:5, Funny)
How amazingly typical.
Re:i was wondering (Score:3, Funny)
gmail still works tho, hrm.
You work in corporate communications, don't you?
Re:Why the unevenness? (Score:5, Funny)
Re:Why the unevenness? (Score:4, Funny)
Re:Why the unevenness? (Score:5, Funny)
"You just won't believe how vastly, hugely, mindbogglingly big it is. I mean, you may think it's a long way down the OC-3 to boobies.chemist.com, but that's just peanuts to Google. Listen...", and so on.
(After a while the style settles down a bit and it begins to tell you things you really need to know, like the fact that Google has different DNS entries depending on which server you look them up from, which is only a partial solution to the bandwidth problem -- so that despite the DNS tricks, any net imbalance between the packets you send to Google and the packets Google sends back to you, must be surgically removed from your pipe: so every time you type "natalie portman hot grits" into images.google.com, it is vitally important to get a receipt.)
Ah hah (Score:5, Funny)
I found it hard to remember the names of other search engines that I could use though.
Re:Ah hah (Score:5, Funny)
Do explain such a foreign concept as this.
Google is the one, the almighty.
google shmoogle (Score:3, Interesting)
Oh the days of Mozilla, Navigator Gold & Mortal Kombat (the first one) - [gets teary eyed]
Re:Ah hah (Score:5, Funny)
I tried googling for it but it just took me to the home page. I think it's broken.
Re:Ah hah (Score:5, Funny)
I found it hard to remember the names of other search engines that I could use though.
You could do a Google search for them, I suppose... :-)
Re:Ah hah (Score:3, Funny)
Well, you could IF Google wasn't returning:
Server Error
The service you requested is not available at this time.
Service error -27.
Re:Ah hah (Score:2)
Ended up using All the Web [alltheweb.com].
There's also HotBot [hotbot.com]
Re:Ah hah (Score:2)
Re:Ah hah (Score:3, Funny)
Oh, wait...
Re:Ah hah (Score:4, Funny)
Re:Ah hah (Score:5, Informative)
And you have also metasearchers, that not only search google, but also others. If you want almost the opposite of google in simplicity, you can try Kartoo [kartoo.com], where you can have graphs with aggrupations on search results, flash animations and things like that.
Last, but not least, there are a search engine that you can use to find search engines very close to you. If its good enough, probably there is a Slashdot article on it, so slashdot search is a good first step if all the other search engines you know are down but you still can access slashdot.
Re:Ah hah (Score:3, Informative)
Re:Ah hah (Score:4, Funny)
It took about 10 seconds for me to realize I was a dumbass.
TZ
Only Google web search down? (Score:2, Informative)
Re:Only Google web search down? (Score:2)
Think I'll be using All The Web [alltheweb.com] for a while, you know you lose trust in something...
Yup (Score:3, Informative)
Server Error
The service you requested is not available at this time.
Service error -27
"
for all of my search attempts.
Shouldn't that be easy to fix? (Score:5, Insightful)
Re:Shouldn't that be easy to fix? (Score:2)
Re:Shouldn't that be easy to fix? (Score:3, Funny)
What a day to have problems! (Score:5, Insightful)
The end of the world! (Score:5, Funny)
Nostradomus predicted this right? (Score:5, Funny)
Re:Nostradomus predicted this right? (Score:5, Funny)
Re:Nostradomus predicted this right? (Score:5, Funny)
Re:Nostradomus predicted this right? (Score:5, Funny)
Re:Nostradomus predicted this right? (Score:5, Funny)
Google key (Score:2, Informative)
Re:Google key (Score:3, Funny)
Time for a new error (Score:5, Funny)
Re:Time for a new error (Score:4, Funny)
Smart (Score:2, Insightful)
Google is that big (Score:2, Interesting)
Re:Google is that big (Score:2)
What locations? (Score:5, Informative)
Is that geographic locations, IP blocks, or what? I can use Google just fine at the moment, but have heard of trouble in California (I am in Colorado). TFA gives no details. Anyone have answers?
Re:What locations? (Score:3, Informative)
Some users in the UK (Score:3, Interesting)
Go figure. Session handling switches deciding which IP's go where and some end servers of Google's being borked is my best guess.
I don't know how to cope! (Score:2)
My world is crumbling...
Queries blocked (Score:4, Informative)
What are they trying to accomplish I wonder? (Score:2)
HOLY FUCKING SHIT! (Score:2)
*jumps out window*
Re:HOLY FUCKING SHIT! (Score:2, Funny)
No Problem... (Score:5, Funny)
Re:What I've seen first hand. (Score:3, Insightful)
Give it a rest you penguin-humping retard. The virus spreads through user action. Stupid users spread the virus. What the fuck is so complicated about that? Virus writers have started sending zipped viruses with attached installation instructions and these dipshits are STILL getting infected. You think if someone wrote a virus and instructed the stupid users to set the execution bit they wouldn't do it? History says you're wrong. History shows that people will follow even more complex instructions than that
Listserves... (Score:2)
Pretty nasty though so far, just a lot of garbage in the in-box. I suspect that anyone with an email address up on a web-site that recieves a reasonable amount of traffic (so probably ranked reasonably well by google) will also see some mail from this approach.
My one permitted tin-foil hat question for today. (Score:3, Insightful)
My Doom? Oh My (Score:4, Funny)
For doing the very thing we always failed at doing.
OH MY GOD, YOU SLASHDOTTED GOOGLE, YOU BASTARDS!
Yo Grark
Re:My Doom? Oh My (Score:4, Insightful)
Nick
Re:My Doom? Oh My (Score:4, Insightful)
Or maybe just that the infected machines are generating thousands of queries each. In these days of multi-GHz CPU's and broadband, it wouldn't take as many millions of machines to
Google is doing fine for regular searches... (Score:5, Informative)
But when I ask for "email slashdot.org" it returns a forbidden search page. [google.com]
So it looks like Google is primarily stopping searches that are typical of this virus, but they may also have automated filtering that stops searches which are too many from IPs and netblocks. This part is probably something they implemented long ago.
But google is going slower for me today, and sometimes it stalls (some of the frontend machines dropping out a bit more frequently than usual?)
-Adam
not for me (Score:2)
Re:Google is doing fine for regular searches...No! (Score:4, Informative)
Re:Google is doing fine for regular searches... (Score:5, Interesting)
I got the "forbidden search" error as well. I'm curious what the apparently encrypted string at the bottom of the page contains? The page says to include it in any correspondence to the Head Googlers. If another person runs the search [google.com], will they get a different string? I'd think so -- it probably includes referrer-ID and IP address.
It starts and ends with a string of "/+" characters that give the Slashdot Lameness Filter fits.Notice the text string "taco" about 2/3 of the way through the file. Coincidence?
Re:Google is doing fine for regular searches... (Score:3, Interesting)
Re:Google is doing fine for regular searches... (Score:4, Insightful)
It's base64 encoding but using a non-standard alphabet. Standard base64 doesn't have "-" or "_" IIRC.
Re:503/service error -27 (Score:3, Informative)
Browser Specific (Score:5, Interesting)
Apparently (Score:2)
The following queries generate the error:
email example.com
email@example.com
HOWEVER, the following does *not* generate an error:
name@example.com
My guess is that they are filtering queries based upon what the virus searches for. Good for them!
Re:Apparently (Score:2)
Re:Apparently (Score:2)
Not Geographic Locations (Score:2)
From work, I was getting the Google errors. (I tried refreshing to get on a different machine, but no luck.)
I could VNC (2 blocks away) to home and search just fine though.
Funny thing is, I got the same type error on Yahoo.com. MSN.com didn't seem to be affected.
Off with their hands (Score:2)
The HTML of the error, for the history books ;) (Score:2)
Here's he HTML of the error page, for the history books
<html><head><title>503 Server Error</title><style><!--body {font-family: arial,sans-serif}div.nav {margin-top: 1ex}div.nav A {font-size: 10pt; font-family: arial,sans-serif}span.nav {font-size: 10pt; font-family: arial,sans-serif; font-weight: bold}div.nav A,span.big {font-size: 12pt; color: #0000cc}div.nav A {font-size: 10pt; c
Good! (Score:2)
A good day to be obscure (Score:2)
well. com(mercial) is bad anyways (Score:4, Informative)
http://www.google.co.jp/ [google.co.jp]
http://www.google.fr/ [google.fr]
http://www.google.se/ [google.se]
http://www.google.fi/ [google.fi]
http://www.google.ca/ [google.ca]
all above seem to be responsive atleast to me
The influence of Google in the world (Score:4, Insightful)
I fear for zeitgeist (Score:5, Funny)
My productivity... (Score:5, Funny)
My coworkers may realize I really don't know anything if I can't google up answers real soon now...
Fool me once ... fool me 14 times??? (Score:5, Funny)
But here we are at MyDoom.N, which is the 14th virus in a series that requires the user to:
After ignoring 13 previous warnings, I must move from sympathy to malice. For the sake of all humanity, I beg the author(s) of the MyDoom series and other viruses, in your next version, please include the following instructions:
- locate a nearby table lamp with the light on
- remove pants
- break the bulb while it is glowing
- insert testicles into bulb socket
If they're dumb enough to get fooled by MyDoom again, they're dumb enough to get themselves out of the gene pool.Re:Fool me once ... fool me 14 times??? (Score:5, Funny)
3a. User is told by their AV software that the attachment has a virus.
3b. User disables AV software in order to open the attachment.
Re:Fool me once ... fool me 14 times??? (Score:3, Informative)
My mailserver gets attacked all day by these (Score:4, Interesting)
Naturally I put in a script to watch for this, drop the mails and ban the ips but I've been running the thing for a few days and I have 5000 banned ip addresses in my ipchains firewall!!! I am beginning to think that the number of compromised windows machines out there has led to an absolute security CATASTROPHE of science fiction proportions. The machines attacking me, according to ARIN, are located all over the world.
I'm not really that important or interesting a target, having a measily DSL line but yes I get constant connections from many different computers all over the world all day trying to use me to bounce mail.
I really think, if people knew how huge the number of compromised windows machines there were out there, people would be embarassed to recommend Microsoft products.
Timing is a little too close to be coincidence (Score:5, Interesting)
I don't know how we'll ever be able to test this hypothesis, but I think that something stinks here.
thad
Re:Timing is a little too close to be coincidence (Score:3, Interesting)
I think your idea of blackmail makes more sense though.
You keep using that word.. (Score:5, Informative)
i.e. is an abbreviation for the Latin id est, "that is". It's a synonym for "in other words", "that is to say", or (sort of) "specifically". It does NOT mean "for example", or "such as". For those expressions, you're looking for the Latin abbreviation e.g. - exempli gratia, which means "for example".
Saying this virus "searches your machine for email domains, i.e. yahoo.com", you're actually saying that it "searches for email domains, in other words yahoo.com". This implies that yahoo.com is the only email domain it searches for (or that you are an idiot, and honestly believe that 'email domains' is synonymous with 'yahoo.com'), which makes it seem like a rather pointless search, to say the least.
I.e./e.g. confusion seems to be increasingly common, which surprises me, because it doesn't seem to me that their meanings are at all similar. It seems rather like confusing the phrases 'In spite of which' and 'since Thursday'. Since Thursday, people still seem to do it.
If you really can't remember whether you mean i.e. or e.g., then just write out 'for example' or 'in other words' in full... it doesn't take that much longer.
This thread brings back memories (Score:4, Insightful)
"Imagine what the world would be like without television?"
[TV static for 5 seconds then Dave comes back on]
"Scary, wasn't it?"
Now imagine the world without the Internet... +++NO CARRIER
Re:An Example (Score:2)
Google Error
Server Error
The service you requested is not available at this time.
Service error -27.
Re:An Example (Score:3, Funny)
Re:An Example (Score:3, Informative)
Whois Server Version 1.3
Domain names in the
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Server Name: GOOGLE.COM.SUCKS.FIND.CRACKZ.WITH.SEARCH.GULLI.CO M
IP Address: 80.190.192.24
Registrar: GANDI
Whois Server: whois.gandi.net
Referral URL: http://www.gandi.net
Server Name: GOOGLE.COM.HAS.LESS.FREE.PORN.IN.ITS.SEARCH.ENGINE
IP Address
Re:Hrm (Score:2, Funny)
Re:Hrm (Score:2)
Last weeks upgrade (Score:2)
Re:Strange WHOIS result though (Score:3, Informative)
Re:alltheweb.com is down too?? (Score:3, Insightful)