$this->articleCE->primaryUrlById(3440901) = /bus-news/article.php/3440901/SCO+Site+Cracked.htm
SCO Site Cracked - InternetNews.
RealTime IT News

SCO Site Cracked

UPDATED: The homepage for the SCO Group's Web page is back to normal Monday after attackers defaced images on the site.

In one case, an attacker was able to replace SCO's existing Web site seminar image, which says "SCO Partner Webinars" and "Click here to learn more," with one that says "We own all your code" and "Pay us all your money."

According to a NewsForge report, a hack changed the Web page titled "Red Hat v. SCO" to "SCO vs. World" and included "hacked by realloc()" in an altered statement.

Another altered statement on the Web page over the weekend, according to the report, poked fun at SCO's litigious nature, claiming that this time around it was going to sue Microsoft because SCO found some of its code in Microsoft software.

The only clue to the cracker's identity came from the background of the image, which normally contains a picture of a woman getting ready to write on an empty whiteboard. In the defaced image, the words "hacked by realloc" appear.

SCO Home Page Defaced
Click on the graphic for a larger view
The weekend defacements are the latest in a string of attacks on the site in recent years, though this time around the effects were more subtle than the distributed denial of service (DDoS ) attacks of the past that have been the norm.

SCO officials acknowledged in a statement that the two Web site attacks "temporarily" altered content on Sunday and Monday. They are currently investigating any other potential vulnerabilities to ensure it doesn't happen again.

The statement also mentioned the defacements as a "shameful attempt by a small group of individuals to undermine the legal right of the company to protect the use of its intellectual property rights on behalf of its customers, employees and shareholders."

The weekend defacements are the latest in a string of attacks on the site in recent years, though this time around the effects were more subtle than the distributed denial of service (DDoS ) attacks of the past that have been the norm.

The company restored the original image around 10:00 a.m. EST.

Blake Stowell, a SCO spokesman, said the Web site defacements of the past two days were a different kind of attack than its administrators faced in the past.

"This is the first time we've had a hacker be able to infiltrate the Web site and deface the Web site," he said. "All the other incidences were denial of service attacks, so they've been different in their nature."

Stowell wouldn't comment on what Web server the company is using, but a "What's that site running?" check at Netcraft shows SCO's site runs the Apache Web server on the Linux operating system.

The Lindon, Utah, company is currently embroiled in several lawsuits regarding the use of Linux, which SCO officials say contains licensed Unix System V code they own. Currently, the company is involved in a $5 billion lawsuit against IBM for allegedly leaking the code for Linux kernel development. Related lawsuits are in the works against Novell , Red Hat (which is suing SCO) and two SCO customers -- AutoZone and Daimler-Chrysler.

Last year, SCO's Web servers were hit with two high-profile DDoS attacks that brought visits to their site down to a crawl for several weeks. Darl McBride, SCO CEO, blasted members of the open source community for the first attack in August 2003, stating in an open letter the need for the community to police its own.

The company was also the victim earlier this year of one of the variants of the MyDoom virus, another DDoS attack that made zombied machines send page requests to the SCO homepage. Unlike the previous Web site attacks, experts say the MyDoom.A virus was launched by a spamming outfit from Russia.