SCO Site Cracked

UPDATED: The homepage for the SCO Group’s Web page is back to
normal Monday after attackers defaced images on the site.

In one case, an attacker was able to replace SCO’s existing Web site seminar image,
which says “SCO Partner Webinars” and “Click here
to learn more,” with one that says “We own all your code” and “Pay us all
your money.”

According to a NewsForge report, a hack changed the Web page titled “Red Hat v. SCO” to “SCO vs. World” and included “hacked by realloc()” in an altered statement.

Another altered statement on the Web page over the weekend, according to the report, poked fun at SCO’s litigious nature, claiming that this time around it was going
to sue Microsoft because SCO found some of its code in
Microsoft software.

The only clue to the cracker’s identity came from the background of the
image, which normally contains a picture of a woman getting ready to write
on an empty whiteboard. In the defaced image, the words “hacked by realloc” appear.

SCO Home Page Defaced
Click on the graphic for a larger view

The weekend defacements are the latest in a string of attacks on the site in recent
years, though this time around the effects were more subtle than the
distributed denial of service (DDoS ) attacks of the past
that have been the norm.

SCO officials acknowledged in a statement that the two Web site attacks “temporarily” altered content on Sunday and Monday. They are currently investigating any other potential vulnerabilities to ensure it doesn’t happen again.

The statement also mentioned the defacements as a “shameful attempt by a small group of individuals to undermine the legal right of the company to protect the use of its intellectual property rights on behalf of its customers, employees and shareholders.”

The weekend defacements are the latest in a string of attacks on the site in recent years, though this time around the effects were more subtle than the distributed denial of service (DDoS ) attacks of the past that have been the norm.

The company restored the original image around 10:00 a.m. EST.

Blake Stowell, a SCO spokesman, said the Web site defacements of the past two days were a different kind of attack than its administrators faced in the past.

“This is the first time we’ve had a hacker be able to infiltrate the Web site and deface the Web site,” he said. “All the other incidences were denial of service attacks, so they’ve been different in their nature.”

Stowell wouldn’t comment on what Web server the company is using, but a “What’s that site running?” check at Netcraft shows SCO’s site runs the Apache Web server on the Linux operating system.

The Lindon, Utah, company is currently embroiled in several lawsuits
regarding the use of Linux, which SCO officials say contains licensed Unix
System V code they own. Currently, the company is involved in a $5
billion
lawsuit against IBM for allegedly leaking the
code for Linux kernel development. Related lawsuits are in the works
against Novell , Red Hat (which is suing
SCO) and two SCO customers — AutoZone and
Daimler-Chrysler
.

Last year, SCO’s Web servers were hit with two
high-profile DDoS attacks that brought visits to their site down to a crawl
for several weeks. Darl McBride, SCO CEO, blasted members of the open
source community for the first
attack
in August 2003, stating in an
open letter the need for the
community to police its own.

The company was also the victim earlier this year of one of the variants of the MyDoom virus,
another DDoS
attack
that made zombied machines send page requests to
the SCO homepage. Unlike the previous Web site attacks, experts say the
MyDoom.A virus was launched by a spamming outfit from Russia.

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web