According to Mikko Hypponen, director of antivirus research for security company F-Secure. the worm is "It is very well planned, very well designed and very well executed", he believes that the virus' author likely sells the list of compromised PCs to spammers. "For once we have a virus with a very good motive: money."
The idea being to plant an application on millions of infected PC's that the writer then sells to spammers so they can send untraceable emails, or at least emails traced back to otherwise innocent users. Which raises a couple of questions for me.
1. The writer has to be able to find out which machines are infected and so must be on a recipient list somewhere. There must be a common adrressee, or addressees, in the send or how does he find out which machines are usable? I assume not in the emails because the machines will not always have the same IP address anyway, but the worm must broadcast its existence and its current IP address somehow.
2. I can't understand why all ISP's don't do as my mate Dave at SandNet does. His servers handle my email and I almost never get an email from my domain because he runs Trend Micro on the server itself. It checks and cleans every email that passes through and the definitions are being updated, sometimes hourly when there is a flap on. Apart from the excellent service he offers his customers, it makes damned sure that his traffic charges stay within bounds. Unlike Optus, which provides my cable connection, and most other big ISP's, who don''t seem to care.
The whole point of the net is that all this traffic has to flow via relatively few nodes. If every ISP took the trouble to sweep all in and out bound email, the virulence of the attacks would go down by an order of magnitude. In fact it would take only the biggest ISP's in each country to do it because people like Dave sublease capacity from Telstra anyway.
Now, what vested interest do big ISP's have, in NOT checking email traffic for viruses? Like the SoBig writers, is it about money?
Update
Hmm, OK, so maybe they are finally waking up.
ISPs Add Filters to Anti-Virus ArsenalIn an attempt to minimize the damage caused by computer viruses, some of the world's largest Internet service providers are planning to scan all e- mail attachments before they reach their customers' inboxes.
Inertia, great thing when its on your side. not so good when its against your best interests.
Comments