Have Mass-Mailed Malware Peaked? 2005-03-27

CRN has this article on the six year anniversary of Melissa: Six Years After Melissa, Mass-Mailed Malware Has Peaked

The article doesn't give any reasons for the belief that viruses such as Melissa are past their prime. For one, the article covers spoofed from addresses, but the main reason Melissa and similar viruses were so devastating was exactly that they didn't need any spoofed addresses - their strength was mailing from a user that had you in their address book, and hence using valid from fields wouldn't be a problem.

While most people have hopefully now learned to be careful about attachments etc., the problem with viruses using your address book is that the potential is there to make the virus much more insidious and effective.

For one, there is the potential to not start immediate bombardment of everyone in your address book, but to wait for outgoing messages with attachments and infect the attachments - people are much more likely to trust an attachment attached to what appears to be a fully legitimate message, and they're much less likely to suspect problems if their machine doesn't immediately freeze up due to massive amounts of outgoing mail.

Secondly, your sent mail folder is a trove of information for a virus - there's lots of potential for resending recent messages with attachments adding messages like "Hey, sending you another copy of this as I've made some updates" and similar.

The potential for virus writers is endless - in fact what keeps striking me with each of these virus attacks is how primitive most viruses seems to be. I'd be very surprised if we don't see more massive outbreaks.

blog comments powered by Disqus