At 02:31 PM 12/05/2001 -0800, Alfred Qaeda wrote:
"The subject line says 'Hi' and will be from someone you know," Symantec security response group manager Kevin Haley said. "The text will say 'How are you? I saw this screensaver and immediately thought of you.' That's a giveaway."<<
Authors, How can you put so much effort into writing cool virii and do such an amateur job on the social engineering?
I was surprised how effective such an amateur job was; my corporate email system was pounded into the ground for a couple of days. Unless I'm misunderstanding the descriptions of this thing, it didn't fire up automagically just from opening the message or using the MSOutlook Preview Pane function - it had to convince a sucker to actually run the file, either by clicking on it or by saving it and running it. Perhaps the descriptions have been incorrect? Of course, one of the problems of Outlook-style mail systems is that they often have mailing lists that hit the whole company, or at least sets of tens of thousands of people, and this does seem to do a good job of trolling for those lists, and continually pounding once it starts, so it only takes a small number of suckers for it to explode. I received a few thousand copies that I was aware of; after I put a mail filter on my machine, there were probably a few thousand more. Of course, the quickly installed filters that our mail admins used trashed all messages with "hi" in the Subject line, even if it was in the middle of words like "behind" or "chief" :-)