[Dshield] Time limits on virii
Marc Chabot (.net)
marc at chabot.net
Sun Feb 29 00:26:06 GMT 2004
Kon'nichi wa Chris,
Saturday, February 28, 2004, 6:35:49 PM, a écrit:
CC> So let me ask this. If I'm a virus writer, why would I want my bug
CC> to deactivate after a certain date? What's the advantage to me?
CC> What purpose does deactivating fulfill?
Purpose: infect a clueless user with no firewall nor up to date
antivirus and use his computer as a zombie to spam or anything else.
When infected, the computer is shooting a gazillion emails to infect
others. It's good for a short time to propagate, after a while it's
useless because those who could be infected are already infected,
others are cluefull and/or use an antivirus. Going on with the
infection attempt can only attract complaint to the ISP who would pull
the plug and/or clean the infected computer.
The spammer need the infected computer to spam for a long as he can.
An infected computer with no more infection attempt is less visible
and won't be cleaned as fast. Also, the spammer wants the full
bandwith to spam as the infection attempt are no longer needed.
CanonBall mailto: marc at chabot.net
Sender Policy Framework: CALLER-ID for e-mail
More information about the list