On Fri, 21 May 2004, Tyler Durden wrote: > Imagine I'm working for a large Fortune 100 Company. Now imagine I hear > about a sasser-like worm that will install atself and spread, BUT "it has > been confirmed" that the worm will proceed to vomit spam at X for a period > of 48 hours. Depend on X (eg, the CIA, Microsoft, Re-elect George W...) I > might be more than willing to download that virus, provided I had some kind > of assurance that it wouldn't trash all my work (and if it closes down my > company for a day or two, all the better 'cause I'm way overworked). > > Of course, I'll need plausible denial: "Oh, I thought that was my boss > sending me a file...").
If it is a .vbs mail worm, or something similar that spreads as an interpreted script, you can get your assurance about the worm's function by examining its source code. But every coin has two sides (and the so-often neglected edge) - it also makes it easier to quickly create evil data-damaging versions of the worm.
