Bill.... You make some good points, but as to your comment that "Mydoom.B was not as successful as mMydoom.A because people had already been warned about clicking on messages with that format. It has nothing to do with the lethality of the virus. What makes a virus dangerous today is much less the actual virus code (as Nick says there are very much alike), but the social engineering of the message and the smarts about where it gets the email addresses to propagate"...
I don't think there's any way you can support your conjecture of the success of A over B. I haven't checked since Friday evening, but before then I didn't see the volume of messages received at our gateway diminish, which pretty strongly indicates that either a) we've got the same base infection rate as when it first hit (and therefore, systems that got hit don't know that they got hit, and aren't aware that they might have been hit and thus haven't been reading anything about how they should deal with this specific message if it comes in,and therefore are likely to click on Mydoom.B if they received it) , or b) new systems are getting infected as soon as existing systems are getting cleaned up. While I don't think educational efforts are fruitless (and in fact far from it, I think the fact that they have simply been inadequate), I don't think there's any reason to think that anyone has "learned" about this one and thus abstains. I know quite definitively that when the "FriendGreetings" malware was circulating a couple of years ago, we had users continue to click on links (despite it having exactly the same message format) as each new linked site was added, despite clear information that was sent to them immediately upon the first site becoming known. What no one here seems to be interested in how this thing got so big, so fast, and its apparent kinship in that respect to it's Sobig predecessor (in terms of volume, and probably also in terms of ultimate goal). It seems an important thing for this forum to consider, yet no one has (other than to assume that there is something special about the code, which there is not). G ********************************************************************** This e-mail is sent by a law firm and contains information that may be privileged and confidential. If you are not the intended recipient, please delete the e-mail and notify us immediately. *********************************************************************** _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
