Replies

It might, but what's the point, if you're in their inbox you're in their inbox.

You originally wrote:

For this thing to be the primary exploit method, users would be surfing infested websites.

I was simply pointing out that surfing a website isn't necessary. The link can be delivered in email.

You should at least read your own posting that I responded to, so that you'll understand the point I was trying to make.

There's a lot of holes in that theory. From dial in clients? Behind firewalls? Forget those working in your scheme right off the bat.

The current Novarg/Mydoom worm is affected in a similar way: the backdoor installed on port 3127 also isn't accessible under the circumstances that you describe. But you're right, it would limit the propagation.

It would be interesting to know the percentage of broadband clients that have an effective firewall. Since Microsoft is finally enabling their firewall by default (in the next service pack of XP), that percentage will hopefully start to increase.

It may be technically classified by some as a worm because of it's complexity, but it's still at it's heart an e-mail virus that requires user interaction to propogate.

It's classified as a worm by:

It's classified as a virus by:

http://vil.nai.com/vil/content/v_100988.htm

Symantec provides the most concise explanation of the difference:

Virus: A program or code that replicates; that is, infects another program, boot sector, partition sector, or document that supports macros, by inserting itself or attaching itself to that medium. Most viruses only replicate, though, many do a large amount of damage as well.

Worm: A program that makes copies of itself; for example, from one disk drive to another, or by copying itself using email or another transport mechanism. The worm may do damage and compromise the security of the computer. It may arrive in the form of a joke program or software of some sort.