Rapid MyDoom Spread

[Dingbat Charlie]

Can anyone offer insight as to why MyDoom spead so fast? It appears to be
one of the "same old" mass email worms, not exploiting any new
vulnerablilities. Was it just an above average bit of social
engineering/subject line spoofing?

 

[Dave Gower]

Can anyone offer insight as to why MyDoom spead so fast? It appears to be
one of the "same old" mass email worms, not exploiting any new
vulnerablilities. Was it just an above average bit of social
engineering/subject line spoofing?

According to what I've been reading the experts say good social engineering.
One part of this is the use of internal hot links to activate the payload.
Personally I was very suspicious when I first saw it, so I'm a little
surprised that so many people are getting suckered in. Of course every month
there's thousands of net newbies.

 

[Steve Walton]

According to what I've been reading the experts say good social engineering.
One part of this is the use of internal hot links to activate the payload.
Personally I was very suspicious when I first saw it, so I'm a little
surprised that so many people are getting suckered in. Of course every month
there's thousands of net newbies.

I got an email from amazon.co.uk, all well presented, including valid
links to their site
and including a realistic looking header of the email that I was
supposed to have sent
and then on the an attachment

in fact as I write this, I just realised it could be that the viruse
was sent to amazon.co.uk with me as sender - then I got the automated
reply from them

clever clever - the worm gets 2 emails for the price of one, and a
email bombardment of a business site with auto-respond

Also just heard that SCO is on the end of the payload at the moment

Steve

 

[FromTheRafters]

According to what I've been reading the experts say good social engineering.
One part of this is the use of internal hot links to activate the payload.

Could you point me to a reference for this?

Personally I was very suspicious when I first saw it, so I'm a little
surprised that so many people are getting suckered in. Of course every month
there's thousands of net newbies.

I wonder how many are actually suckered in by the icon.

 

[Conor]

Can anyone offer insight as to why MyDoom spead so fast? It appears to be
one of the "same old" mass email worms, not exploiting any new
vulnerablilities. Was it just an above average bit of social
engineering/subject line spoofing?

No, it was the continued ****wittery of the average PC user who,
despite the warnings given absolutely everywhere, still continues to
open attachments and use Shitehouse Express.


--
Conor

"The vast majority of Iraqis want to live in a peaceful, free world.
And we will find these people and we will bring them to justice."
- George Bush

 

[kurt wismer]

Can anyone offer insight as to why MyDoom spead so fast? It appears to be
one of the "same old" mass email worms, not exploiting any new
vulnerablilities. Was it just an above average bit of social
engineering/subject line spoofing?

i think we've seen that even social engineering is unnecessary... when
people run email worms that come in as attachments to test messages, or
worse still unzip the attachment to execute the worm inside, it just
says to me that there really isn't anything special required to make a
successful virus or worm...

 

[Dave Gower]

Could you point me to a reference for this?

Off the top of my head, a story a few days ago on the CNN tech website,
quoting industry experts. I presume the same experts got quoted elsewhere as
well.

 

[me]

Off the top of my head, a story a few days ago on the CNN tech website,
quoting industry experts. I presume the same experts got quoted elsewhere as
well.

Oh my ... "industry experts" :-/

J