Author signs MyDoom virus

Mikoca writes "Information Week carries the story of how its author signed it "andy" and left the message "I'm just doing my job, nothing personal, sorry." Thanks, Andy!"

sorry for what

[mr_tommy]

This guy isn't sorry. Sticking in things like this merely give the virus more media attention, and diverts attention from the real issue here : insecurity, and user failure to patch up.

Re:sorry for what

[leifm]

What exploit does MyDoom take advantage of, other than user stupidity?

Re:sorry for what

[sweatyboatman]

MyDOOM takes advantage of the user's ability to run executables directly from his/her email client.

why would you ever want to do this? i can't even think of the last time I got an executable attachment that wasn't a virus.

all email programs should disable the feature that allows you to double click on an icon and launch a virus. because:
A) no one needs a "feature" like this. Save to Disk and then run if neccesary.
B) icons are designed to be clicked. as desktop users, we're trained to click on things. it's how we interact with our computer.
C) a warning dialog after the double-click is useless. The person has already decided to run the program, to them it just seems like annoying interference from their stupid computer.

News need a story

[glassesmonkey]

I'm convinced the whole DDoS SCO/microsoft really is just a cover story so the media can tie a simplified little bow around the story. If a worm infected this many computers and didn't have an "objective" (aside from backdoor into your Windows machine for future usage and/or email harvesting and/or spam relaying) the news story would be too complex and there might even be a story about spammers or even the lack of action by Microsoft.

The real story is that these worms and viruses have become big business and the only people who profit from them are software vendors selling anti-virus, Microsoft through services, and spammers.

Re:Don't blame Andy!

[Captain+Tripps]

Why do people have to be so elitist about this? These viruses exploit people's false expectations of security when launching email attachments, so the proper solution is make things work like people expect. When a user opens an executable attachment (and this includes things like Word docs with macros) it should run with restricted priviledges. If it wants to touch systems files, or spawn background processes, or edit the registry to run itself at startup, the user must okay it. This is ought happen rarely enough that users will take it seriously, rather than the current policies, which are so restrictive they just get disabled.

DOING HIS JOB???!!!

[swordgeek]

Doesn't anyone see the writing on the wall yet?

Viruses are turning computers into spam relays. Other viruses are DoSing various anti-spam blackholes. Yeah, this one happened to hit SCO and Microsoft, but the payload is easily changed, now that the virus framework is out there.

Viruses are being PROFESSIONALLY written to HELP SPAMMERS! Go read some recent comments from Symmantec folks, and you'll see the same conclusion: Spam and viruses are being funded and run by organised crime.

Will Microsoft stop them? Nope! The US government? Not a chance. AOL? Laughable.

I quite believe that the author (whether Andy or not) was doing exactly what he said--his job, that he was no doubt being paid very well for.

Your scrotum will pay for your refusal...

[myowntrueself]

"Personally, I'd rather be unemployed than be paid by someone with the ethics to deliberately release software like this."

Unemployed, maybe, but would you rather be hung upside down from a tree by your scrotum?

Thats what you get when you say 'no' to the right (wrong) people, dude. Where have you been living?