Could The Bad Guys Win on Spam?: http://eletters.eweek.com/zd1/cts?d=79-356-2-3-13145-42538-1
"Spam and mail-based attacks are coming to dominate Internet e-mail. Nothing seems able to stop them, and some days it's rare to find real mail among the spam. Could it come to the point that it's not worth dealing with e-mail's problems?"

On some days, life in the security business is more depressing than on others. My recent reading about Mimail.L, the latest in a long line of sociopathic worms, tipped me into the blues.

Mimail.L is particularly vile. Here are some of the actions it takes:

• It arrives as a pornographic e-mail with an attached ZIP file purporting to contain dirty pictures. That file contains a file with a .jpg.exe extension, so if someone runs it to see the picture they actually infect themselves. As always, this subterfuge works far more often than I'd like to think, but so far it's just a run of the mill worm.


• It scours the hard disk for e-mail addresses and stores them in a file named xu298da.tmp in the Windows folder. It then mails itself out with the same porno message to these addresses.


• If there's a problem sending that mail, it instead tries to send a different message without the attachment. This fallback message says that the recipient's credit card has been charged for a purchase of child pornography. It directs the reader, if they want to cancel, to contact security@europe.spamhaus.org.


• The message also lists more than a half a dozen sites as places you can get more kiddy porn, including Disney.go.com, Spamcop.net and Spews.org, and attempts to perform a denial of service attack on these sites..

So, not only is this a particularly offensive worm, but it specifically attacks anti-spam sites! Do the authors of the worm have a particular problem with these groups? Perhaps, or maybe it's just more anti-social behavior. They also attack Register.com, but I doubt they're opposed to domain name registration on principal

After reading about this I'm tempted to agree with a poster on a Slashdot thread on Mimail.L: "They won't stop 'til they've destroyed e-mail." We keep hearing about the ever-increasing percentage of Internet e-mail that is composed of spam. The latest consensus I hear is "over 50 percent," but you can bet your last "F_R_E_E whatever" that the number will continue to climb.…

http://www.eweek.com/article2/0,4149,1403354,00.asp?kc=EWNWS120903DTX1K0000599