> > I think this virus wasn't just designed to spread, I think it was designed > to remain alive on each machine it infected. Hmm. Good points supporting this... Could be. > I have received dozens of emails from helpful systems and people notifying > me that I have the virus - and I have a Mac. I could crawl through the > headers on the bounces to determine the machine that has actually been > infected and has my email address, but once I've got an IP number I have no > easy way to turn that into an email address for the user. Once you have an IP number, you can look up the responsible party in one of the registries (whois.arin.net, whois.ripe.net, whois.apnic.net, etc--there are sub registries for Latin America and such, but they aren't too hard to find.) Then you send an email with your logs or headers to the abuse contact and/or the administrative contact. They will know how to deal with the problem. > The disinformation strategy clearly worked, so I expect to see more of this > style of virus in the future. Many have suggested that the purpose of the > virus may have been to setup a large zombie spamming network - I'm not sure > if it was this time, but I'm pretty sure it will be next time. Interesting, but we already have large zombie Type 3 spamming networks...