As I delete the bounced message spam from the latest wave of virii claiming to send mail from me, it strikes me that if one of these virus writers ever decides to really push the envelope, it wouldn’t be too hard to write what I’ll dub a “Mail Multiplier” virus that’d really thrash the network…
Ask yourself this: What if a virus writer spent a few days searching the Web for mailing lists that aren’t double opt-in (that is, you send a message to a ‘subscribe’ address and *poof* you’re on the list without any further confirmation of identity) then write a virus that has that list of addresses in its little dataset? Disseminate the virus in the ‘usual manner’ and every time it finds an address book, it subscribes everyone therein to all the mailing lists it knows about. And then spawns itself to all of those people in the book.
Now take this idea one step further; what if the virus also installed itself as a filter rule for Outlook so that it could intercept and respond to opt-in confirmation messages? Then the little bugger could subscribe people to mailing lists that believe they’re immune to this sort of thing. And then… the virus can be sent to mailing lists, not just individuals, because the victims of this virus would now be members of the list.
Tell me why I shouldn’t be anxious about this. Tell me why this can’t happen. Tell me why I won’t end up going to jail for this weblog entry when, in four months, this turns out to cripple the network? 😐