Firstly, the fact that normal common sense doesn't stop this virus has been thoroughly explained in other follow-ups.

What I would like to point out is that any multi-user-Unix-like system is NOT intrinsically more secure in this case. All the access the worm would need would be to the user's local address book. A bash shell script attached to an email could easily do just the same as ILOVEYOU. In fact it's possible to argue that such a virus could do MORE harm on a *nix once executed. It wouldn't need the user to have a specific e-mail program. There are more ways and easier ways for a script to find "interesting" addresses to mail itself to (e.g. /etc/passwd), and the script could obviously just use sendmail regardless of what e-mail-package the user received it in.

Of course such a worm targeted at *nix systems is unlikely to pop up, and would probably spread less rampantly, for several reasons:

- *nix systems are less common than MS systems by several orders of magnitude.

- The average *nix user is more experienced than the average MS user by several orders of magnitude. Most of them would probably even read the script.

But if 95 % of the John Doe's out there used e.g. Linux, I'm quite sure we'd see a similar worm targeted at them.

yt,

Gaute Lund

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/32/1881#1881