They are everywhere, I would wager more than 90% of all Windows based computers connected to the internet have some form of virus, spyware, or malware running havoc on them. Hell, I consider myself somewhat of a computer expert, and even my Virtual PC install is infected in one way or another. I don’t really know how, or where, just that I trip the alert bells when I hit my websites with Virtual PC, so I know there is a nimbda or four working it’s magic. Not that I care, that is the point of me running Windows in a virtual machine, so I can do as I please and have no repercussions.

By now, you should get the idea that I am a Macintosh user. By and large, I live a worry free computing life, putting little thought towards the state of my computer in regards to it’s health. It just works, it’s not something I waste brain cycles on, and I like it that way.

What strikes me as downright amazing, is the relative lack of all out destruction the past years crop of viruses have brought forth. I honestly can not remember anything wide spread that went as far as to wipe your drive of all data. Perhaps this is to a point, as there is nothing more than notoriety in that type of virus kit.

From what I can gather, virus writers are after either data or a zombie machine that they can use to get more data, or host itself as a spam machine. Where is the fun in that? Where is the humor in all this?

I know nothing about how to write a virus for Windows. I have to assume it is rather simple, since there are so many. The few I have looked at all seem to be really bad code, barely hanging on, yet amazingly, rather adept at managing to work under a multitude of conditions.

This is in part, more than likely, due to the many layers of linking that Microsoft offers it’s developers. Pretty much every application is able to talk to every other application with minimal effort. In a perfect world, this is a feature, in the world we live in, this is a security nightmare.

Security nightmares be damned, the ability is still there. I can specifically remember at least three viruses that were able to get to a users Outlook address book, take all the addresses, and send them elsewhere, then send a copy of itself to the entire list of recipients. It was a start, but again, no fun in that.

So, without further ado, may I be so bold as to propose a more humorous method of attack. One that gives you that “Oh shit!” feeling, but when it is all over, you really are not at all that large a loss. Added benefit, this would teach corporations to learn how to sign their email securely, and not trust in email as a rock solid means of communication, especially when it comes to private email.

The virus is simple, it infects by converting all your email addresses in your address book to new ones. For example, if you have Kurt Moore k.moore@formulateaffinity.com in your address book, it would get changed to Kurt Moore k.moore@formulateaffinity.com.harvest.com. As you can see, we appended harvest.com to the email address.

So long as the list of domains appended are within the control of a group that would know how to run a email server, they are going to get every outbound email of every infected machine. Add a few extra random domains to your list, and you have a safety net in case the domains get shut down.

Technically, this is pretty simple. Register your domains in Russia or some other country that turns a blind eye to this stuff. Add a wildcard entry in your DNS for that domain, point the MX records appropriately.

Now, say you were infected, how long before you would find out? I would wager, a while, you may go an entire day, waiting on replies to emails, just thinking everyone is busy. Little will you know your emails are being delivered elsewhere. Heck, you could even add in the fake email address as a BCC or CC, though that may very well stick out like a sore thumb.

Either way, it would be funny, set up a website that parses out the inbox, and posts the emails online. Yeah, it’s mean, but hell, the clients who email me every day, pissed cause some other email server is bouncing their email… It just gets old. I know *you* feel your email is super important, but for Christ’s sake, it is email, stop relying on it as a reliable communication tool. You could, you know, pick up the phone, confirm they got the email?

My jaw dropped the other day when I got an email asking if I would check on a clients account. Apparently they had been expecting an email from some CEO, to confirm something about a multi million dollar deal. The fact the email never showed up, caused the deal to be dropped. it was this, that made me think of what a good education a virus like this would provide. Get real, get fired for that matter, if you think email is a good way to embark on those final approvals of a multi-million dollar deal, well, Trump has two words for you.