If you haven't been keeping an eye on the virus newsgroups (and why should you?), you would probably have missed these two little snippets.

To set the scene, the internet world has recently been mildly rocked by a worm Mydoom, which forced SCO to take a website offline; large numbers of infected machines on the net were bombarding it with requests because of the presence of a program in their machine, which had arrived there after the user had (unwittingly?) clicked on a message attachment. Microsoft got away more lightly.

Here is a snip from a poster on one of the virus newsgroups

"... i just got my first Sober.C email (as far as i know) and the social engineering is amazing...

the subject was "you are an idiot"...

the message text was "why do you do that"...
the attachment was idiot.scr...

people actually click on this stuff?"

Oh gosh crikey yes, they click like crickets.

The second snippet is far more fascinating.

A "white" worm has been found which searches out these infected machines which, when they're not busy bombarding Microsoft and SCO, sit listening for instructions from the virus writer, possibly to download a new target address. The "white" worm inveigles it way into these machines, and disables the virus.

Brilliant, eh! The idea seems to be; smart people buy virus checkers, while the stupid either don't buy them, or do but then don't use them, or just click anyway because they think the virus checker will save them. Smart people don't bombard SCO and Microsoft, but stupid people do. So, just like the neutralisation of Afghanistan and Iraq, somebody in command has decided to protect themselves against the unthinking activities of stupid people. I'm impressed by the strategic thinking, and mildly worried by the ethical implications.

However, I've kept the best for last.

Of the "white" worms detected so far, one appears to have been written by Chinese programmers. It has a subtle twist -

It will neutralise an infected machine which is set up for English, Korean, or Chinese languages. If it finds an infected machine with Japanese language installed, it modifies as many HTML files as it can find, writing into them the following information:

• The details and date of the Japanese invasion of Manchuria
• The details and date of the Japanese shelling of the Marco Polo bridge
• The details and date of the Rape of Nanking
• The details and date of the first and second atomic bombings of Japan
• The details and date of the surrender of Japan to American forces.

And a few choice phrases which don't seem to translate into English too well.