I think this virus wasn't just designed to spread, I think it was designed
to remain alive on each machine it infected.
Hmm. Good points supporting this... Could be.
I have received dozens of emails from helpful systems and people notifying
me that I have the virus - and I have a Mac. I could crawl through the
headers on the bounces to determine the machine that has actually been
infected and has my email address, but once I've got an IP number I have no
easy way to turn that into an email address for the user.
Once you have an IP number, you can look up the responsible party in one
of the registries (whois.arin.net, whois.ripe.net, whois.apnic.net,
etc--there are sub registries for Latin America and such, but they aren't
too hard to find.) Then you send an email with your logs or headers to the
abuse contact and/or the administrative contact. They will know how to
deal with the problem.
The disinformation strategy clearly worked, so I expect to see more of this
style of virus in the future. Many have suggested that the purpose of the
virus may have been to setup a large zombie spamming network - I'm not sure
if it was this time, but I'm pretty sure it will be next time.
Interesting, but we already have large zombie Type 3 spamming networks...