There's a new "worm" going around which I find *really* interesting.
I'm having a hard time calling it a virus, even though we're stopping it as a virus for our customers. It's basically an email from a "friend" - with a link in it to get your greetings card from "friendgreetings.com". When you click on the link it tries to download and install either an ActiveX component (IE) or a Java component (Netscape). This component (which is validly signed), when it tries to install itself, prompts you with an EULA that states the following:
1. Consent to E-Mail Your Contacts. As part of the installation process, Permissioned Media will access your MicroSoft Outlook(r) Contacts list and send an e-mail to persons on your Contacts list inviting them to download FriendGreetings or related products. By downloading, installing, accessing or using the FriendGreetings, you authorize Permissioned Media to access your MicroSoft(r) Outlook(r) Contacts list and to send a personalized e-mail message to persons on your Contact list. IF YOU DO NOT WANT US TO ACCESS YOUR CONTACT LIST AND SEND AN E-MAIL MESSAGE TO PERSONS ON THAT LIST, DO NOT DOWNLOAD, INSTALL, ACCESS OR USE FRIENDGREETINGS.
[and much more snipped]
This is totally legit as far as I can make out. The user installs and runs a program that emails out to everyone in your address book, and not only that it tells you it's going to do it, very clearly.
Of course nobody reads EULA's, so we're seeing thousands of these pass through our systems.
I just find this a really amusing look into the social aspects of computing. We've become so numb to boring 20 page EULA's that we'll just install anything without reading. Fascinating.
[By "we", I mean the general computing populous - not us geeks who wouldn't install this in a million years]