You make some good points. Perhaps my misunderstanding is in the way the vuirus spreads.
First, though, i understand that the filename is a red herring, but you have to use them in the beginning to make people aware that there is a virus out there - that changes names - that is 851.7 KB, and not to DL any of them.
Unfortunately, i think it would take more than "if there were just enough Gnutella users helping..." I think that it would take <i>most</i> of the users making a small effort. Alas, I also realies this is definately the weak point.
But i still think that the vast numbers of users actively trying to avoid getting spammed would win out of the sheer force of the spammers tacticts, which I agree is formidable.
So, now back to the mechanism of infection. I assumed that when someone DLs one of these files that it infects the user with an invisible file or process, that returns a file (of 851.7 KB) with whatever name a search asks the user for. So, if they disinfect the PC then they no longer contribute to search results having 851.7 files. So, just getting people to check for viruses should go a long way to stopping the spam (assuming again that the majority come from infected machines and not the spammers directly - I don't know about this one, further i'm not sure there is any way of knowing), and telling people about the virus goes a long way to getting people to check there system, and using the search results goes a long way to telling people about the virus.
I guess i am misunderstanding the point about crippling the network and how it would become nothing more than a list of viruses. As the process becomes more and more effective there would be less and less need to use it. it should be, now this is a complete quess
, but it should be self-limiting.
I shouldn't be helping the spammers if i have done a thorough scan of my system for malware - even if i had DL one of these files previous to scanning. Even rootkits leave secondary evidence that can be scanned for, but i doubt these (851.7) are that sophisticated. Any decent AV scan should reveal and clean this virus, i would think.
You make an excellent point about untrusted sources, but the searcher need not DL my file, which is not your point, mearly not DL another. This can be somewhat trusted because of the preponderance of evidence - LOTS of files that are 851.7 and LOTS of users saying not to DL them. How can it be dangerous to NOT download a file? At the very least it will make them think twice about it, and that surely must be a good thing.
Sorry if this is long winded or doesn't get to the point, but it is getting late and i'm getting tired. I will check back tommorrow, Hyper-kun, if you wish to continue this discussion.
One last point. This could very well just be my way of dealing with the frustration - namely comeing up with some grand unworkable solution. But then again...