Friendly viruses? Pull the other one

It's either benevolence on an unprecedented scale or the latest development in social engineering - a virus which offers to fix your existing vulnerabilities.

In truth it is almost certain to be the latter - the latest ploy by virus writers to gain access to a user's machine. In the past we have seen people offering smutty pictures or exclusive spy snaps during the war in Iraq. This time it is just a different offer but the underlying reason is the same. Virus writers just need to keep finding new ways of encouraging users to open their attachments.

Jack Clark, product marketing manager at McAfee, today told us: "This worm offers to patch the vulnerability left by Microsoft - almost making the virus seem like a good idea, only as a user it really isn't a good idea to leave your patching to a virus. Nobody should want to be infected by a worm - even one that offers to fix a problem. Users shouldn't be inviting unauthorised traffic onto their machines."

The fact that this worm makes good on its offer and does download the fix is neither here nor there.

Users should certainly not trust a worm to fix a flaw because they can't vouch for the source and they can't have any idea what else it will do while to their machines.

In some respects it's like hiring a burglar (and not even a reformed one at that) to fit locks on your windows and then going out and leaving them to it. Sure, he may well do a responsible job fitting the locks, but he may well help himself to your TV, video and PC on his way out.

More relevant still is the argument about anti-virus companies and security companies hiring known hackers and virus writers. The association they have created for themselves through illegal activity means there should be an inherent distrust of the subsequent work in that field.

Don't open it.