The email engine has to be small and lightweight enough to fit into a computer virus,

That was yesterday. No, maybe the day before that even. Nowadays, when your machine gets owned, it connects to the developer's web site and downloads everything it needs. It'll install updates and check periodically for new things to download too.

I watched our poor PC tech try to remove a virus from a machine on Friday that he thought he'd gotten rid of all of it. But no. As soon as he rebooted, it started hitting the switch with heavy network traffic, downloading the parts he'd deleted. Within minutes the popups were back in full force.

Problem is now they plant "hooks" all over the place in the machine, and if you miss just one, it will go download and reinstall all the parts you removed. He finally had to back up and format that one because he couldn't find all the hooks. (usually registry keys, but there was more to it in this case, probably infected DLL files that the scanner didn't catch) That's one way to judge a PC tech's experience, is how often they have to format and reinstall to clean out the nasties. But even the really good techs occasionally run into a system that's just so compromised there's no other option. Seeing has how so many pc owners don't keep (or GET) restore disks, this can be a very unfriendly option.

I believe botnetted machines are much worse in this respect. They're run by intelligent people that have much higher economic motivation, and it's in their best interest to keep as many machines in the herd as possible, so they go to great lengths to make their payload protect, repair, and update itself. That being said, they're still somewhat uncommon. I'd say under 1 in 40 windows machines we see are participating in a botnet. In many cases, they're there for quirky problems, not popups... (usually very slow web browsing or that their ISP has disconnected them for being botnetted) The payload protects the computer from other influences so that (A) they have exclusive use of your machine, and (B) you're not inspired to take it to a tech to clean up.


I work for the Department of Redundancy Department