Worm bait?

[John Chambers]

Jerry Feldman writes:
| Derek Martin <invalid at pizzashack.org> wrote:
| > This theory does nothing to explain why IIS is the most attacked web
| > server.  It is NOT the most widely installed web server.  I conclude
| > that there is something else at work here.
| That theory was only for email clients.
| Web servers (and servers in general) are totally different animals. IIS
| has many security flaws, and is often run on personal Windows machines.
| BIND is also a frequent target of attack.

To be attractive to virus  writers,  you  really  need  two
qualities. The software has to be in use, at least at sites
you want to attack.  And it has to have an opening  so  you
actually can attack it successfully.

The latter is mostly  what  makes  Microsoft's  systems  so
popular with virus/worm writers.  People may hate MS, true,
but security holes in the software is what  really  enables
the attacks.

Much of the internet  is  run  by  a  handful  of  unix  or
unix-like  systems.  They aren't successfully attacked very
often, despite the obvious attraction, simply  because  the
job is so much more difficult than with MS systems.