Self-mailing, and particularly mass-mailing, viruses have become a significant concern to many system administrators. The self-mailing specification modifier has become widely supported by antivirus developers and thus is a useful indicator to system administrators whether a new virus is of the self- or mass-mailing variety.
For now, this modifier may take one of two possible values if present – ‘@m’ and ‘@mm’ (again, as with all identifiers, case is irrelevant). Viruses whose FSMN has either of these modifiers are self-mailing – i.e. they send copies of their viral code from a victim’s machine to others via Email. The difference between the two specifiers is the extent of mailing implied. A virus with an ‘@m’ modifier is a ‘slow mailer’ – one that sends one copy of itself per message sent by the victim or that perhaps sends only a small number of messages sporadically (say, one message per system startup). Viruses that deserve the ‘@mm’ modifier are ‘fast’ or ‘mass’ mailers – at least once (and usually soon after they first run, although that is not necessary) a ‘wave’ of mail containing copies of the virus can be expected to be sent from a victim’s machine.
There is, however, no hard definition or precise dividing line between ‘slow’ and ‘fast’ mailing viruses. In practice, most viruses that deserve one or other modifier are quite obvious and widely agreed, but sometimes there are borderline cases where debate can rage. For example, Melissa and LoveLetter are ‘obviously’ both ‘@mm’ viruses while Ska and Kak are equally obviously ‘@m’ viruses.
Also, please note that regardless of whether ‘@m’ or ‘@mm’, the value of this modifier is that it reflects real potential for spread. A viral program that also has broken mass-mailing code must not be tagged ‘@mm’ because it cannot send multiple copies of itself. Likewise, a program that would only be malware (and viral) were its mass-mailing code functional must not be named something like ‘intended://VBS/FooBar.A@mm’ — ‘@m’ and ‘@mm’ must only be used to designate working self-sending Email functionality. The value of these indicators to system administrators and other customers of AV developers must not be diluted by attaching these modifiers to the names of programs that do not have functional self-mailing code.