Worms Are for Suckers

By Larry Seltzer  |  Posted 2004-03-05 Print this article Print

Paying attention to most of these mass-mailing worms is a waste of time, says eWEEK.com Security Center Editor Larry Seltzer. Basically you just follow the same rules for all of them. But the latest ones are both more aggressive and more clever.

I must confess that for the most part I find mail worms boring. With few exceptions they all seem the same to me. Several worms and trojans and all that sort of attack are released every day, although you dont hear much about most of them. The news about the famous ones is usually so routine that Ive thought about writing a program to generate a news story about them.

Sort of like MadLibs, the program would generate a story that says "the new worm, named W32.[WORM_NAME].D (although also known as [ALT_WORM_NAME.D] by some vendors), spreads through e-mail, network shares and peer-to-peer services such as KaZaA. After the victim launches it, the program sets itself to run at boot time by setting a key in the Windows registry." Etc., etc., and so on and so forth.

You get the point, Im sure. These worms all have far more in common than not. The next news story will be a simple matter of filling in a form and letting the software generate the copy. Its a publishers dream.

The latest big deal worms, the dueling pair of NetSky and Bagle, illustrate the absurdity of the situation to me. Bagle adds the only clever advance Ive seen in months, although its an idea I heard discussed many months ago: It sends itself out as a password-protected ZIP file. The body of the message has a message, generally from the IT department, including the password to the file. The worm sends out files with a variety of potential passwords, so the contents of the file will differ, and scanners cant easily detect it. NetSky.D, on the other hand, is the same stupid stuff that every other worm has foisted on the world for years now, and every vendor I check with says that its the major threat out there, spreading rapidly.

Check out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis. To make things even more absurd, the authors of Netsky and Bagle are in a war, removing each others programs and dropping insults. Of course, in order to attempt to remove the other worm, the computer has to have a user who fell for both. This is a sign of advanced cluelessness that reinforces my decision some months ago that, in the big picture, education wont ever be an effective weapon against malware attacks.

Next Page: Advice for avoiding worms.

Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel