Worms Are for Suckers

Paying attention to most of these mass-mailing worms is a waste of time, says eWEEK.com Security Center Editor Larry Seltzer. Basically you just follow the same rules for all of them. But the latest ones are both more aggressive and more clever.

I must confess that for the most part I find mail worms boring. With few exceptions they all seem the same to me.

Several worms and trojans and all that sort of attack are released every day, although you dont hear much about most of them. The news about the famous ones is usually so routine that Ive thought about writing a program to generate a news story about them.

Sort of like MadLibs, the program would generate a story that says "the new worm, named W32.[WORM_NAME].D (although also known as [ALT_WORM_NAME.D] by some vendors), spreads through e-mail, network shares and peer-to-peer services such as KaZaA. After the victim launches it, the program sets itself to run at boot time by setting a key in the Windows registry." Etc., etc., and so on and so forth.

You get the point, Im sure. These worms all have far more in common than not. The next news story will be a simple matter of filling in a form and letting the software generate the copy. Its a publishers dream.

The latest big deal worms, the dueling pair of NetSky and Bagle, illustrate the absurdity of the situation to me. Bagle adds the only clever advance Ive seen in months, although its an idea I heard discussed many months ago: It sends itself out as a password-protected ZIP file. The body of the message has a message, generally from the IT department, including the password to the file. The worm sends out files with a variety of potential passwords, so the contents of the file will differ, and scanners cant easily detect it. NetSky.D, on the other hand, is the same stupid stuff that every other worm has foisted on the world for years now, and every vendor I check with says that its the major threat out there, spreading rapidly.

/zimages/2/28571.gifCheck out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis.

To make things even more absurd, the authors of Netsky and Bagle are in a war, removing each others programs and dropping insults. Of course, in order to attempt to remove the other worm, the computer has to have a user who fell for both. This is a sign of advanced cluelessness that reinforces my decision some months ago that, in the big picture, education wont ever be an effective weapon against malware attacks.

Next Page: Advice for avoiding worms.