I must confess that for the most part I find mail worms boring. With few exceptions they all seem the same to me.
Several worms and trojans and all that sort of attack are released every day, although you dont hear much about most of them. The news about the famous ones is usually so routine that Ive thought about writing a program to generate a news story about them.
Sort of like MadLibs, the program would generate a story that says “the new worm, named W32.[WORM_NAME].D (although also known as [ALT_WORM_NAME.D] by some vendors), spreads through e-mail, network shares and peer-to-peer services such as KaZaA. After the victim launches it, the program sets itself to run at boot time by setting a key in the Windows registry.” Etc., etc., and so on and so forth.
You get the point, Im sure. These worms all have far more in common than not. The next news story will be a simple matter of filling in a form and letting the software generate the copy. Its a publishers dream.
The latest big deal worms, the dueling pair of NetSky and Bagle, illustrate the absurdity of the situation to me. Bagle adds the only clever advance Ive seen in months, although its an idea I heard discussed many months ago: It sends itself out as a password-protected ZIP file. The body of the message has a message, generally from the IT department, including the password to the file. The worm sends out files with a variety of potential passwords, so the contents of the file will differ, and scanners cant easily detect it. NetSky.D, on the other hand, is the same stupid stuff that every other worm has foisted on the world for years now, and every vendor I check with says that its the major threat out there, spreading rapidly.
To make things even more absurd, the authors of Netsky and Bagle are in a war, removing each others programs and dropping insults. Of course, in order to attempt to remove the other worm, the computer has to have a user who fell for both. This is a sign of advanced cluelessness that reinforces my decision some months ago that, in the big picture, education wont ever be an effective weapon against malware attacks.
Advice for Avoiding Worms
One positive implication of this is that you can pretty safely ignore the details in these stories. When it comes to meaningful advice one can discern from them, it amounts to these points:
- BE VERY SKEPTICAL OF ANY ATTACHMENT IN E-MAIL. This doesnt mean that you shouldnt trust any attachment at all, but unless you know the sender and were expecting the file, you should scrutinize it and not open it unless you can determine that its legitimate.
- Keep your antivirus software and firewall up to date. They arent perfect, but they help a lot.
- If your mail client can block all executables, let it. Most worms, including NetSky, will be blocked just by this. If not, find some other way to do it. Its just not worth being able to mail executables around. Incidentally, both Outlook and Outlook Express have done this for years, and therefore their users have been immune to these worms.
Some administrators are going to the extreme these days of stripping all attachments from e-mail. This isnt exactly cutting off your nose to spite your face, because it really would solve the problem, but its quite unkind to users unless you give them a reasonably convenient way to safely exchange files with outsiders. The existing solutions for users to exchange files are no bargain either. Peer-to-peer networks have become the alternate infection venue of choice for worm writers.
I trust myself with these things more than I trust the average user, but I have yet to see a worm attack arrive on my computer that I didnt immediately recognize as a worm attack. You can just tell that they werent written for you by a real human being. Clearly other people are being fooled, and repeatedly, I suspect, because if youre going to fall for one of these I assume you could fall for all of them. And its from those people that we need to protect ourselves.
On a sad note, believe it or not, Friday was the 10th anniversary of spam. Yes, all began when an immigration law firm posted an advertisement for help with the 1994 Green Card Lottery to all manner of irrelevant newsgroups (the example is from fr.comp.os.linux). I remember this incident. There was outrage at the time that now seems really quaint. How dare someone break netiquette in the pursuit of commercial gain!
As Netcraft describes in their account of the anniversary, the wrong lesson was quickly learned. Spammers saw that there was no enforcement and the rules were merely suggestions. Usenet lost all usefulness within a few years, and e-mail is heading in the same direction.
Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.
Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page:
More from Larry Seltzer