Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Worms Are for Suckers

    By
    Larry Seltzer
    -
    March 5, 2004
    Share
    Facebook
    Twitter
    Linkedin

      I must confess that for the most part I find mail worms boring. With few exceptions they all seem the same to me.

      Several worms and trojans and all that sort of attack are released every day, although you dont hear much about most of them. The news about the famous ones is usually so routine that Ive thought about writing a program to generate a news story about them.

      Sort of like MadLibs, the program would generate a story that says “the new worm, named W32.[WORM_NAME].D (although also known as [ALT_WORM_NAME.D] by some vendors), spreads through e-mail, network shares and peer-to-peer services such as KaZaA. After the victim launches it, the program sets itself to run at boot time by setting a key in the Windows registry.” Etc., etc., and so on and so forth.

      You get the point, Im sure. These worms all have far more in common than not. The next news story will be a simple matter of filling in a form and letting the software generate the copy. Its a publishers dream.

      The latest big deal worms, the dueling pair of NetSky and Bagle, illustrate the absurdity of the situation to me. Bagle adds the only clever advance Ive seen in months, although its an idea I heard discussed many months ago: It sends itself out as a password-protected ZIP file. The body of the message has a message, generally from the IT department, including the password to the file. The worm sends out files with a variety of potential passwords, so the contents of the file will differ, and scanners cant easily detect it. NetSky.D, on the other hand, is the same stupid stuff that every other worm has foisted on the world for years now, and every vendor I check with says that its the major threat out there, spreading rapidly.

      /zimages/2/28571.gifCheck out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis.

      To make things even more absurd, the authors of Netsky and Bagle are in a war, removing each others programs and dropping insults. Of course, in order to attempt to remove the other worm, the computer has to have a user who fell for both. This is a sign of advanced cluelessness that reinforces my decision some months ago that, in the big picture, education wont ever be an effective weapon against malware attacks.

      Next Page: Advice for avoiding worms.

      Advice for Avoiding Worms

      One positive implication of this is that you can pretty safely ignore the details in these stories. When it comes to meaningful advice one can discern from them, it amounts to these points:

      • BE VERY SKEPTICAL OF ANY ATTACHMENT IN E-MAIL. This doesnt mean that you shouldnt trust any attachment at all, but unless you know the sender and were expecting the file, you should scrutinize it and not open it unless you can determine that its legitimate.
      • Keep your antivirus software and firewall up to date. They arent perfect, but they help a lot.
      • If your mail client can block all executables, let it. Most worms, including NetSky, will be blocked just by this. If not, find some other way to do it. Its just not worth being able to mail executables around. Incidentally, both Outlook and Outlook Express have done this for years, and therefore their users have been immune to these worms.

      Some administrators are going to the extreme these days of stripping all attachments from e-mail. This isnt exactly cutting off your nose to spite your face, because it really would solve the problem, but its quite unkind to users unless you give them a reasonably convenient way to safely exchange files with outsiders. The existing solutions for users to exchange files are no bargain either. Peer-to-peer networks have become the alternate infection venue of choice for worm writers.

      I trust myself with these things more than I trust the average user, but I have yet to see a worm attack arrive on my computer that I didnt immediately recognize as a worm attack. You can just tell that they werent written for you by a real human being. Clearly other people are being fooled, and repeatedly, I suspect, because if youre going to fall for one of these I assume you could fall for all of them. And its from those people that we need to protect ourselves.

      On a sad note, believe it or not, Friday was the 10th anniversary of spam. Yes, all began when an immigration law firm posted an advertisement for help with the 1994 Green Card Lottery to all manner of irrelevant newsgroups (the example is from fr.comp.os.linux). I remember this incident. There was outrage at the time that now seems really quaint. How dare someone break netiquette in the pursuit of commercial gain!

      As Netcraft describes in their account of the anniversary, the wrong lesson was quickly learned. Spammers saw that there was no enforcement and the rules were merely suggestions. Usenet lost all usefulness within a few years, and e-mail is heading in the same direction.

      Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

      /zimages/2/28571.gifCheck out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis.

      Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page: http://us.i1.yimg.com/us.yimg.com/i/us/my/addtomyyahoo2.gif

      More from Larry Seltzer

      Larry Seltzer
      Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×