Worms Are for Suckers
By Larry Seltzer

I must confess that for the most part I find mail worms boring. With few exceptions they all seem the same to me.

Several worms and trojans and all that sort of attack are released every day, although you don't hear much about most of them. The news about the famous ones is usually so routine that I've thought about writing a program to generate a news story about them.

Sort of like MadLibs, the program would generate a story that says the new worm, named W32.[WORM_NAME].D (although also known as [ALT_WORM_NAME.D] by some vendors), spreads through e-mail, network shares and peer-to-peer services such as KaZaA. After the victim launches it, the program sets itself to run at boot time by setting a key in the Windows registry. Etc., etc., and so on and so forth.

You get the point, I'm sure. These worms all have far more in common than not. The next news story will be a simple matter of filling in a form and letting the software generate the copy. It's a publisher's dream.

The latest big deal worms, the dueling pair of NetSky and Bagle, illustrate the absurdity of the situation to me. Bagle adds the only clever advance I've seen in months, although it's an idea I heard discussed many months ago: It sends itself out as a password-protected ZIP file. The body of the message has a message, generally from the IT department, including the password to the file. The worm sends out files with a variety of potential passwords, so the contents of the file will differ, and scanners can't easily detect it. NetSky.D, on the other hand, is the same stupid stuff that every other worm has foisted on the world for years now, and every vendor I check with says that it's the major threat out there, spreading rapidly.


Full coverage @ eWeek