« Watershed in malicious code evolution | Main | Instant Messaging Worms, Analysis and Countermeasures »
MS06-040 and the Death of the Worm
A couple of years ago, when a vulnerability like the recently disclosed Microsoft Security Bulletin MS06-040: Vulnerability in Server Service Could Allow Remote Code Execution was released, you figured a worm was not far behind. And not just a basic worm, the kind that can infect hundreds of thousands of machines quickly. After all, we've been expecting that to happen given what we saw in the past with MS05-039 (Zotob, which really was a bot), MS04-011 (Sasser) and MS03-039 (Blaster).But this is 2006, and people recognize that if you were able to get your code onto hundreds of thousands of systems, you should be able to do something with them. And so we have bots like W32.Wargbot taking advantage of that vulnerability. It didn't spread nearly as aggressively as Blaster did, but it showed that we're beyond simple worms, for whatever reason.
During my haitus, I spent some time wondering if Wormblog was even still needed. It's only been a few years, but it seems like worm detection systems are no longer as high pressure as they were in the past. For one, you have a significant amount of background noise from bots scanning for victims. Also, you have a dramatic slowdown in malcode propagation compres to a couple of years ago. Don't be surprised if you see more botnet stuff on here because of such changes. I think that there's still interesting research going on in worms and not just in bots, and I'll keep digging for it.
August 28, 2006 in botnets, editorial, malware , new trends | Permalink
Tell others: digg submit
|
del.icio.us this
|
Reddit
Comments
Thesee are great articles on the worm problem We are always aware of the everyday virus and trojan problem but often forget the occasional one that causes the most harm. Can the average virus software help with this problem? Having a really good program will help but new threats have to be identified, analyzed and a defense program written to stop it.
Posted by: John Russo | Nov 6, 2011 12:27:10 PM
The comments to this entry are closed.
