Wednesday, May 25, 2005
The Next Big Worm
A systems administrator at a University pondered today, "We haven't seen a really big outbreak for a few months, where are the big worms these days, like Sasser and Blaster? Aren't there any big security holes left to exploit?" Oh, yes. Microsoft releases patches about once a month, and at any given time there are usually a few serious defects that are known, not widely patched, and remotely exploitable. So what's the deal? Worm authorship seems to be more about building and maintaining botnets for revenue generating spam networks, and mining for various data like email addresses, account names and passwords, and the like. Giant worm outbreaks that infect millions of machines work against the aims of this organized criminal activity. Widespread outbreaks get the instant attention of company management, systems administrators, and AntiVirus vendors worldwide. Many small outbreaks, exploiting older known defects don't attract so much attention and serve to slowly build enormous botnets over time.