E-mail worms never seem to die. For that matter, they barely even fade away. Half of the top 10 e-mail worms detected by the MX Logic Threat Center in March were variants of worms that first hit in 2004, such as those descended from Mydoom, Netsky, and Zafi.
Other statistics affirm that these worms—ancient by Internet-age standards—continue to wreak havoc. A check of the top viruses at the Web site of antivirus vendor F-Secure showed Netsky variants at the second and third positions, while other variants of the same bug accounted for a dozen more of the top 50.
The fact that they’re still showing up on antivirus statistics raises two questions: The first is, just how dangerous are these relics? The second is, why do these worms still remain a problem after so much time?
“The older worms are certainly more of a nuisance than a menace,” says Sam Masiello, director of threat management at MX Logic, “but they are indicative of the larger problem in that users are not nearly as diligent as they should be in keeping their antivirus-engine subscription up to date.”
Masiello says that users often think that once they’ve purchased and installed an antivirus product, they’re safe from then on. Unfortunately, that’s not the case, he says. “This is only true if the definitions and their subscriptions are kept up to date and that regular scans of the operating system are performed.”
At the same time, the tried-and-true social engineering techniques that made these worms successful in the first place still manage to trick some hapless users into opening attachments that contain malicious code.
While the majority of large companies might be immune to these variants, Masiello says, small businesses and home users are often reluctant to pay for annual subscriptions. This makes it certain that the problem of long-lived viruses and worms won’t go away anytime soon—particularly as malicious code is modular and thus easier to cobble together, and existing botnets are available for rent.