In the last thirty days, at least 27 different worms or worm variants have hit the Net Worms have become such a major part of the attackers toolbox that they seem to be coming at us from every angle.
Worms continue to attack such staples as Outlook mail clients and to spread via all the normal means -- i.e., email, file shares, etc.... Most of them are still using the normal user trickery and social engineering elements that have worked so well in the past, yet continue to be a successful attack vector today. The bottom line on this category is that enough users still open attachments from unknown people to allow worms to continue growing and propagating. We, the security staff, *must* do a better job of continually educating users against these types of threats.
Worms have also continued to attack our more prominent infrastructure systems. New worms have emerged against Web servers, SQL installations, and, of course, open file shares. Customized, targeted worms have even been rumored to attack file-sharing systems such as Gnutella and instant messaging systems that may be prevalent on home user broadband systems. The payload of these worms range from data destruction to the always-popular denial of service attack tools. Many of them are also equipped with more traditional back door payloads and Trojan horses.
What can you do to help contain these beasts? The answers haven't changed.
* Install anti-virus tools at the mail gateways of your networks.
* Install anti-virus detection systems on every PC in your organization (and be sure not to forget those of road warriors and work from home folks with a VPN connection).
* Block dangerous attachments such as .exe, .dll, .vbs, .com, .bat, and others at the mail gateways and at Web proxies.
* Continue educating your users about such malware threats.
Until users really get it and resist clicking on that new release of "whack-a-mole" emailed to them this morning, we must keep after them. Persistence and patience may be our only chance at eventually winning this battle in the InfoSec war.