Well, Microsoft has patched those pesky DNS vulnerabilities affecting Windows. When the flaws were first revealed, and exploit code began circulating through the darker corners of the Internet, a few of us got excited. You see, it's been a while since we've seen a bofa fide network worm unleashed on the Internet.

There are a few technical reasons for this. First, system administrators tend to firewall things these days. Second, Microsoft Windows XP Service Pack 2 slapped a software firewall on default installations of Windows boxes, eliminating those machines from network worms' reach. But still, a well written worm that exploited this DNS bug would have spread, despite having to attack machines on weird RPC ports which are normally sealed off from the outside world.

Blaster and Slammer, the SQL worms, were proof that worms that shouldn't spread do -- there's no reason a worm attacking SQL ports, just like RPC ports, should be able to spread like wildfire. But Slammer and Blaster both did, big time.

So what's new this time? It seems that vulnerabilities are simply too valuable to "waste" on writing a pointless worm that makes a lot of noise and encourages administrators to patch their systems. The worms of old, while a pain in the arse, can't make money for anyone. All the bad guys care about these days is hijacking accounts and making dosh. Glory hacking is dead.

So network worms, it seems, are as dead as a dodo's doornail.

In a weird way it's a shame. First off, network worms were a wake up call every time they came around; a reminder that we haven't got this computer security problem licked. Second of all, they made all us infosec geeks feel terribly important.

The worst thing is the Internet community at large seems to think things have somehow improved because there are no more major worms. That is not the case. The bad guys just don't make as much noise any more.

Don't shoot me for saying this, but the affect of a massive, non-destructive but rapidly propagating network worm would probably have a positive affect on security overall. It'd shake us out of our complacency. I'd rather see a major networking vulnerability being exploited by a worm written by a spotty 16-year-old than a group of cyber-crooks from Khajikaronastahn hell bent on draining my bank account. How about you?

BTW there's not much news on my podcast this week. But there are a couple of interesting stories -- I spoke with a lawyer about the extradition of Aussie pirate Hew Griffiths to the US, and had a chat with Richard Forno in Washington about the USA's proposed national ID card. Listen here.