Viruses, Trojans, worms. They all enjoy a (sometimes brief, sometimes long) period within which the are at the peak of their game – so to speak – but that period inevitably ends, and the malware in question fades from collective memory, only to become another entry in a malware database.
That’s why CA’s researcher was shocked to find a 22-year old worm in a friend’s computer he was asked to test for a possible malware infection:
Further investigation confirmed that the worm was still attacking other machines via TCP port 23. But, wait a minute! According to the relevant CERT advisory, the WANK worm “infects only DEC VMS systems and is propagated via DECnet protocols, not TCP/IP protocols.” And this is a machine running SunOS.
The answer to this enigma is that the initial diagnosis is only partially right. The computer IS infected with a worm, but the real culprit is Solaris/Wanuk.A, a worm first detected in 2007, which randomly displays 11 ASCII pictures – among which is the one displayed by the WANK worm.
Mystery solved. And even if this is just a 3-year old worm, this just proves how much more “durable” worms are compared to viruses and Trojans.