From Jose Nazario’s Anatomy of a worm (Computerworld: 15 September 2004):
Now imagine a world where worm attacks frequently occur because hackers and rogue developers have access to “worm kits” or development tools that provide the basic building blocks for rapid worm development.
Historically, worms were basic clones of one another that didn’t change after their original development. Simple mechanisms were used to propagate them, such as mass-mailing worms using a single subject line.
Today’s worms are more sophisticated. They have the ability to mutate after development based on knowledge of how to thwart new security processes. For instance, an early worm, Code Red, attacked only Internet Information Server servers. The Nimda worm, which came later, expanded to include at least three additional attack methodologies: mail-based attacks, file-sharing-based attacks, and attacks against the Internet Explorer Web browser.
The potential for this worm-a-day nightmare comes from several factors: the dozens of vulnerabilities that are ready to be exploited, the availability of worm source code, recycled exploits and the ease of editing existing worms.