Lately worms have been less popular attacks than viruses or e-mails with URLs that point to malicious Web sites.

"Worms are actually relatively rare compared to the number of virus attacks," Allman says. "For the average user, phishing is a worse problem."

"We haven't seen a big Internet-clogging worm in several years, and there are several reasons for that including the increasing prevalence of [network address translation] boxes and personal firewalls that make it difficult for a worm to do the scanning the way the Morris worm did," Bellovin says.

The Morris worm foreshadowed how future distributed denial-of-service attacks would be used to overload systems and knock them off the Internet.

"There had never been a simultaneous large-scale security event prior to that," Spafford says. "It was the first significant denial-of-service issue that came to people's attention related to computing. And it was the first event that crossed vendor platforms because it attacked Berkeley Unix and Sun systems, and in that regard I would say we haven't seen many other incidents like that. Most incidents have been directed at one vendor's platform."