Skoudis seems to be leaning towards, along with others, that the majority of worms we are seeing recently are all "tests". He describes the makup of a worm, Warhead, (exploit(s)), Targeting mechanism, (scanner and the algorithms that drive it), and payload(s), (the Nasty stuff). I think the theory about "test" worms is really rather justified considering that we have had numerous worms in the last couple of years, they are getting faster and better targetted yet they haven't really done any damage to the infected machines, (yeah, yeah, cleanup costs are "damage" but I'm talking about formatting the box after a while or messing up all the data files it can find on network drives.... That's much more costly. But this all comes down to the payloads carried..... They aren't really carrying a malicious one. Why.... 'cos they don't need one yet????
They do not infect files, boot sectors or whatever............they just spread themselves about?