What is a Computer Worm?

A computer worm is a small program that can copy itself from one machine to another. It’s similar to a computer virus, but a worm uses various ways of making copies of itself and spreading across a network or the internet while a virus requires that an infected file is manually shared between computers.

If you become infected, the worm will sometimes use the email addresses stored in your address book to send out messages to your friends and family. When they open the message, they can become infected, and so on, and so on.

How Do You Get Infected by a Computer Worm?
Your computer can become infected if you view an infected email. This has especially been true in the past if you used Microsoft Outlook or Outlook Express. They allowed code in emails to be run automatically without the user’s knowledge. While many of these holes have been patched, we’d still recommend using some other email program if possible.

What Can a Worm Do to My Computer?
Most worms are destructive and can delete files from your computer or erase your hard drive. Other worms install malicious software like keyloggers or backdoor programs that can turn your computer into a remote-controlled “zombie.”

A famous worm was the LoveBug worm, released in May 2000. It flooded the internet with emails with a title of “ILOVEYOU.” The mail message read “Kindly check the attached love letter coming from me.”

Who can resist a message of love?

Apparently not many people as the worm spread around the world infecting millions of computers and causing billions of dollars in damage and lost productivity.

How Can I Protect Myself from Worms?

We recommend that you keep your operating system updated automatically (instructions for Windows computers).

There are many anti-virus products on the market that will scan for worms and remove them and protect you from becoming infected from new worms. We’ve tested many of the programs out there and we strongly recommend using ZoneAlarm Security Suite.

Long Description (from Wikipedia)
A computer worm is a self-replicating computer program, similar to a computer virus. A virus attaches itself to, and becomes part of, another executable program; however, a worm is self-contained and does not need to be part of another program to propagate itself.
They are often designed to exploit the file transmission capabilities found on many computers.

The name ‘worm’ was taken from The Shockwave Rider, a 1970s science fiction novel by John Brunner. Researchers writing an early paper on experiments in distributed computing noted the similarities between their software and the program described by Brunner and adopted the name.

The first implementation of a worm was by two researchers at Xerox PARC in 1978. The authors, John Shoch and Jon Hupp, originally designed the worm to find idle processors on the network and assign them tasks, sharing the processing and so improving the whole network efficiency.

The first worm to attract wide attention, the Morris worm, was written by Robert Tappan Morris, who at the time was a graduate student at Cornell University. It was released on November 2, 1988, and quickly infected a great number of computers on the Internet at the time. It propagated through a number of bugs in BSD Unix and its derivatives. Morris himself was convicted under the US Computer Crime and Abuse Act and received three years probation, community service and a fine in excess of $10,000.

In addition to replication, a worm may be designed to do any number of things, such as delete files on a host system or send documents via email. More recent worms may be multi-headed and carry other executables as a payload. However, even in the absence of such a payload, a worm can wreak havoc just with the network traffic generated by its reproduction. Mydoom, for example, caused a noticeable worldwide Internet slowdown at the peak of its spread.

A common payload is for a worm to install a backdoor in the infected computer, as was done by Sobig and Mydoom. These zombie computers are used by spam senders for sending junk email or to cloak their website’s address. Spammers are thought to pay for the creation of such worms , and worm writers have been caught selling lists of IP addresses of infected machines. Others try to blackmail companies with threatened DoS attacks. The backdoors can also be exploited by other worms, such as Doomjuice, which spreads using the backdoor opened by Mydoom.

Whether worms can be useful is a common theoretical question in computer science and artificial intelligence. The Nachi family of worms, for example, tried to download then install patches from Microsoft’s website to fix various vulnerabilities in the host system — the same vulnerabilities that they exploited. This eventually made the systems affected more secure, but generated considerable network traffic (often more than the worms they were protecting against), rebooted the machine in the course of patching it, and, maybe most importantly, did its work without the explicit consent of the computer’s owner or user. As such, most security experts deprecate worms, whatever their payload.

Author: Richard Patterson

Share This Post On

Submit a Comment