Computer Worms - definition

Computer worms are malicious, stand alone programs with the ability to self-replicate. Unlike viruses, they do not need host files to spread; they use computer networks, instead. They usually scan the Internet until they find a system with a security exploit and then use it to install a copy of the worm in that system. Only moments after installation, that new worm starts to search for another unprotected and uninfected system. The best known worms that use that particular way to attack include the Sasser and Blaster worm, which exploited Windows RPC vulnerability.

Worms are dangerous, let's not forget about that. They should be avoided at all costs and if you do find one on your system, they should be deleted as soon as they are detected.

Threat range

The size and purpose of worms can differ depending on their targeted actions. Some of them concentrate only on spreading themselves, clogging up the mail servers, but remaining relatively safe for individual machines. Others aren't as harmless and are meant to install additional software - backdoors, illegitimate adware or keyloggers. Some of them are even capable of hijacking computers to use them to send spam messages and to perform distributed denial of service attacks or as a proxy server to mask the activities of a hacker.

Subtypes of Computer Worms

Worms can be divided into several subtypes, depending on the infection method:

*Internet worms - the most typical and well-known worms. They use classic attack methods - they target TCP/IP ports searching for vulnerable machines to infect. After infection, a newly installed worm begins its own scan to find another machine with a similar security exploit.

*Email worms are usually sent as email attachments. They have to be opened by the user to work. After the infection, a worm sends copies of itself using the system's services or its own SMTP engine. An alternative method of infection is clicking on a link in an email that sends you to a web page designed to install a worm. For some time it was the most poplar form of worm, but since the number of email clients that opened attachments automatically has dwindled in the last few years, email worms are less and less common.

*instant messenger worm - they use IM clients to send links to pages prepared to install worm into your system. In all other aspects they are similar to email worms.

*P2P worms - they use file-sharing networks to spread. A person who downloads such program (usually under a false name) gets a worm, instead. If run, the worm puts its own copy into a shared folder under a convincing/popular name in order to trick other P2P users to download it.

*IRC worms - perhaps the least popular type of worms. IRC worms spread using IRC file transfer protocol, and thus they require that the user accepts a file and then manually runs it. Some of these worms used to exploit bugs in popular IRC clients like mIRC to send out a copy without user's permission.

Preventing worm infections

Because the most common method of attack is using security vulnerabilities, the best method of preventing infections is to keep your system up to date and free of any vulnerabilities. You should also use a firewall such as ZoneAlarm Pro and some antivirus software such as Kaspersky Antivirus or McAfee. A firewall prohibits worms from finding and infecting your system while the antivirus program detects and eliminates those threats that enter the system.

All content copyright 2006-2017, Bonobo Pty Limited. All Rights Reserved.
Privacy Policy | Terms Of Service