What is a computer worm?
A computer worm is a type of malware whose primary function is to self-replicate and infect other computers while active on an infected system.
A computer worm duplicates itself to spread to uninfected computers. It often does this by exploiting parts of the operating system that are automated and invisible to the user.
Typically, a user notices a worm only when its uncontrolled replication consumes system resources and slows or stops other operations. Computer worm is not to be confused with WORM, or Write Once, Read Many.
How do computer worms work?
Computer worms often rely on vulnerabilities in networking protocols, such as the File Transfer Protocol, to propagate.
After a computer worm is loaded and running on a newly infected system, it will typically follow its main instruction: to remain active on an infected system for as long as possible and spread to as many other vulnerable systems as possible.
For example, the WannaCry ransomware worm exploited a vulnerability in the first version of the Windows Server Message Block (SMBv1) resource sharing protocol.
Once activated on a newly infected computer, the WannaCry malware initiates a network search for new potential victims: systems that respond to SMBv1 requests made by the worm. The worm then continues to spread through these clients within a network.
Malicious attackers can disguise a worm as a non-dangerous resource—such as a work file or link that the user clicks on or downloads—which is then revealed as a worm. Worms may contain malicious attachments or payloads, which can delete files or allow bad actors to remotely control users’ computers.
What is the difference between Worm and Virus?
As defined in the “Security of the Internet” report released in 1996 by the CERT Division of the Software Engineering Institute at Carnegie Mellon University, computer worms are “self-replicating programs that spread without human intervention once they are started.”
In contrast, the report states that computer viruses are also “self-replicating programs, but usually require some action on the part of the user to inadvertently spread to other programs or systems.”
What types of computer worms exist?
There are several types of malicious computer worms:
Email Bugs
Email worms work by creating and sending outbound messages to all addresses in a user’s contact list. The messages include a malicious executable file that, when opened by the recipient, infects the new system.
Successful email worms typically use social engineering and phishing techniques to encourage users to open the attached file.
file-sharing bugs
File-sharing worms copy themselves to shared folders and spread through peer-to-peer file-sharing networks. Worm writers often disguise these malicious programs as media files.
Stuxnet, one of the most notorious computer worms to date, consists of two components: a worm designed to spread malware via USB devices infected with the hosts file, and malware that targets supervisory control and data acquisition systems. .
File-sharing insects often target industrial environments, including power utilities, water supply services and sewage plants.
cryptoworm
Cryptoworms work by encrypting data on the victim’s system. Criminals can use this type of worm in ransomware attacks, where they follow up with the victim and demand payment in exchange for a key to decrypt the files.
internet worms
Some computer worms specifically target popular websites with poor security. If they can infect the site, they can infect the computer accessing the site.
From there, Internet worms spread to other devices that the infected computer connects to via the Internet and private network connections.
instant messaging worms
Like email worms, instant messaging worms are masked by attachments or links, which the worm continues to spread to the infected user’s contact list. The only difference is that it arrives in the form of an instant message on the chat service, rather than arriving in an email.
If the worm does not have time to replicate itself on the computer, the user can change their password on the chat service account to prevent its spread.
How do computer worms spread?
While some computer worms initially require a user action, such as clicking a link, to propagate, others can easily spread without user interaction. That’s all it takes for the computer worm to be active on the infected system. Once activated, the worm can spread over a network through its Internet or local area network.
Before widespread use of the network, computer worms spread via infected storage media such as floppy disks, which when mounted on the system infected other storage devices connected to the victim system.
Today, USB drives are a common vector for computer worms, as are Internet activities such as email, chat, and web surfing.
computer worm example
Bugs have existed since the beginning of the Internet. Several notable cases have gone so far as to cause major network and business disruptions.
morris worm
The Morris worm was released in 1988 and is widely considered to be the first computer worm. However, it is better known as the first worm to be widely publicized on the Internet at the time.
The Morris Worm was the work of Robert Tappan Morris Jr., a Cornell graduate student who was reportedly attempting to enumerate all systems connected to the Internet precursor network, the ARPANET.
Targeting vulnerabilities in many different Unix programs, the Morris worm was able to infect a system more than once, making it difficult to eradicate before causing a denial of service on the infected host. Of the 60,000 worm systems, 10% are believed to be connected to the ARPANET.
ILOVEYOU worm
The ILOVEYOU worm was the most harmful computer worm ever. It was launched in 2000 and propagated malware via email attachments, which were text files, scripts run in instant messaging chat sessions, and renamed executables as normal system files.
ILOVEYOU primarily spread when targeted victims opened an email attachment, and the malware itself rerouted all of the victims’ contacts to Microsoft Outlook.
After its release on May 4, 2000, the malware reportedly affected 45 million users, spreading so rapidly that some enterprises, including Ford Motor Company, were forced to temporarily shut down their email services. This bug caused billions of dollars in damage.
Stuxnet
Stuxnet, which was first identified in 2010, spreads through file-sharing services. Security researchers determined that US and Israeli intelligence agencies created the worm to interfere with Iranian nuclear weapons production.
Stuxnet was introduced via USB drives and spread to exploit flaws in the Windows operating system, eventually causing nuclear centrifuges to malfunction.
want to cry
WannaCry ransomware uses a worm to infect Windows computers and encrypt files on the PC hard drive. It began spreading in May 2017 and affected hundreds of thousands of computers in 150 countries around the world. Targets included large corporations such as FedEx, banks and hospitals. Once the worm locked files on a PC, the hackers contacted the owner to demand payment for a key to decrypt the files. However, even after payment, only a few victims were given keys.
Security researchers linked the hack to the Lazarus Group, a nation-state group affiliated with North Korea. While WannaCry caused a significant financial loss for the targeted victims, its spread was halted after security researcher Marcus Hutchins discovered a kill switch that prevented it from spreading further.
How to prevent computer worm infection
Good cyber security hygiene is essential to protect the system from computer worms. The following measures can help prevent the risk of computer worm infection:
- Install operating system updates and software patches.
- Use a firewall to protect the system from malicious software.
- Use antivirus software to prevent malicious software from running.
- Never click on attachments or links in email or other messaging applications that could expose the system to malicious software.
- Use encryption to protect sensitive data stored on computers, servers and mobile devices.
Although some worms do nothing more than propagate to new victim systems, most worms are associated with computer viruses, rootkits or other malicious software that can cause additional damage and risk.
how to detect computer worm
Business leaders may struggle to detect the presence of a security phenomenon such as a worm. Signs that indicate a worm may be present include the following symptoms:
- issues with computer performance over time, or limited computing bandwidth with no apparent explanation;
- the system is freezing or crashing unexpectedly;
- Abnormal system behavior, including programs that execute or terminate without user interaction;
- unusual sounds, pictures or messages;
- the sudden appearance of unfamiliar files or symbols, or the unexpected disappearance of files or symbols;
- warning messages from the operating system or antivirus software; And
- Email messages sent to contacts that the user did not send.
how to remove computer worm
Computer worms can be difficult to remove. In extreme cases, the system may need to be reformatted, which requires the user to reinstall all software.
When initiating an incident response, security teams must use a known secure computer to download any required updates or programs to an external storage device and install them on the affected machine.
If it is possible to identify a computer worm infecting the system, there may be specific instructions or tools available to remove it without completely erasing the system.
Disconnect the system from the Internet or any wired or wireless network before attempting to remove the computer worm. Also, remove non-permanent storage devices, such as USB or external hard drives, and scan them separately for infection.
After the system is disconnected, do the following:
- Update all antivirus signatures.
- Scan the computer with up-to-date antivirus software.
- Use antivirus software to remove any malware, malicious code and worms it finds and clean infected files.
- Confirm that the operating system and all applications are up to date and patched.
Organizations must protect their computer systems from worms as these programs can damage the system and compromise sensitive information. Security teams may regularly update antivirus software, use firewalls, and encrypt sensitive information to reduce their organizations’ worm infection risk. In addition, business leaders can train employees on security best practices to build a human firewall.
