Stay updated with the latest cybersecurity news.

What is a computer worm?

By Reason Cybersecurity

on Wed Jun 17 2015

A computer worm is malicious, self-replicating software that gets into operating systems via vulnerabilities with the intent of spreading its dangerous code to other computers. Worms work independently and don’t need human action to trigger their behavior. As such, worms are particularly powerful and potentially dangerous as they migrate from one computer to the next on their own.

Computer virus or worm, what’s the difference?

People often confuse the terms Virus and Worm or use them interchangeably but they are two distinct entities. Viruses need a host to attach to, such as an email or back in the old days, a floppy disc in order to deliver their payload, or in other words, to do what their malicious code tells them to. Viruses attack one machine at a time so the scope of the damage they incur moves relatively slow. Worms, on the other hand, need no such host. They are designed to move towards networks and a single copy of the code can reproduce itself on to entire networks in a matter of hours. Generally, it will open a back door ( “Hey, everybody c’mon, the party’s in here”) on each computer and add it to a “botnet”, a group of infected computers all being used for the same malicious activity. This is why worms are considered to be more dangerous than viruses.

A quick history of computer worms
The first worm was created in 1988, created by Robert Morris, ironically, the son of the co-creator of UNIX and chief scientist at the NSA. Just like the earliest viruses, The Morris Worm as it became known, wasn’t intended to cause damage. Morris, a grad student at Cornell at the time was trying to discern the size of the internet but the worm ended up causing a good deal of damage and was far harder to contain that he ever thought it would be. Morris was the first person to be tried and convicted under the Computer Fraud and Abuse Act in 2000.
In 2000 the ILOVEYOU or LUVBUG worm infected millions of PCs in just a few hours. This is considered to be one of the most damaging worms ever created because of the number of machines reached in such a small span of time. It reached 10% of the internet at the time and caused 5.5 billion dollars in damages.
In 2004 Witty Worm attacked firewalls and other PC security measures. Its spread was intentionally ironic as it exploited security features on networks that were supposed to be better equipped to handle and defeat threats than the general population. Witty attacked 12000 computers in a matter of 45 minutes.
In 2008 Conficker Worm (also known as Downup and Kido) was discovered and has infected more than 9 million computers in 200 countries since then. It has infected government, residential, and business computers in that time span making it one of the farthest-reaching worms in over 10 years.
Perhaps the most famous and damaging worm was Stuxnet which took down ⅕ of the Iranian nuclear facility at Natanz in 2010. Much about Stuxnet and its real intentions are still unknown but many experts speculate that it was collaborative work from a handful of government agencies including those of France, the US, and Israel, to do considerable damage to Iran’s nuclear advances. Duqu and Flame are “spin-offs” of Stuxnet, with Flame being hailed as one of the most advanced pieces of malware ever created. It’s assumed that Flame was created by western countries to spy on hostile nations in the Middle East.
Currently, Duqu or rather Duqu 2.0 is making a comeback. It was reported in early June that hotels in Austria and Switzerland where talks about the Iranian nuclear program were being held had become infected with Duqu’s latest incarnation. Then in an odd twist, Kaspersky Labs, who had helped uncover Duqu 2.0’s presence found that they themselves had fallen victim to the nasty worm. The origins and the reasons behind the attacks are still unknown at the moment though some people are pointing fingers at Israel – that would perhaps seem in line with the hotel attacks but there are no definite answers now.

How does computer worm spread?
Like viruses, worms spread via infected email attachments and links but they can also travel as infected packets which can then penetrate the PC’s memory directly. Often times they enter networks via vulnerabilities or loopholes in operating systems. They can also launch “dictionary attacks” to crack weak passwords and other credentials. Worms are perfectly happy using more than one method to infiltrate a PC so often times they may employ all of the above methods to get what they want, which is to reach as many computers as possible or like in the cases of Stuxnet, Duqu and Flame, do as much damage as possible before being caught to specific networks.

How can I keep my computer safe from worms?

Worms have the potential to create tremendous havoc on your computer and really ruin your day (or nuclear program – you knew you should have stopped working on it a while ago…). But there are some key steps to take to ensure you don’t get LUVBUG’ed or worse yet, Duqu’ed.

  • Keep firewalls enabled and current.
  • Make sure your antivirus is updated and set up a malware blocker that will scan your computer daily for new threats.
  • Just like with viruses, don’t open attachments unless you know with certainty that they are safe.
  • Never click on popups or downloads unless you know they are safe.
  • Make sure your browser is set to ask you before it automatically downloads anything.