A computer worm is a computer program with the capacity to replicate itself and spread across a network using the e-mail address found on the computer or other mass-mailing techniques. It can also infect other networks via the Internet’s security holes.
The Difference Between a Worm and a Virus
A computer worm can run itself by sending copies of itself to other computer terminals on the network without attaching to an existing program or through any form of user intervention. A computer virus, however, requires a host program to run and its code operates as part of the host program.
Computer worms almost always cause damage to the computer network by consuming its bandwidth (the transmission capacity), while computer viruses almost always corrupt and then alter files on a targeted computer.
Payloads are codes developed not just to spread the worm, but to enable it to send documents via e-mail, delete files on a host system, or encrypt files in a cryptoviral extortion attack.
Many computer worms have been originally designed to spread but not to modify the systems they pass through. However, with the introduction of new worms such as Morris worm and Mydoom, network traffic and other accidental effects can frequently cause major disruption to the system.
A very familiar payload for computer worms is to install a backdoor in the corrupted computer. This facilitates the formation of a zombie under the control of the worm author. Examples of computer worms that cause the creation of zombies are Mydoom and Sobig worms.
These backdoors can be exploited by other malicious software. For example, the malware Doomjuice can spread using the backdoor created by the Mydoom worm.
Famous Examples of the Computer Worm
The following are examples of famous computer worms and their specific descriptions:
1. The Internet worm or Morris worm was the first worm to be disseminated through the Internet and the first to achieve important mainstream media attention.
It was unleashed by accident on the Internet by Robert Tappan Morris in 1988. It was originally created not to cause damage but to estimate the size of the Internet. However, an unintended outcome of the code caused it to be more destructive.
A computer network can be corrupted multiple times with each added process causing the slow down of the machine. Eventually, it will make the computer unusable.
2. The Sobig Worm is a computer worm that first appeared in August 2003. Since then, it has corrupted millions of Microsoft Windows computers connected to the Internet.
As a worm, it can replicate by itself. It also has some features similar to a Trojan virus because it disguises itself as electronic mail.
It has six variants but the most widespread and well-known is its Sobig.F variant.
3. Mydoom is a computer worm affecting Microsoft Windows. It is also known as Novarg, Shimgapi, W32.MyDoom@mm, and Mimail.R.
It was considered the fastest-spreading e-mail worm as of January 2004, beating the record set by the Sobig worm. It was first viewed on January 26, 2004.
Mydoom worms all spread through e-mail containing the text message “Andy; I’m just doing my job, nothing personal, sorry”. It was believed that the creator of the worm was paid to develop it. The actual creator however is unknown.
It shares some features similar to a Trojan virus by attracting a computer user to open an infected e-mail attachment.
4. The Blaster Worm is a computer worm also known as Lovsan or Lovesan. It spreads on computer networks running the Windows 2000 and Windows XP Operating Systems. It was first sighted in August 2003.
This worm contains two messages concealed in strings. The first contains the message “I just want to say Love You San” thus giving the name Lovesan worm. The second message was intended for Bill Gates, the target of the worm. The message states “Billy Gates why do you make this possible? Stop making money and fix your software”
Protection Against Dangerous Computer Worms
Many computer worms such as the Blaster worm can spread by exploiting the vulnerabilities of the computer network. The latter can be best protected by keeping up-to-date installing patches provided by application vendors and Operating Systems.
The user can protect his computer against worms that spread similar to a Trojan virus by not opening attachments in the email sent by unknown senders. These corrupted attachments are not restricted to .exe files because Microsoft Excel and Word files can also contain macros that can spread infection.
Installing anti-spyware and anti-virus software is also very helpful. However, it must be kept up-to-date with the latest pattern files to ensure optimum effect.