What is a Computer Worm?

A computer worm is a malicious, self replicating software that gets into operating systems via vulnerabilities with the intent of spreading its dangerous code to other computers. Worms work independently and don’t need human action to trigger their behavior. As such, worms are particularly powerful and potentially dangerous as they migrate from one computer to the next on their own.

Computer Virus or Worm, What’s the Difference?

People often confuse the terms Virus and Worm or use them interchangeably but they are two distinct entities. Viruses need a host to attach to, such as an email or back in the old days, a floppy disc in order to deliver their payload, or in other words, to do what their malicious code tells them to. Viruses attack one machine at a time so the scope of the damage they incur moves relatively slow. Worms on the other hand, need no such host. They are designed to move towards networks and a single copy of the code can reproduce itself on to entire networks in a matter of hours. Generally it will open a back door ( “Hey, everybody c’mon, party’s in here”) on each computer and add it to a “botnet”, a group of infected computers all being used for the same malicious activity. This is why worms are considered to be more dangerous than viruses.

A Quick History of Computer Worms

The first worm was created in 1988, created by Robert Morris, ironically, the son of the co-creator of UNIX and chief scientist at the NSA. Just like the earliest viruses, The Morris Worm as it became known, wasn’t intended to cause damage. Morris, a grad student at Cornell at the time was trying to discern the size of the internet but the worm ended up causing a good deal of damage and was far harder to contain that he ever thought it would be. Morris was the first person to be tried and convicted under the Computer Fraud and Abuse Act in 2000.

In 2000 the ILOVEYOU or LUVBUG worm infected millions of PC’s in just a few hours. This is considered to be one of the most damaging worms ever created because of the number of machines reached in such a small span of time. It reached 10% of the internet at the time and caused 5.5 billion dollars in damages.

In 2004 Witty Worm attacked firewalls and other PC security measures. Its spread was intentionally ironic as it exploited security features on networks that were supposed to be more well equipped to handle and defeat threats than the general population. Witty attacked 12000 computers in a matter of 45 minutes.

In 2008 Conficker Worm (also known as Downup and Kido) was discovered and has infected more than 9 million computers in 200 countries since then. It has infected government, residential, and business computers in that time span making it one of the farthest reaching worms in over 10 years.

Perhaps the most famous and damaging worm was Stuxnet which took down ⅕ of the Iranian nuclear facility at Natanz in 2010. Much about Stuxnet and its real intentions are still unknown but many experts speculate that it was collaborative work from a handful of government agencies including those of France, the US and Israel, to do considerable damage to Iran’s nuclear advances. Duqu and Flame are “spin-off’s” of Stuxnet, with Flame being hailed as one of the most advanced pieces of malware ever created. It’s assumed that Flame was created by western countries to spy on hostile nations in the Middle East.

Currently, Duqu or rather Duqu 2.0 is making a comeback. It was reported in early June that hotels in Austria and Switzerland where talks about the Iranian nuclear program were being held had become infected with Duqu’s latest incarnation. Then in an odd twist, Kaspersky Labs, who had helped uncover Duqu 2.0’s presence found that they themselves had fallen victim to the nasty worm. The origins and the reasons behind the attacks are still unknown at the moment though some people are pointing fingers at Israel – that would perhaps seem in line with the hotel attacks but there are no definite answers now.

How do Computer Worms Spread?

Like viruses, worms spread via infected email attachments and links but they can also travel as infected packets which can then penetrate the PC’s memory directly. Often times they enter networks via vulnerabilities or loopholes in operating systems. They can also launch “dictionary attacks” to crack weak passwords and other credentials. Worms are perfectly happy using more than one method to infiltrate a PC so often times they may employ all of the above methods to get what they want, which is to reach as many computers as possible or like in the cases of Stuxnet, Duqu and Flame, do as much damage as possible before being caught to specific networks.

How Can I Keep my Computer Safe from Worms?

Worms have the potential to create tremendous havoc on your computer and really ruin your day (or nuclear program – you knew you should have stopped working on it a while ago…). But there are some key steps to take to ensure you don’t get LUVBUG’ed or worse yet, Duqu’ed.

  • Keep firewalls enabled and current.
  • Make sure your antivirus is updated and set up a malware blocker like RCS that will scan your computer daily for new threats.
  • Just like with viruses, don’t open attachments unless you know with certainty that they are safe.
  • Never click on popups or downloads unless you know they are safe.
  • Make sure your browser is set to ask you before it automatically downloads anything.
  • Keep Windows or whatever OS you have and all software up to date with their patches – Patches are issued when vulnerabilities are found so they are for your own good – do what they tell you to do.

Sources:

http://en.wikipedia.org/wiki/Computer_worm

http://en.wikipedia.org/wiki/Stuxnet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s