What is a computer worm
A computer worm is a software program that is designed to copy itself from one computer to another, without human interaction. Unlike a computer virus, a worm can copy itself automatically.
Worms can replicate in great volume. For example, a worm can send out copies of itself to every contact in your e-mail address book, and then it can send itself to all of the contacts in their e-mail address books.
Some worms spread very quickly. They clog networks and can cause long waits for you (and everyone else) to view Web pages on the Internet.
You might have heard of specific computer worms, including the Sasser worm and the Blaster worm. The most recent worm is called the Conficker worm
Computer Worms are reproducing programs that run independently and travel across network connections. The main difference between viruses and worms is the method in which they reproduce and spread.
A virus is dependent upon a host file or boot sector, and the transfer of files between machines to spread, while a worm can run completely independently and spread itself through network connections.
An example of a worm is the famous internet worm of 1988: Overnight the worm copied itself across the internet, infecting every Sun-3 and VAX system with so many copies of itself that the systems were unusable. Eventually several sites disconnected themselves from the internet to avoid reinfection.
Different types of Computer Worms.
Spreading goes via infected email messages. Any form of attachment or link in an email may contain a link to an infected website. In the first case activation starts when the user clicks on the attachment while in the second case the activation starts when clicking the link in the email.
Known methods to spread are:
– MS Outlook services
– Direct connection to SMTP servers using their own SMTP API
– Windows MAPI functions
This type of worms is known to harvest an infected computer for email addresses from different sources.
– Windows Address Book database [WAB]
– MS Outlook address book
– Files with appropriate extensions will be scanned for email like strings
Be aware that during spreading some worms construct new sender addresses based on possible names combined with common domain names. So, the sender address in the email doesn’t need to be the originator of the email.
Instant Messaging Worms
The spreading used is via instant messaging applications by sending links to infected websites to everyone on the local contact list. The only difference between these and email worms is the way chosen to send the links.
Nasty ones. These ones will scan all available network resources using local operating system services and/or scan the Internet for vulnerable machines. Attempt will be made to connect to these machines and gain full access to them.
Another way is that the worms scan the Internet for machines still open for exploitation i.e. not patched. Data packets or requests will be send which install the worm or a worm downloader. If succeeded the worm will execute and there it goes again!
Chat channels are the main target and the same infection/spreading method is used as above – sending infected files or links to infected websites. Infected file sending is less effective as the recipient needs to confirm receipt, save the file and open it before infection will take place.
File-sharing Networks Worms
Copies itself into a shared folder, most likely located on the local machine. The worm will place a copy of itself in a shared folder under a harmless name. Now the worm is ready for download via the P2P network and spreading of the infected file will continue.