Computer Worm
What are Computer Worms?
Hornetsecurity explains how Computer Worms work.
A computer worm is a malicious program that reproduces itself as it spreads to as many computers as possible over networks. This makes the computer worm particularly dangerous for companies. But what exactly does a computer worm do, how is it recognized and how can the problem be resolved?
Table of contents:
What is a Computer Worm?
The term “computer worm” was first used in 1975 in the novel “The Shockwave Rider” by John Brunner. In this novel, the protagonist of the story creates a worm that collects data. In the early days of computer science, worms were designed to exploit a system’s vulnerabilities. Instead of seriously damaging the infected computers, they just kept multiplying in the background. Today, however, the purpose of computer worms has changed. Today, attackers often use them to gain full access to their victims’ computers.
Computers connected to a network are susceptible to various forms of malware, including computer worms. A computer worm is malware that reproduces itself and spreads over network connections. The computer worm does not usually infect computer files, but rather infects another computer on the network. This is done by the worm replicating itself. The worm passes this ability on to its replica, which allows it to infect other systems in the same way. The difference between computer worms and viruses can also be found here. Computer worms are stand-alone programs that replicate themselves and run in the background, while viruses require a host file to infect.
How does a Computer Worm work?
In order to spread, computer worms use vulnerabilities in networks. The worm is looking for a back door to penetrate the network unnoticed. To get computer worms into circulation for the first time, hackers often send phishing e-mails or instant messages with malicious attachments. Cyber criminals try to camouflage the worm so that the recipient is willing to run the program. For this purpose, for example, double file extensions are used and / or a data name that looks harmless or urgent, such as “invoice”. When the user opens the attachment or link, they will immediately download the malware (computer worm) into the system or be directed to a dangerous website. In this way, the worm finds its way into the user’s system without them noticing. Once executed, the worm seeks a way to replicate and penetrate other systems. One way of doing this, for example, is for the worm to send an email to all contacts on the infected computer, which contains replicas of the worm.
Many worms now have what is known as a payload. Payload is translated as the “payload” and in this case an attachment that the worm brings with it. The worm can, for example, carry ransomware, viruses or other malware, which then cause damage to the infected systems. These can then, for example, delete files on the PC or encrypt files in the event of a blackmail attack. A computer worm can also install a back door that can later be exploited by other malware programs. This vulnerability gives the worm’s author control over the infected computer.
In the meantime, mixed forms of different malware are often used in malware campaigns. For example with the WannaCry ransomware or Petya / Not-Petya ransomware. These have a worm component so that the malware can replicate and spread through back doors in other systems in the network.
Since the worm or its programmer can use the computing power of the infected system, they are often integrated into a botnet. These are then used by cyber criminals, for example for DDoS attacks or cyptominig .
What types of Computer Worms are there?
Computer worms can be divided mainly according to the type of spread:
Internet Worms
These are completely independent programs. You use an infected machine to search the internet for other vulnerable machines. If a vulnerable computer is found, the worm infects it.
Email Worms
This computer worm is most commonly spread via email attachments. It usually has double file extensions (e.g. .mp4.exe or .avi.exe) so that the recipient could think that they are media files and not malicious computer programs.
File Sharing Worms
Despite the illegality, file sharing and peer-to-peer file transfers are still used by millions of people worldwide. In doing so, they unknowingly expose their computers to the threat of file-sharing worms. Like email and instant messaging worms, these programs are often disguised as double-ended media files.
Instant Messaging Worms
They are similar to email worms, the only difference being in the way they spread. They are disguised as attachments or clickable links to websites. Often times, short messages like “LOL” or “This is your must-see!” accompanied to trick the victim into thinking that a friend sent a funny video to watch.
Known Computer Worms
Morris Worm
This computer worm was launched in 1988 by Robert Morris. He released some code without knowing that it was riddled with bugs that would cause a variety of problems for the affected hosts. The Morris worm resulted in thousands of overloaded computers running on UNIX, costing between $ 10 million and $ 100 million in financial damage.
Storm Worm
The Storm Worm is an email worm from 2007. The victims received emails with a false news story. This reported an unprecedented storm wave that should have killed hundreds of people across Europe. More than 1.2 billion emails infected with the Storm worm have been sent over the course of 10 years. Experts believe that there are still at least one million infected computers whose owners do not know they are infected.
SQL Worm
This computer worm was unique in its method of spreading. It generated a series of random IP addresses and mailed itself to them in the hope that they weren’t protected by antivirus software. Shortly after the SQL worm spread in 2003, more than 75,000 infected computers were unwittingly involved in DDoS attacks on several large websites.
What is the difference between a Computer Worm and a Virus?
A computer worm fits the description of a computer virus in many ways. Like a normal virus, a computer worm can replicate itself and spread over networks. For this reason, worms are often referred to as viruses, but they differ from one another in some ways.
Unlike viruses, which require host files before they can infect the computer, worms exist as separate entities or standalone software. They can replicate and spread on their own once they break the system. You don’t need activation or human intervention to run and distribute your code. In comparison, viruses often hide in shared or downloaded files. When the host file is downloaded from a computer, the virus remains inactive until the infected file is activated. Only then can the virus execute malicious code and replicate itself to infect other files on the computer.
A computer worm, on the other hand, does not require activation of the host file. As soon as a computer worm enters the system, it makes multiple copies of itself, which then spread over the network or over an Internet connection. These copies infect all inadequately protected computers and servers that connect to the originally infected device over the network. Because each subsequent copy of a worm repeats this process of self-replication, execution and spreading, computer worms can spread over networks very easily and quickly.
How do you recognize a Computer Worm?
Users should be familiar with the signs of a computer worm so that they can quickly identify an infestation and remove the computer worm. Here are the most typical symptoms of a computer worm:
- Unusual computer behavior (messages, sounds, pictures)
- Programs that open and run automatically
- Slow computing performance
- System freezes and crashes
- Operating system errors and system error messages
- Emails sent to contacts without the user’s knowledge
- Missing or changed files
- Firewall warnings
- Unusual behavior of the web browser
- Strange and unintended desktop files and icons appear
While other forms of malware cause these problems as well, the presence of more than one of these signs or repeated occurrences of these symptoms suggests a computer worm.
How can I remove a Computer Worm?
The following steps should be used to completely remove a computer worm:
1. First of all, high-quality anti-virus software should be installed. When choosing software, reputable manufacturers should be used, as malware often comes with fake antivirus programs.
2.Disable System Restore to prevent Windows from creating backups that are infected with the computer worm.
3.Carry out a full scan of the system with the antivirus program.
4.If computer worms are found, the software usually offers to remove them.
5.If the anti-virus program does not automatically remove the worm, it is important to note the name of the worm.
6.If this is the case, a suitable tool for removing the worm in question should be downloaded and executed using a search engine. The antivirus software should also be deactivated. If it is run while the worm is being removed, it could conflict with the removal methods and cause a system failure.
7.After the worm has been removed, the anti-virus program should be switched on again. The same goes for system recovery.
How can you protect yourself from a Computer Worm?
There are several best practices that individuals as well as businesses can follow to protect their computers from a computer worm. The following steps reduce the risk of infection and make it easier to identify and eliminate computer worms:
Safe Behavior
Attachments and links should only be opened if they come from a trustworthy source known to the user. E-mails from unknown senders should not be opened, as many computer worms spread via e-mail. Companies should conduct awareness training courses with their employees so that they are made aware of the dangers and risks on the Internet.
Regular Updates
Operating systems and software should be kept up to date with regular updates. The manufacturer’s updates often contain security patches that protect computers from new worms and fix errors. This is important because a computer worm will benefit from the vulnerabilities.
Antivirus Software
Antivirus software is the first preventive measure to avoid computer worms. It is a program that protects the computer from viruses, worms, Trojans and malware of all kinds. It scans every file on the computer and helps prevent damage. Antivirus programs that are able to scan downloads and already contain tools to remove worms are particularly effective.
Firewall
A firewall is a security tool that is used to monitor incoming and outgoing network traffic based on security rules. The main purpose is to create a barrier between internal and external network in order to protect against cyber attacks.
Protect your email inbox
Computer worms often attack computers via email. For example, they can get onto the computer via a phishing email. Heretofore you can already protect before the malware au f the computer. This works for companies, for example, with Spam and Malware Protection or Advanced Threat Protection from Hornetsecurity.
Visit Our Knowledge Base
Did you like our contribution from the knowledge database on the subject of Computer Worms? Then you get to the overview page of our knowledge database here. There you will learn more about topics such as IT Security, Cryptolocker virus, phishing, brute force attacks, GoBD, cyber kill chain, computer virus and ransomware.