Header Ads

Header ADS

COMPUTER WORM

January 13, 2019 1

what is computer worm?

A computer worm is a type of malicious software program whose primary function is to infect other computers while remaining active on infected systems.
A computer worm is self-replicating malware that duplicates itself to spread to uninfected computers. Worms often use parts of an operating system that are automatic and invisible to the user. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks.
A computer worm is not to be confused with WORM (write once, read many).




A computer worm is a type of malware which is intended for infecting vulnerable computers in a network. Computer worms tend to quickly replicate themselves and wiggle their way into poorly protected computers.
Even today worms exist, the worm component of the dreaded Wanna Cry ransomware made it possible to wreak havoc on thousands of vulnerable computers across the globe. It exploited a vulnerability in the Windows Server Message Block (SMB) file-sharing protocol to spread within local networks.

A computer worm is a type of malware that spreads copies of itself from computer to computer. A worm can replicate itself without any human interaction, and it does not need to attach itself to a software program in order to cause damage.

How do computer worms work? 

Worms can be transmitted via software vulnerabilities. Or computer worms could arrive as attachments in spam emails or instant messages (IMs). Once opened, these files could provide a link to a malicious website or automatically download the computer worm. Once it’s installed, the worm silently goes to work and infects the machine without the user’s knowledge.
Worms can modify and delete files, and they can even inject additional malicious software onto a computer. Sometimes a computer worm’s purpose is only to make copies of itself over and over — depleting system resources, such as hard drive space or bandwidth, by overloading a shared network. In addition to wreaking havoc on a computer’s resources, worms can also steal data, install a backdoor, and allow a hacker to gain control over a computer and its system settings.



The initial element of a worm is malcode which acts as a penetration tool that locates vulnerabilities on a PC so it can exploit them. Once it locates the vulnerability the malcode transfers the worm through the vulnerability. This is where the installer takes command by transmitting the malcode to your PC.

Once the malcode has infected the PC, the worm will use a tool that is designed to discover other computers that are connected to the network. From there it scans the other computers on the network to locate vulnerabilities and then uses the penetration tool to access those computers. This is known as a payload and is malware that is capable of operating remote access applications, keylogging, spying, as well as any other types of malicious behaviors.


The payload can also disguise itself in the form of an email attachment. It will trick the user into opening it by making the user believe it has come from a trusted source. This is accomplished by sending the email from a known person's address without the knowledge of that user. The payload uses the email account and address book to copy itself and then spread to other email recipients.


Stuxnet: the most famous computer worm

In July 2010, the first computer worm used as a cyber weapon was discovered by two security researchers after a long string of incidents in Iran. Dubbed “Stuxnet,” this worm appeared to be much more complex than the worms researchers were used to seeing. This attracted the interest of high-profile security specialists around the world, including Liam O’Murchu and Eric Chien of the Security Technology and Response (STAR) team at Symantec. Their extensive research led them to conclude that the worm was being used to attack an Iranian power plant, with the ultimate goal of sabotaging nuclear weapon production. Although the attack ultimately failed, this computer worm is still active on the threat landscape today.

How to tell if your computer has a worm

If you suspect your devices are infected with a computer worm, run a virus scan immediately. Even if the scan comes up negative, continue to be proactive by following these steps.
  1. Keep an eye on your hard drive space. When worms repeatedly replicate themselves, they start to use up the free space on your computer.
  2. Monitor speed and performance. Has your computer seemed a little sluggish lately? Are some of your programs crashing or not running properly? That could be a red flag that a worm is eating up your processing power.
  3. Be on the lookout for missing or new files. One function of a computer worm is to delete and replace files on a computer.

How computer worms spread

A computer worm infection spreads without user interaction. All that is necessary is for the computer worm to become active on an infected system. Before widespread use of networks, computer worms were spread through infected storage media, such as floppy diskettes, which, when mounted on a system, would infect other storage devices connected to the victim system. USB drives are still a common vector for computer worms.


Computer worms often rely on the actions of, and vulnerabilities in, networking protocols to propagate. For example, the WannaCry ransomware worm exploited a vulnerability in the first version of the Server Message Block (SMBv1) resource sharing protocol implemented in the Windows operating system. Once active on a newly infected computer, the WannaCry malware initiates a network search for new potential victims: systems that respond to SMBv1 requests made by the worm. The worm is able to continue to propagate within an organization in this way. When a bring your own device is infected, the worm can spread to other networks.

How do they spread to other computers?

 
Computer worms usually propagate to other computers without any user interaction, i.e., in the background. It is common for computer worms to get noticed only when their uncontrolled replication eats up a lot of system resources, slowing or delaying other tasks in a computer.
Computer worms often exploit vulnerabilities in the system or in the networking protocols to infect a computer. After infecting a computer, worms take advantage of file-transport or information-transport features on the infected computer, allowing it to spread unaided.

 

How to help protect against computer worms 

Computer worms are just one example of malicious software. To help protect your computer from worms and other online threats, take these steps.
  1. Since software vulnerabilities are major infection vectors for computer worms, be sure your computer’s operating system and applications are up to date with the latest versions. Install these updates as soon as they’re available because updates often include patches for security flaws.
  2. Phishing is another popular way for hackers to spread worms (and other types of malware). Always be extra cautious when opening unsolicited emails, especially those from unknown senders that contain attachments or dubious links. 
  3. Be sure to invest in a strong internet security software solution that can help block these threats. A good product should have anti-phishing technology as well as defenses against viruses, spyware, ransomware, and other online threats.

Types of computer worms

Pure computer worms propagate themselves from infected systems to uninfected systems. This does not minimize the potential for damage from such computer worms.

An infected system may become unavailable or unreliable due to the computing overhead associated with propagation of the worm, while computer worms are also known to disrupt networking through saturation of network links with malicious traffic associated with worm propagation.
More commonly, a computer worm is either a virus or worm hybrid -- a piece of malware that spreads like a worm, but that also modifies program code like a virus -- or else carries some sort of malicious payload, such as a virus, ransomware or some other type of malware.
A bot worm may be used to infect computers and turn them into zombies or bots, with the intent of using them in coordinated attacks through botnets. Instant messaging, or IM worms propagate through instant messaging services and exploit access to contact lists on victim computers.
Email worms are usually spread as malicious executable files attached to what appear to be ordinary email messages. The email worm spreads by forcing an infected system to resend the worm to email addresses in user contact lists; the worm infects new systems when email recipients open the file. Successful email worms usually incorporate social engineering methods to prompt users to open the attached file.

An ethical worm is a computer worm designed to propagate across networks with the express purpose of delivering patches for known security vulnerabilities. While ethical worms have been described and discussed in academia, actual examples in the wild have not been found, most likely because the potential for unexpected harm done to systems that react unexpectedly to such software outweighs the potential for removing vulnerabilities. In any case, unleashing any piece of software that makes changes to a system without the permission of the system owner opens the publisher to various criminal and civil charges.

Differences between worms and viruses

As defined in the "Security of the Internet" report, released in 1996 by the CERT Division of the Software Engineering Institute at Carnegie Mellon University, computer worms "are self-replicating programs that spread with no human intervention after they are started." In contrast, "[v]iruses are also self-replicating programs, but usually require some action on the part of the user to spread inadvertently to other programs or systems."


After a computer worm loads and begins running on a newly infected system, it will typically follow its prime directive: to remain active on an infected system for as long as possible, and to spread to as many other vulnerable systems as possible.


Worms are different from viruses. Worms can exist as standalone software, but a computer virus needs a host file before it can spread inside a computer. Worms do not need host files or programs to propagate. Unlike a virus which alters the files on the infected computer, a computer worm do not alter any of the files but reside in the active memory of the infected computer and replicate itself.

Prevention, detection and removal of computer worms

Users should practice good cybersecurity hygiene to protect themselves against being infected with computer worms. Measures that will help prevent computer worm infections include:
  • Keeping up to date with operating systems and all other software patches and updates will help reduce the risk due to newly discovered vulnerabilities.
  • Using firewalls will help reduce access to systems by malicious software, while using antivirus software will help in preventing malicious software from running.
  • Being careful with links in email or other messaging applications, which may expose systems to malicious software. Likewise, attachments to messages from unknown senders are also often used as vectors for distributing malicious software.
Although some worms are designed to do nothing more than propagate themselves to new victim systems, most worms are associated with viruses, rootkits or other malicious software.
The first step to remove a computer worm is to detect the presence of the worm, which can be difficult. Some factors that may indicate the presence of a worm include:
  • Computer performance issues, including degraded system performance, system freezing or crashing unexpectedly.
  • Unusual system behavior, including programs that execute or terminate without user interaction; unusual sounds, images or messages; the sudden appearance of unfamiliar files or icons, or the unexpected disappearance of files or icons; warning messages from the operating system or antivirus software; and email messages sent to contacts without user action.
Removing a computer worm can be difficult. In extreme cases, the system may need to be formatted, and all the software reinstalled. If it is possible to identify the computer worm infecting the system, there may be specific instructions or tools available to remove the infection. However, the system should be disconnected from the internet or any network, wired or wireless, before attempting to remove the computer worm; removable storage devices should also be removed and scanned separately for infections.

How to avoid Computer Worms?

 
To prevent worms from entering your computer, exercise good cybersecurity practices. Here are some of the measures that will help you avert computer worms:
  • Avoid downloading files from unknown sources and dubious websites.
  • Do not open emails from suspicious email addresses.
  • If you were to copy new files to your computer, make sure to scan it with good Antivirus software.
  • Always make sure to keep the antivirus software and the Operating System (OS) update-to-date.
  • Turn on the firewall on your computer to block harmful websites.

Symptoms of a Computer Worm Infection

  1. Slow computer performance
  2. Frequent freezing/crashing of applications
  3. Unsolicited opening and execution of applications
  4. Sluggish web browser performance
  5. Firewall Warnings
  6. Appearance of unknown/unintended desktop files or icons
  7. Operating system errors and system error messages
  8. Emails sent to contacts without the users knowledge

History of computer worms

Although the Morris worm, released in 1988, is widely considered the first computer worm, it actually is better characterized as the first worm to propagate widely in the wild, and on the then nascent internet.

The Morris worm was the work of Robert Tappan Morris Jr., a Cornell graduate student who was reportedly attempting to enumerate all the systems connected to the internet precursor network, ARPANET. Targeted at vulnerabilities in several different Unix programs, the Morris worm was capable of infecting a system more than once, making it difficult to eradicate completely before it produced a denial-of-service condition on the infected host. As many as 10% of the 60,000 systems then believed to be connected to ARPANET were affected by the worm.
One of the most damaging computer worms ever was the ILOVEYOU virus, malware that was propagated through several vectors, including email attachments that appeared to be text files, scripts run in IM chat sessions, and copies of the virus in executables renamed with the names of common system files.

ILOVEYOU primarily spread when targeted victims opened an email attachment, and the malware resent itself to all of the victim's contacts in Microsoft Outlook. Though, technically, this aspect of the worm required user interaction, the overall effect was that the virus spread during normal operation of desktop computers, and without the initial awareness of the victims. The malware reportedly affected as many as 45 million users on May 4, 2000, spreading so rapidly that some enterprises, including Ford Motor Company, were forced to shut down their email services.


THANKS FOR

READING 

Tags:

1 comment:

  1. IGS Cleaner9 November 2020 at 21:40

    Very interesting and informative post on computer worm. Find another post similar to this post: How computer worms spread?

    ReplyDelete

Subscribe to: Post Comments ( Atom )
Powered by Blogger.