This is an old revision of this page, as edited by Clharker (talk | contribs) at 01:02, 27 June 2006. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
Revision as of 01:02, 27 June 2006 by Clharker (talk | contribs)(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)A computer worm is a self-replicating computer program, similar to a computer virus. A virus attaches itself to, and becomes part of, another executable program; however, a worm is self-contained and does not need to be part of another program to propagate itself. They are often designed to exploit the file transmission capabilities found on many computers. The main difference between a computer virus and a worm is that a virus cannot propagate by itself whereas worms can. A worm uses a network to send copies of itself to other systems and it does so without any intervention. In general, worms harm the network and consume bandwidth, whereas viruses infect or corrupt files on a targeted computer. Viruses generally do not affect network performance, as their malicious activities are mostly confined within the target computer itself.
The name 'worm' was taken from The Shockwave Rider, a science fiction novel published in 1975 by John Brunner. Researchers writing an early paper on experiments in distributed computing noted the similarities between their software and the program described by Brunner and adopted the name.
The first implementation of a worm was by two researchers at Xerox PARC in 1978. The authors, John Shoch and Jon Hupp, originally designed the worm to find idle processors on the network and assign them tasks, sharing the processing and so improving the whole network efficiency.
Although technically a trojan, the Christmas Tree Worm was the first worm on a worldwide network, spreading across both IBM's own international network and BITNET in December 1987 - and bringing both to their knees.
The first worm on the Internet, and the first to attract wide attention, the Morris worm, was written by Robert Tappan Morris, who at the time was a graduate student at Cornell University. It was released on November 2, 1988, and quickly infected a great number of computers on the Internet at the time, and causing massive disruption. It propagated through a number of bugs in BSD Unix and its derivatives. Morris himself was convicted under the US Computer Crime and Abuse Act and received three years probation, 400 hours community service and a fine in excess of $10,000.
In addition to replication, a worm may be designed to do any number of things, such as delete files on a host system, encrypt files in a cryptoviral extortion attack, or send documents via e-mail. More recent worms may be multi-headed and carry other executables as a payload. However, even in the absence of such a payload, a worm can wreak havoc just with the network traffic generated by its reproduction. Mydoom, for example, caused a noticeable worldwide Internet slowdown at the peak of its spread.
A common payload is for a worm to install a backdoor in the infected computer, as was done by Sobig and Mydoom. These zombie computers are used by spam senders for sending junk email or to cloak their website's address. Spammers are thought to fund the creation of such worms , and worm writers have been caught selling lists of IP addresses of infected machines. Others try to blackmail companies with threatened DoS attacks. The backdoors can also be exploited by other worms, such as Doomjuice, which spreads using the backdoor opened by Mydoom.
Whether worms can be useful is a common theoretical question in computer science and artificial intelligence. The Nachi family of worms, for example, tried to download then install patches from Microsoft's website to fix various vulnerabilities in the host system — the same vulnerabilities that they exploited. This eventually made the systems affected more secure, but generated considerable network traffic (often more than the worms they were protecting against), rebooted the machine in the course of patching it, and, maybe most importantly, did its work without the explicit consent of the computer's owner or user. As such, most security experts deprecate worms, whatever their payload.
Viruses - Worms
A worm is a type of computer virus that changes itself through files and computers by email and other internet traffic. Worms are among the most common and dangerous viruses. Worm usually spread by going into your email address book and sending itself to all of your contacts.
One of the most common and dangerous well known worms is “The Love Bug” which struck in the year 2000 and is still around today. The Love Bug worm was a virus that would come in an email with the subject line “I love you”, in this email there would be an attachment that was labeled “Love Letter” as soon as the attachment was opened the virus would spread through your entire computer and go directly to your address book and start to send itself to your contacts. There were three main reasons for The Love Bug; the first was to destroy all the files in your computer. The second was to spread quickly and as far as possible. And the third was to steal passwords and personal information. When people started to catch on to the email, there were more sent out with different subject lines such as “Mother’s Day”.
The Love Bug is still one of the most well know computer viruses because it affected so many businesses and individuals, such as companies like AT&T, Ford Motor, Capitol Hill and even the British Parliament Building. The over all damage ended up totaling over $8.7 Billion. Some other well known Worms are the Slammer and Blaster which had a big impact in 2003.
clharker
Reference: Management Information Systems for the Information Age, 3 Edition. Haag, Cummings, McCubbrey, Pinsonneault and Donovan.
Mitigation techniques
- TCP Wrapper/libwrap enabled network service daemons
- ACLs in routers and switches
- Packet-filters
See also
External links
- The Wildlist - List of viruses and worms 'in the wild' (i.e. regularly encountered by anti-virus companies)
- Worm parasites - Listed worm descriptions and removal tools.
- Jose Nazario discusses worms - Worms overview by a famous security researcher.
- Computer worm suspect in court
- Vernalex.com's Malware Removal Guide - Guide for understanding, removing and preventing worm infections
- John Shoch, Jon Hupp "The "Worm" Programs - Early Experience with a Distributed Computation"
- RFC 1135 The Helminthiasis of the Internet
- Surfing Safe - A site providing tips/advice on preventing and removing viruses.
- The Case for Using Layered Defenses to Stop Worms David Albanese, Michael Wiacek, Christopher Salter, Jeffrey Six 2004