A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computer terminals on the network) and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause harm to the network, if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer. A computer program is a collection of instructions that describe a task, or set of tasks, to be carried out by a computer. ... A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. ...

Naming and history

The name worm comes from The Shockwave Rider, a science fiction novel published in 1975 by John Brunner^{[citation needed]}. The Shockwave Rider is a science fiction novel by John Brunner, originally published in 1975, notable for its heros use of computer cracking skills to escape pursuit in a dystopian future, and for the coining of the word worm to describe a program that propagates itself through a computer... Science fiction is a form of speculative fiction principally dealing with the impact of imagined science and technology, or both, upon society and persons as individuals. ...

Payloads

Many worms have been created which are only designed to spread, and don't attempt to alter the systems they pass through. However, as the Morris worm and Mydoom showed, the network traffic and other unintended effects can often cause major disruption. A "payload" is code designed to do more than spread the worm - it might delete files on a host system (e.g., the ExploreZip worm), encrypt files in a cryptoviral extortion attack, or send documents via e-mail. A very common payload for worms is to install a backdoor in the infected computer to allow the creation of a "zombie" under control of the worm author - Sobig and Mydoom are examples which created zombies. Networks of such machines are often referred to as botnets and are very commonly used by spam senders for sending junk email or to cloak their website's address.^[1] Spammers are therefore thought to be a source of funding for the creation of such worms,^[2][3] and worm writers have been caught selling lists of IP addresses of infected machines.^[4] Others try to blackmail companies with threatened DoS attacks.^[5] The Morris worm or Internet worm was one of the first computer worms distributed via the Internet; it is considered the first worm and was certainly the first to gain significant mainstream media attention. ... Mydoom, also known as Novarg, Mimail. ... A B61 nuclear bomb in various stages of assembly; the nuclear warhead is the bullet-shaped silver cannister in the middle-left of the photograph. ... ExploreZip, also known as I-Worm. ... Cryptovirology is a field that studies how to use cryptography to design powerful malicious software. ... Wikipedia does not yet have an article with this exact name. ... A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication or securing remote access to a computer, while attempting to remain hidden from casual inspection. ... A zombie computer (abbreviated zombie) is a computer attached to the Internet that has a hidden software program or backdoor. ... The Sobig Worm was a computer worm that infected millions of Internet-connected, Microsoft Windows computers in August 2003. ... Mydoom, also known as Novarg, Mimail. ... This article needs cleanup. ... E-mail spam, also known as bulk e-mail or junk e-mail is a subset of spam that involves sending nearly identical messages to numerous recipients by e-mail. ... An IP address (or Internet Protocol address) is a unique address that certain electronic devices use in order to identify and communicate with each other on a computer network utilizing the Internet Protocol standard (IP)—in simpler terms, a computer address. ... DoS redirects here. ...

Backdoors can be exploited by other malware, including worms. Examples include Doomjuice, which spreads using the backdoor opened by Mydoom, and at least one instance of malware taking advantage of the rootkit and backdoor installed by the Sony/BMG DRM software utilized by millions of music CDs prior to late 2005. Doomjuice is a variant of the Mydoom computer worm, in two variants known as Doomjuice. ... Mydoom, also known as Novarg, Mimail. ... A rootkit is a general description of a set of programs which work to subvert control of an operating system from its legitimate operators. ... Sony BMG Music Entertainment is the result of a 50/50 joint venture between Sony Music Entertainment (part of Sony) and BMG Entertainment (part of Bertelsmann) completed on August 5, 2004. ... Digital rights management (DRM) is an umbrella term that refers to access control technologies used by publishers and copyright holders to limit usage of digital media or devices. ...

Worms with good intent

Beginning with the very first research into worms at Xerox PARC there have been attempts to create useful worms. The Nachi family of worms, for example, tried to download and install patches from Microsoft's website to fix vulnerabilities in the host system — by exploiting those same vulnerabilities. In practice, although this may have made these systems more secure, it generated considerable network traffic, rebooted the machine in the course of patching it, and did its work without the consent of the computer's owner or user. Bold text // Headline text Link title This article is about the computer research center. ... The Nachi worm is a computer worm that exploits a vulnerability in the Microsoft RPC service similar to the Blaster worm. ...

Most security experts regard all worms as malware, whatever their payload or their writers' intentions. A screenshot of a malicious website attempting to install spyware via an ActiveX Control in Internet Explorer 6 Malware is software designed to infiltrate or damage a computer system without the owners informed consent. ...

Protecting against dangerous computer worms

Worms spread by exploiting vulnerabilities in operating systems. All vendors supply regular security updates^[6] (see "Patch Tuesday"), and if these are installed to a machine then the majority of worms are unable to spread to it. If a vendor acknowledges a vulnerability but has yet to release a security update to patch it, a zero day exploit is possible. However, these are relatively rare. Patch Tuesday is the second Tuesday of each month. ...

Users need to be wary of opening unexpected email^[7], and should not run attached files or programs, or visit web sites that are linked to such emails. However, as with the ILOVEYOU worm, and with the increased growth and efficiency of phishing attacks, it remains possible to trick the end-user into running a malicious code. The ILOVEYOU worm, also known as VBS/Loveletter and Love Bug worm, is a computer worm written in VBScript. ... An example of a phishing email, disguised as an official email from a (fictional) bank. ...

Anti-virus and anti-spyware software are helpful, but must be kept up-to-date with new pattern files at least every few days. The use of a firewall is also recommended. Anti-virus software consists of computer programs that attempt to identify, thwart and eliminate computer viruses and other malicious software (malware). ... Strictly defined, spyware consists of computer software that gathers and reports information about a computer user without the users knowledge or consent. ... Firewall may refer to: Firewall (construction), a physical barrier inside a building or vehicle, designed to limit the spread of fire, heat and structural collapse Firewall (networking), a logical barrier designed to prevent unauthorized or unwanted communications between sections of a computer network Firewall (film), a 2006 action film written...

In the April-June, 2008, issue of IEEE Transactions on Dependable and Secure Computing, computer scientists describe a potential new way to combat internet worms. The researchers discovered how to contain the kind of worm that scans the Internet randomly, looking for vulnerable hosts to infect. They found that the key is for software to monitor the number of scans that machines on a network send out. When a machine starts sending out too many scans, it is a sign that it has been infected, allowing administrators to take it off line and check it for viruses.^[8][9]

Mitigation techniques

• TCP Wrapper/libwrap enabled network service daemons
• ACLs in routers and switches
• Packet-filters
• Nullrouting

TCP Wrapper is a host-based Networking ACL system, used to filter network access to Internet Protocol servers on (Unix-like) operating systems such as Linux or BSD. It allows host or subnetwork IP addresses, names and/or ident query replies, to be used as tokens on which to filter... libwrap is a free software program library that implements generic TCP Wrapper functionality for network service daemons to use (rather then, or in addition to, their own host access control scheme). ... In Unix and other computer multitasking operating systems, a daemon is a computer program that runs in the background, rather than under the direct control of a user; they are usually instantiated as processes. ... In computer security, an access control list (ACL) is a list of permissions attached to an object. ... This article describes the computer networking device. ... For other uses, see Switch (disambiguation). ... This article is about the network security device. ... In computer networking, a nullroute is a route that goes nowhere. ...

See also

• Timeline of notable computer viruses and worms
• Computer virus
• Trojan Horse
• Spam
• Computer surveillance

This is a list of noteworthy computer viruses and worms. ... A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. ... In the context of computing and software, a Trojan horse, or simply trojan, is a piece of software which appears to perform a certain action but in fact performs another such as a computer virus. ... E-mail spam, also known as bulk e-mail or junk e-mail is a subset of spam that involves sending nearly identical messages to numerous recipients by e-mail. ... Computer surveillance is the act of surveilling peoples computer activity without their knowledge, by accessing the computer itself. ...

References

1. ^ The Seattle Times: Business & Technology: E-mail viruses blamed as spam rises sharply
2. ^ Cloaking Device Made for Spammers
3. ^ http://www.channelnewsasia.com/stories/afp_world/view/68810/1/.html
4. ^ heise online - Uncovered: Trojans as Spam Robots
5. ^ BBC NEWS | Technology | Hacker threats to bookies probed
6. ^ USN list | Ubuntu
7. ^ Information on the Nimda Worm
8. ^ http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?isnumber=4509574&arnumber=4358715&count=10&index=3 Sellke, SH. Shroff, NB. Bagchi, S (2008). Modeling and Automated Containment of Worms. IEEE Transactions on Dependable and Secure Computing. 5(2), 71-86
9. ^ Newswise: A New Way to Protect Computer Networks from Internet Worms Retrieved on June 5, 2008.

External links

• The Wildlist - List of viruses and worms 'in the wild' (i.e. regularly encountered by anti-virus companies)
• Jose Nazario discusses worms - Worms overview by a famous security researcher.
• Computer worm suspect in court
• Vernalex.com's Malware Removal Guide - Guide for understanding, removing and preventing worm infections
• John Shoch, Jon Hupp "The "Worm" Programs - Early Experience with a Distributed Computation"
• RFC 1135 The Helminthiasis of the Internet
• Surfing Safe - A site providing tips/advice on preventing and removing viruses.
• Computer Worms Information
• The Case for Using Layered Defenses to Stop Worms

This article needs cleanup. ... Botnet is a jargon term for a collection of software robots, or bots, which run autonomously and automatically. ... A computer worm is a self-replicating computer program, similar to a computer virus. ... A screenshot of a malicious website attempting to install spyware via an ActiveX Control in Internet Explorer 6 Malware is software designed to infiltrate or damage a computer system without the owners informed consent. ... A malbot is a robot or Internet bot designed or used for malicious intentions such as gaining unauthorised access to a computer system, or participation in a Botnet. ... The typical lifecycle of spam that originates from a botnet: (1) Spammers web site (2) Spammer (3) Spamware (4) Infected computers (5) Virus or trojan (6) Mail servers (7) Users (8) Web traffic The Storm botnet or Storm worm botnet is a remotely-controlled network of zombie computers (or...