Worms, remove worm, worms catalog

What is worm?

Worms are generally considered to be a subset of viruses, but with key differences. A worm is a computer program that replicates, but does not infect other files: instead, it installs itself on a victim computer and then looks for a way to spread to other computers.

From a user’s perspective, there are observable differences. In the case of a virus, the longer it goes undetected, the more infected files there will be on the victim computer. In the case of a worm, by contrast, there is just a single instance of the worm code. Moreover, the worm’s code is ‘self-standing’, rather than being added to existing files on the disk.

The term ‘worm’ was coined by sci-fi writer John Brunner in his 1975 novel Shockwave Rider. The hero, a talented programmer, created self-replicating computer programs that tunneled their way through a worldwide network.

Worm types

Like viruses, worms are often sub-divided according to the means they use to infect a system. E-mail worms are distributed as attachments to e-mail messages, IM worms are attached to messages sent using instant messaging programs (such as IRC or ICQ). P2P [peer-to-peer] worms use file-sharing networks to spread. Network worms spread directly over the LAN [Local Area Network] or across the Internet, often making use of a specific vulnerability.

How do worms spread?

A worm can open your email address book and, in a jiffy, despatch one clone each to each of the addresses listed. Of course, the machine has to be connected to the net. If it is not, the worm silently bides it time till the connection takes place. Chats and Instant messaging software like MIRC, MSN Messenger, Yahoo IM and ICQ can also act as unwitting carriers enabling the worm to spread like wildfire throughout the cyberworld (the "Jitux" worm is an example). Every operating system has vulnerabilities which are thoroughly exploited by worms to propagate themselves. Windows systems are the usual target. A very prominent example of this is the Sasser worm which uses security holes in the Windows LSASS service.

Other worms spread only by using Backdoor infected computers. E.g. the "Bormex" worm relies on the "Back Orifice" backdoor to spread. There is a facility available within peer-to-peer networks known as the P2P folder which all users of the network share. A worm can simply copy itself into the shared folder and quietly wait for the other users to pick it up. If the folder does not exist, the worm simply creates it for the benefit of the users! How benevolent can worms be! In the hall of hoodlums, worm "Axam" gets top honours for such devious activity.

Some worms take on even more deceptive forms to snare users. Sending emails with malicious code embedded within the main text or as an attachment. Some worms act as SMTP proxies (Sircam, Nimda, Sasser & co) to spread quickly. Worms can attempt remote logins (especially on Microsoft SQL servers - the "Spida" worm does this quite elegantly!) to launch DDoS (distributed denial of service) attacks. Another favourite is injecting malicious code in running services on the server like "Slammer". Phew! The arsenal available to these worms is huge and ever growing.

Worms that will be remembered for generations to come for the damage they did to global commerce are Sasser, MyDoom, Sober, Blaster, Code Red, Melissa, and the Loveletter worm. Apart from the sleepless nights it caused the government and industry backed sleuths trying to track the worm, billions of dollars went down the drain to control their menace. The face of internet surfing and computerized operations was radically changed due to these worms.

How do I secure my PC?

Worms mainly spread by exploiting vulnerabilities in operating systems, or by tricking users to assist them.

All vendors supply regular security updates[13] (see "Patch Tuesday"), and if these are installed to a machine then the majority of worms are unable to spread to it. If a vendor acknowledges a vulnerability but has yet to release a security update to patch it a zero day exploit is possible, but these are relatively rare.

Users need to be wary of opening unexpected email, and certainly should not run attached files or programs, or visit web sites which such email link to. However, as the ILOVEYOU showed long ago, and phishing attacks continue to prove, tricking a percentage of users will always be possible.

Anti-virus and anti-spyware software are helpful, but must be kept up-to-date with new pattern files at least every few days.

Worms catalog

• Amca
• Amend.A@mm
• Brontok
• Hairy.A
• Funny UST Scandal.exe
• Looksky.G@mm
• NetWorm-i.Virus@fp
• Pusia.A@mm
• Sober Worm
• Vispat.A@mm
• W32.Fubalca
• W32/Lewor-M
• W32.Myzor.FK@yf
• Win32.Netbooster
• W32.Spreda.b.spy
• W32.Stration.IZ@mm
• Worm.Navidad.A
• Worm.Zhelatin.DAM