Malware spotlight: What are worms?
Introduction
Worms are a particularly virulent type of malware that has been around since the 1980s and wreaking havoc on infected systems ever since. Some believe that viruses and worms are the same thing, but this could not be less true: in fact, it is the differences between the two that make worms a unique, dangerous type of malware.
This article will detail what worms are and how they operate and will examine the different types of worms afflicting systems worldwide.
FREE role-guided training plans
A little about worms
Worms belong to a self-replicating category of malware that can search for computers in a local area network (LAN) and wireless networks to deliver a malicious payload or perform a programmed task. Common examples of these tasks include deleting files and stealing information. A common attack point for worms is vulnerabilities that exist in operating systems. All the more motivation to keep your system updated!
Some have classified worms as viruses, but this view is ignoring a major difference between the two — a virus requires user input (activation) to perform its programmed task, and a worm does not. This ability to function without user input makes worms a potentially much more dangerous threat in contrast to viruses, because a virus can lie dormant for a long time if the application it is attached to is not run often, or the user input required is rarely performed.
What’s especially interesting about worms is how they have evolved over time. The first worm to spread over the internet is known as the Morris worm. Invented by Robert Morris, this worm’s sole goal was to spread. It did not perform any other tasks, nor did it have a payload to inflict upon infected systems.
The first recorded worm that carried a payload was called Witty, and it focused on attacking a specific manufacturer’s firewall and information security products. Since then, payload-delivering worms have been the norm instead of the exception.
Worm life cycle (or lack thereof)
Unlike viruses, worms do not have an easily quantifiable life cycle. This is based on the fact that worms act independent of the actions of third parties. As a system becomes infected, the worm will replicate, find other computers on the infected computer’s network, and perform its programmed task. This process can be completed in such a short amount of time there is no life cycle to speak of, aside from infection, replication and spreading throughout the network.
Different types of worms
There are several different types of worms in use today, each having their own method of infecting a target system.
Email worms
As the name suggests, email worms infect target systems by using the email client of said system. Email worms initiate their infections either by way of an infected email attachment that infects the system when the file is downloaded and opened, or by a malicious link that will infect the system when clicked.
A landmark instance of email worms afflicting the information security landscape was the ILOVEYOU worm. Launched in 2000, this worm had infected millions of systems by the time it ran its course.
Internet-based worms
Another well-represented worm in existence is the internet-based worm. This type is not picked up via web browsing; instead, it spreads when an infected system scans the internet for vulnerable machines that it can infect.
This type of worm takes advantage of systems that have not received recent security and operating system updates. By focusing on the vulnerabilities that have been recently fixed, all the worm needs to do is locate a computer that has not installed these updated. Many users not updating means many potential targets and many headaches spread around.
Bot worms
Bot worms are a nasty type of worm that infects a system and then turns it into an unwitting bot or zombie. The infected system is then used in conjunction with other infected system to form botnets. Botnets are used by attackers to launch large-scale, coordinated attacks.
File-sharing network worms
Despite their attractive, easy access to valuable files, file-sharing networks have a glaring security weakness: you really don’t know what you are downloading. Remember that blockbuster film that you just downloaded for free? It may contain one of these worms.
This type of worm uses downloads just like these to enter your system, after which it will be subject to whatever malicious actions the worm is programmed to do (along with copious self-replication, of course).
Chat room and instant message worms
This type of worm is similar to the email worm in that it will use the user’s chat room contact list or instant messenger to send out messages containing malicious links. These links will send you to a malicious website laden with worms in its code or may simply download the worm itself.
This type of worm has some downsides associated with it (from the attacker’s perspective) — they require user input by way of accepting the message/clicking the infected link and the worm will only be able to access contact lists of the respective infected chat room or instant messenger.
Conclusion
Worms do indeed operate similarly to viruses in that they self-replicate and will perform a programmed task toward a malicious end. However, they are a different breed unto themselves. Viruses suffer from the capability limitation of required user input, while worms can perform their programmed tasks and move from computer to computer, without any user input at all. This minor difference in programming makes worms a more formidable information security foe and a more serious threat overall.
What should you learn next?
Sources
- Worm, TechTarget
- Different Types of Computer Worms, Techwalla
- A Brief History of the Worm, Symantec
- What is a computer worm and how does it spread?, Emsisoft
In this Series
- Malware spotlight: What are worms?
- Free Valentine's Day cybersecurity cards: Keep your love secure!
- How to design effective cybersecurity policies
- What is attack surface management and how it makes the enterprise more secure
- Is a cybersecurity boot camp worth it?
- The aftermath: An analysis of recent security breaches
- Understanding cybersecurity breaches: Types, common causes and potential risks
- Breaking the Silo: Integrating Email Security with XDR
- What is Security Service Edge (SSE)?
- Cybersecurity in Biden’s era
- Password security: Using Active Directory password policy
- Inside a DDoS attack against a bank: What happened and how it was stopped
- Inside Capital One’s game-changing breach: What happened and key lessons
- A DevSecOps process for ransomware prevention
- What is Digital Risk Protection (DRP)?
- How to choose and harden your VPN: Best practices from NSA & CISA
- Will immersive technology evolve or solve cybercrime?
- Twitch and YouTube abuse: How to stop online harassment
- Can your personality indicate how you’ll react to a cyberthreat?
- The 5 biggest cryptocurrency heists of all time
- Pay GDPR? No thanks, we’d rather pay cybercriminals
- Customer data protection: A comprehensive cybersecurity guide for companies
- Online certification opportunities: 4 vendors who offer online certification exams [updated 2021]
- FLoC delayed: what does this mean for security and privacy?
- Stolen company credentials used within hours, study says
- Don’t use CAPTCHA? Here are 9 CAPTCHA alternatives
- 10 ways to build a cybersecurity team that sticks
- Verizon DBIR 2021 summary: 7 things you should know
- 2021 cybersecurity executive order: Everything you need to know
- Kali Linux: Top 5 tools for stress testing
- Android security: 7 tips and tricks to secure you and your workforce [updated 2021]
- Mobile emulator farms: What are they and how they work
- 3 tracking technologies and their impact on privacy
- In-game currency & money laundering schemes: Fortnite, World of Warcraft & more
- Quantitative risk analysis [updated 2021]
- Understanding DNS sinkholes - A weapon against malware [updated 2021]
- Python for network penetration testing: An overview
- Python for exploit development: Common vulnerabilities and exploits
- Python for exploit development: All about buffer overflows
- Python language basics: understanding exception handling
- Python for pentesting: Programming, exploits and attacks
- Increasing security by hardening the CI/CD build infrastructure
- Pros and cons of public vs internal container image repositories
- CI/CD container security considerations
- Vulnerability scanning inside and outside the container
- How Docker primitives secure container environments
- Top 4 Zapier security risks
- Common container misconfigurations and how to prevent them
- Building container images using Dockerfile best practices
- Securing containers using Docker isolation
- Introduction to container security
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
General security
Free Valentine's Day cybersecurity cards: Keep your love secure!
General security
General security