Computer worm

From Saferpedia

A worm is a software able to auto-replicate itself. Is uses network to send its own copies in other nodes (computers in the network) managing this without user's intervention. Unlike a virus a worm does not have to be attached to an existent software. Worms cause harm to the network even by the mere fact that occupy band, while viruses modify almost always files on targeted computer.

Tasks and payload

A payload is a code designed to make more than spreading a worm. It may delete files on the host system (ExploreZip worms for example), may encrypt files or may send documents via w-mail. A task of a worm payloader is to install a backdoor to allow creating a zombie computer controlled by the worm. Sobig and Mydoom are examples of such worms. Networks formed from zombies are used by spammers as botnet to send junk e-mails and to cover their true web addresses.

Worms with good intentions

Starting with first researches in worms fields at Xerox PARC there were attempts to create useful worms. For example the Nachi worms family attempts to download and install packages from Microsoft website in order to repair vulnerabilities in the host system. In practice although made the systems safer, the worm generated considerable traffic on the network, restarted the computer while installing packages and all that without user's agreement.

Some worms like XSS were written for research, to determine the ways a worm spreads.

Most security experts frame worms as malware whether the writer intentions were good or not.

Protection against worms

Worms spread by exploiting OS vulnerabilities. All OS sellers provide periodic security updates that once installed will make impossible for worms to extend.

This term is in development.
Contribute on developing this term.