Worms
Contents
What is a Worm?
A computer worm is a
self-replicating computer program similar to a computer
virus. A virus attaches copies of itself to another
host program; however, a worm is self-contained and does
not need a host program to propagate. They are often designed
to exploit the file transmission capabilities
found most computers, such as FTP, email, and instant
messaging. A worm uses a network to send copies of itself.
Most worms (as well as most malware), need human-interaction
in order to propagate. For example a mass-mailing worm
needs a human to open the infected email attachment, in
order to spread to that particular computer. However some
worms, such as the SQL Slammer worm, and Sasser do not
need any human-interaction, instead these worms exploit
all vulnerable systems it could find. In general, a worm
does harm to the network by consuming large amounts of
bandwidth by sending itself rapidly through the network,
to infect other computers.
Methods of Propagation
Worms use several ways to propagate through
networks. The most common way is via email. Other ways
include, FTP, mIRC, P2P (Peer to Peer), instant messaging,
and exploitation.
A good example of an email worm is the
Mydoom worm. It was first discovered on January 20, 2004.
It became the fastest spreading email worm ever (as of
this time of writing), beating previous records set by
the SoBig worm. Mydoom was scheduled to launch a Distributed
Denial of Service (DDoS) attack on a company called the
SCO Group on February 1, 2004. The second version of Mydoom
(Mydoom.B) was scheduled to attack Microsoft's web site
on February 3, 2004. Both versions of the worm brought
down the two web sites for several hours. The SCO Group,
and Microsoft both offer a $250,000 dollar reward for
information leading to the arrest of the worm's author.
To this day (as of this time of writing), the worm's author
is still unknown, and authorities are no where near of
capturing this cyber criminal.
Common Payloads
A common payload is for a worm to install a backdoor,
as was done by Bagle, and Mydoom. The worm's authors then
begin to sell the IP addresses to spammers which will
use the zombie computers as platforms, to send
large scale, mass-spam attacks to millions of users world-wide.
Protection
By far, the best way to protect against
computer worms is to install an anti-virus software. Remember,
just because you have an anti-virus doesn't mean you will
be immune to everything out there on the internet. You
must regularly update the anti-virus software in order
for the anti-virus software to protect you against the
latest threats. Also you will need to install patches
for your operating system, as some worms propagate by
exploiting known vulnerabilities. Awareness is also a
major factor for protection. Make sure you know who is
sending you an email attachment before you open it. If
you already know who sent you that email, contact that
person, and verify that he or she sent you that email,
because some worms can make it look like someone you know
sent you that email.
|
|
|
