A worm is a malicious computer program that infects a host computer, replicates itself, and uses computer networks, including the Internet, to infect other computers.
Worms are differentiated from other malicious computer programs by the fact that they spread on their own without the use of a host file. The fact that they replicate and send themselves to new recipients means that worms often spread much faster than other forms of malicious programs such as viruses and trojan horses.
Worms are created to do a few different things:
- To spread: Some worms simply spread from one computer to the next and don't deliver any sort of payload – code designed to do something more than simply spread the worm.
- Delete files: Some worms, such as ExploreZip, delete files from the host computer.
- Ransomware attack: Some worms have been known to encrypt a portion of a computer system and demand that a ransom be paid to remove the encryption.
- Send documents: There are worms that will grab a document from the infect computer and use the computer's e-mail client to send the document to other e-mail addresses – potentially releasing sensitive or confidential information.
- Install a backdoor: One common activity performed by worms is to install a backdoor onto a computer which the worm author can use to turn the computer into a zombie and add to a botnet.
Frequently Asked Questions
Is a worm the same thing as a computer virus?
Viruses and worms often do many of the same things: delete files, lock down a portion of a computer, allow the computer to be added to a botnet, and generally wreak havoc. The biggest difference between a virus and a worm is that worm replicates and then distributes itself to other computers using either the Internet or a local network connection. A virus, on the other hand, depends on an infected host file being distributed by others in order to spread.
Why would someone want to create and spread a worm?
For those of us who would never dream of causing intentional harm to someone else's computer, the motivation behind creating a worm can be a little mistifying. Worm authors typically create the malicious programs for one of three major reasons: to prove they can do it, to make a statement, or for financial gain.
Maybe the worm author is new to the world of black hat hacking and wants to make a name for themselves. If so, a successfully deployed worm will do the trick. Perhaps the author detests a specific organization. A targeted worm deployment could cause significant damage to that organization's computer network. Or maybe the author just wants to make a living at other's expense. If so, there are several ways a botnet can be used to generate illicit income.
How can I protect myself from a worm infection?
Most worms spread as e-mail attachments. In order to avoid infection never open an attachment that you weren't expecting, or that seems out of place. You should also install reputable anti-virus software on your computer, keep it up to date, and perform regular system scans to check for infections. If an infection is ever discovered, clean it up immediately.
What does it mean to say that a worm is “payload-free”?
The basic behavior that classifies a program as a worm is self-replication and automatic distribution. Some worms do nothing more than to make and distribute copies of themselves. A “payload” is anything a worm does in addition to this basic behavior. A worm that is “payload-free” is one that does nothing more than copy and distribute itself. While seemingly not as menacing as other types of worms, payload-free worms are still problematic because as they spread they can consume massive amounts of network and computer resources causing computer and networks to slow down and eventually crash.