December 15, 2013

3.1.3 Worms


A computer worm is a type of malicious software (malware) that is self-contained, self-replicating and self-propagating. Unlike a virus which is a piece of software code that attaches itself to another program, a worm is a standalone software program.
The primary purpose of a worm is to make copies of itself and to look for other host computers to infect. When a worm is introduced onto a host computer, it sets about doing just that – replicating or making copies of itself and seeking out communication channels it can use to target other hosts.

Worms target vulnerabilities in application, operating system and network protocols. In addition to its primary purpose – propagation, a worm can carry a “payload”, which in this case is a software code written to carry out specific malicious activities such as altering or deleting data, establishing backdoors or other remote control tools.

Even without the “payload”, worms are considered malware because they consume system resources such as CPU, memory and network bandwidth.

Worms and viruses are both considered malware. They both take unauthorized actions and carry out a series of malicious activities. A major difference between a worm and a virus is in how each propagates. A virus cannot spread on its own. It takes the action of a human for example to click on an infected file or visit an infected file to spread the virus. A worm on the other hand is able to spread unassisted, taking advantage of vulnerabilities in system resources such as software bugs, unprotected network ports and lax security protocols, among others. Additionally, worms can self-replicate.

When a worm infects a system, it carries out its primary function which is to make copies of itself. Each copy will work independently to find mechanisms to launch itself to other systems across the network.

A worm can cause harm in one of two ways:
  • It replicates and propagates, using an increasing amount of memory, processing cycles and network bandwidth in the process. This can bring a system to a halt or cause it to crash. If the system is rebooted and brought back online.
  • If the worm carries a payload, it will launch the payload to carry out some malicious activity.
The effect of a worm could be the slow consumption of all system and network resources. Additionally worms are a popular way for unauthorized users to install backdoors or conscript the compromised system into a “botnet”.

“An internet worm is a program that spreads across the internet by replicating itself on computers via their network connections.”

A worm is created to take advantage of a security hole in an application or operating system. Once a system is infected, the worm actively seeks out other systems to infected.

A famous example of an Internet worm is the Morris worm. It was released onto the Internet in 1988 and it took advantage of application vulnerabilities to infect and cripple a significant number of hosts on the Internet.

Counter-measures against worms are similar to that for viruses and Trojans. It is better to take a multi-layer approach to security. This includes applying update patches to the operating system and applications, using anti-virus software and firewalls as appropriate. Also be wary of email attachments, even from familiar sources as their account might have been compromised. Since a worms’ primary transmission mechanism is the network, pay special attention to keeping network software up-to-date.


No comments:

Post a Comment