- Font size: Larger Smaller
- Hits: 417
- 0 Comments
- Subscribe to this entry
- Bookmark
What is a computer worm?
A computer worm is a computer program which self-replicates using a network or internet connection to send copies of itself to other computers, without any user intevention. It does not need to attach itself to an existing program - as a virus does - and hence can, and does, cause havok on networks by using massive amounts of bandwidth rather than actually damaging files.
Some recent developments in worms contain a "payload" which is code designed to delete files on the host system (e.g. ExploreZip), to encrypt files, or to send documents via email. Sometimes the payload can involve creating a security breach known as a "Back Door" through which the author can access the computer and have it perform actions without user intervention - this has become known as the "zombie" machine. Sobig and Mydoom are classic examples of where this technique was used.
Networks of these "zombie" computers are often termed "botnets" and tend to be used to launch spam attacks by sending emails as if originating from those machines (and hence hiding the original sender, the spammer), or by initiating "Distributed Denial of Service" or DDos attacks, where all the zombie computers request data from one single server or groups of servers, hence resulting in saturation of that server, being unable to provide content to legitimate requests.
What is the difference?
Viruses tend to be designed to inflict damage, however worms are designed only to spread from one computer to another, without making any changes to the system itself. However, some worms (such as the Morris Worm and the Mydoom worm) showed the sheer destruction that a worm can cause, bringing many key networks to a standstill due to the bandwidth being consumed.Some recent developments in worms contain a "payload" which is code designed to delete files on the host system (e.g. ExploreZip), to encrypt files, or to send documents via email. Sometimes the payload can involve creating a security breach known as a "Back Door" through which the author can access the computer and have it perform actions without user intervention - this has become known as the "zombie" machine. Sobig and Mydoom are classic examples of where this technique was used.
Networks of these "zombie" computers are often termed "botnets" and tend to be used to launch spam attacks by sending emails as if originating from those machines (and hence hiding the original sender, the spammer), or by initiating "Distributed Denial of Service" or DDos attacks, where all the zombie computers request data from one single server or groups of servers, hence resulting in saturation of that server, being unable to provide content to legitimate requests.
The Good Worms
There have been some attempts to use worms for good - the Nachi worms were designed to seek out computers with vulnerabilities due to Microsoft patches not being applied, with the payload attempting to connect to the Microsoft site to download and install the missing patches. The downside of this was, of course, that it resulted in high network traffic, required the machine to reboot, and did all of this without the owner being aware, which was thought to be unacceptable.Trackback URL for this blog entry.
Author's recent posts
