In part 1 of this multi-part article we discussed the VIRUS type of malware. Here, in part 2, we will discuss the WORM type of malware. Recall from that previous article that the definition of MALWARE is a type of software designed to take over or damage a computer, without the user’s knowledge or approval. Let us discuss the WORM.
A worm is nothing more than a self replicating program. Recall from the previous article that a virus requires a host file to propagate, or spread. What makes the worm more dangerous is the fact that it does NOT require a host file to spread, or propagate because it is a program itself.
Also, unlike the virus, a worm automatically replicates itself without the need for an activation mechanism. Furthermore, a worm can travel across computer networks without requiring user assistance. When one system on the network is infected with the worm, other systems on the same network can get infected.
If you read the previous article about viruses, you will notice that the worm is like a super virus. It essentially improves upon the functions of a virus. It’s almost the exact opposite of a virus.
Some of the most popular computer worms you may have heard of include:
KoobFace –
Koobface targeted users of the social networking websites Facebook email , MySpace, hi5, Bebo, Friendster and Twitter. Koobface originally spread by delivering Facebook messages to people who are ‘friends’ of a Facebook user whose computer has already been infected. Upon receipt, the message directs the recipients to a third-party website (or another Koobface infected PC), where they are prompted to download what is purported to be an update of the Adobe Flash player. If they download and execute the file, Koobface is able to infect their system. It can then commandeer the computer’s search engine use and direct it to contaminated websites. There can also be links to the third-party website on the Facebook wall of the friend the message came from sometimes having comments like LOL or YOUTUBE.
Koobface ultimately attempts, upon successful infection, to gather login information for FTP sites, Facebook, and other social media platforms, but not any sensitive financial data. It then uses compromised computers to build a peer-to-peer botnet, which we will discuss in another article. A compromised computer contacts other compromised computers to receive commands in a peer-to-peer fashion. (Wikipedia)
ILOVEYOU –
ILOVEYOU, sometimes referred to as Love Letter, was a computer worm that attacked tens of millions of Windows PCs on and after 5 May 2000 when it started spreading as an email message with the subject line “ILOVEYOU” and the attachment “LOVE-LETTER-FOR-YOU.txt.vbs”. The file extension .vbs (visual basic script) was most often hidden by default on Windows computers of the time, leading unwitting users to think it was a normal text file. Opening the attachment activated the Visual Basic script. The worm did damage on the local machine, overwriting image files, and sent a copy of itself to the first 50 addresses in the Windows Address Book used by Microsoft Outlook.(Wikipedia)
Mydoom –
Mydoom, also known as W32.MyDoom@mm, Novarg, Mimail.R and Shimgapi, is a computer worm affecting Microsoft Windows. It was first sighted on 26 January 2004. It became the fastest-spreading e-mail worm ever (as of January 2004), exceeding previous records set by the Sobig worm and ILOVEYOU.
Speculative early coverage held that the sole purpose of the worm was to develop a botnet in order to perpetrate a distributed denial-of-service attack against SCO Group, an American software company.(Wikipedia)
As we’ve said before, it’s sometimes very difficult to remove these viruses, so the best defense is prevention. Keep your systems updated with the latest patches for all software you run, and ensure you have the latest anti-virus software definition updates. Avoid clicking on links and opening attachments if you did not expect it to be sent.
Stay tuned for our next article where we will cover the TROJAN. Or, you can subscribe to our newsletter using the form below and have our informative articles delivered to you via email once a week.