Computer worms
From Computing and Software Wiki
|  (Added difference between worms and virus section.) |  (Added "Future" section.) | ||
| Line 1: | Line 1: | ||
| A '''[http://en.wikipedia.org/wiki/Computer_worm computer worm]''' is a self-replicating [http://en.wikipedia.org/wiki/Computer_program computer program].  Once on a host, it sends a copy of itself (through a network connection) to other systems, without any user intervention.  The worm then repeats this process on the new host.  Most security experts regard all worms as [http://en.wikipedia.org/wiki/Malware malware], because they generate network traffic, and perform functions without informing the user. | A '''[http://en.wikipedia.org/wiki/Computer_worm computer worm]''' is a self-replicating [http://en.wikipedia.org/wiki/Computer_program computer program].  Once on a host, it sends a copy of itself (through a network connection) to other systems, without any user intervention.  The worm then repeats this process on the new host.  Most security experts regard all worms as [http://en.wikipedia.org/wiki/Malware malware], because they generate network traffic, and perform functions without informing the user. | ||
| - | |||
| - | |||
| Line 25: | Line 23: | ||
| <br> | <br> | ||
| A worm, on the other hand, is self-contained, and does not need to insert itself into another program to propagate itself.  [http://www.infosecwriters.com/text_resources/pdf/Computer_Worms_Past_Present_and_Future.pdf [1]] | A worm, on the other hand, is self-contained, and does not need to insert itself into another program to propagate itself.  [http://www.infosecwriters.com/text_resources/pdf/Computer_Worms_Past_Present_and_Future.pdf [1]] | ||
| + | |||
| + | |||
| + | |||
| + | == Protecting Against Worms == | ||
| + | • Run a more secure operating system, like [http://en.wikipedia.org/wiki/Unix UNIX]. [http://computer.howstuffworks.com/virus6.htm [2]] <br> | ||
| + | • Install [http://en.wikipedia.org/wiki/Anti-virus anti-virus] software, and keep its virus database files up-to-date. [http://en.wikipedia.org/wiki/Computer_worm [2]]<br> | ||
| + | • Operating system vendors supply regular security patches- these help protect against a majority of worms. [http://en.wikipedia.org/wiki/Computer_worm [2]]<br> | ||
| + | • Do not open attached files or programs from unexpected emails. [http://en.wikipedia.org/wiki/Computer_worm [2]]<br> | ||
| + | |||
| + | |||
| + | |||
| + | == The Future == | ||
| + | While computer worms have usually propagated via e-mail, newer worms are spreading via [http://en.wikipedia.org/wiki/Instant_messaging instant messaging (IM)].  To understand the threat in this, note that Code Red took 14 hours to ping every IP address in the world looking for vulnerable systems, which led to 250,000 servers being affected at its peak.  With IM, [http://en.wikipedia.org/wiki/Symantec Symantec] has simulated that 500,000 systems can be infected in 30 seconds.   | ||
| + | <br> | ||
| + | Worms aren’t even limited to computers anymore- the first worm for mobile phones appeared in 2004, known as [http://en.wikipedia.org/wiki/Caribe_%28computer_worm%29 Cabir].  While Cabir was not harmless, it was able to spread by replicating and transferring itself to other vulnerable phones in the area via [http://en.wikipedia.org/wiki/Bluetooth Bluetooth].  [http://www.infosecwriters.com/text_resources/pdf/Computer_Worms_Past_Present_and_Future.pdf [1]] | ||
Revision as of 11:58, 9 April 2008
A computer worm is a self-replicating computer program. Once on a host, it sends a copy of itself (through a network connection) to other systems, without any user intervention. The worm then repeats this process on the new host. Most security experts regard all worms as malware, because they generate network traffic, and perform functions without informing the user.
| Contents | 
A Brief History of Everything Worms
The first computer worm was created by John Shoch, at Xeros PARC. The program was named “tapeworm” after a program in a science fiction novel, “The Shockwave Rider”. John’s research required him to install the same program on 100 different machines, on the same network. So instead of manually installing the program on each machine, John created the first worm: it would seek out idle hosts on his network and install the program on them automatically. Eventually, the worm became corrupt, which led it to crash the host. There was a control worm, which would sense that it had lost a computer, and so it would send out another copy to another system, which would also crash. This would keep happening until most of the computers on the network were not working. Luckily, John had preloaded a failsafe against unpredictable circumstances, which he used to stop the worm. [1]
One famous worm on the internet was the Code Red Worm, which was put on the internet on July 13, 2001, and targeted Microsoft’s IIS Web Server.  Code Red had instructions to do three things: 
 
• Replicate itself for the first 20 days of each month 
• Replace web pages on the infected server with a page containing the message “Hacked By Chinese”
• Launch a denial of service attack on the IP address of the White House web server.
It is one of the most famous worms because, at the time, it was believed that Code Red would bring the internet to a halt because it was replicating so quickly.  [2]
Worm Vs. Virus
A computer virus spreads itself by inserting copies of itself into other executable code.  An analogy that is often used for computer viruses is that it’s similar to a biological virus, in that it spreads by inserting itself into cells.  These infected cells are known as the hosts.  
A worm, on the other hand, is self-contained, and does not need to insert itself into another program to propagate itself.  [1]
Protecting Against Worms
• Run a more secure operating system, like UNIX. [2] 
• Install anti-virus software, and keep its virus database files up-to-date. [2]
• Operating system vendors supply regular security patches- these help protect against a majority of worms. [2]
• Do not open attached files or programs from unexpected emails. [2]
The Future
While computer worms have usually propagated via e-mail, newer worms are spreading via instant messaging (IM).  To understand the threat in this, note that Code Red took 14 hours to ping every IP address in the world looking for vulnerable systems, which led to 250,000 servers being affected at its peak.  With IM, Symantec has simulated that 500,000 systems can be infected in 30 seconds.  
Worms aren’t even limited to computers anymore- the first worm for mobile phones appeared in 2004, known as Cabir.  While Cabir was not harmless, it was able to spread by replicating and transferring itself to other vulnerable phones in the area via Bluetooth.  [1]
