Computer worms

From Computing and Software Wiki

Revision as of 12:03, 9 April 2008 by Ahmadmu (Talk)
Jump to: navigation, search

A computer worm is a self-replicating computer program. Once on a host, it sends a copy of itself (through a network connection) to other systems, without any user intervention. The worm then repeats this process on the new host. Most security experts regard all worms as malware, because they generate network traffic, and perform functions without informing the user.


Contents

A Brief History of Everything Worms

The first computer worm was created by John Shoch, at Xeros PARC. The program was named “tapeworm” after a program in a science fiction novel, “The Shockwave Rider”. John’s research required him to install the same program on 100 different machines, on the same network. So instead of manually installing the program on each machine, John created the first worm: it would seek out idle hosts on his network and install the program on them automatically. Eventually, the worm became corrupt, which led it to crash the host. There was a control worm, which would sense that it had lost a computer, and so it would send out another copy to another system, which would also crash. This would keep happening until most of the computers on the network were not working. Luckily, John had preloaded a failsafe against unpredictable circumstances, which he used to stop the worm. [1]


One famous worm on the internet was the Code Red Worm, which was put on the internet on July 13, 2001, and targeted Microsoft’s IIS Web Server. Code Red had instructions to do three things:
• Replicate itself for the first 20 days of each month
• Replace web pages on the infected server with a page containing the message “Hacked By Chinese”
• Launch a denial of service attack on the IP address of the White House web server.
It is one of the most famous worms because, at the time, it was believed that Code Red would bring the internet to a halt because it was replicating so quickly. [2]


Worm Vs. Virus

A computer virus spreads itself by inserting copies of itself into other executable code. An analogy that is often used for computer viruses is that it’s similar to a biological virus, in that it spreads by inserting itself into cells. These infected cells are known as the hosts.
A worm, on the other hand, is self-contained, and does not need to insert itself into another program to propagate itself. [1]


Protecting Against Worms

• Run a more secure operating system, like UNIX. [2]
• Install anti-virus software, and keep its virus database files up-to-date. [2]
• Operating system vendors supply regular security patches- these help protect against a majority of worms. [2]
• Do not open attached files or programs from unexpected emails. [2]


The Future

While computer worms have usually propagated via e-mail, newer worms are spreading via instant messaging (IM). To understand the threat in this, note that Code Red took 14 hours to ping every IP address in the world looking for vulnerable systems, which led to 250,000 servers being affected at its peak. With IM, Symantec has simulated that 500,000 systems can be infected in 30 seconds.
Worms aren’t even limited to computers anymore- the first worm for mobile phones appeared in 2004, known as Cabir. While Cabir was not harmless, it was able to spread by replicating and transferring itself to other vulnerable phones in the area via Bluetooth. [1]


References


1. Craig Fosnock: Computer Worms: Past, Present, and Future, Infosecwriters.com, July 27, 2005.
2. Computer worm, Wikipedia April 7, 2008.

Personal tools