Types of computer worms. Computer worm

What is a computer worm

Imagine receiving an email something like this:

« Hello!

Here is the document I told you about! You can easily find it here: http://maliciouslink.com .

Be sure to check it out and write what you think about it! »

Don't worry, you are not alone. Almost all users who use mail encounter spam in one way or another. And a significant proportion of such letters are those that contain links to malicious sites.

A computer worm is a type or subclass of viruses. Like a virus, a computer worm spreads from computer to computer, and it often does this without the user's help. The worm uses the rights granted to files and documents by the system to move freely through unblocked directories.

This computer worm is dangerous precisely because it is able to reproduce itself in your system. Once in Windows, it copies itself into exactly as many parts as, for example, you have saved addresses in your email address book. After this, all recipients receive a letter from you with the specified content, and this is repeated ad infinitum.

What does a computer worm do?

The malicious influence that a computer worm has on a network is not difficult to predict. It is capable of completely filling the memory of a particular computer, filling the communication channel, as a result of which entire servers will stop responding to requests. The latest, most widespread attacks using the sensational Blaster Worm were used to create a network tunnel into the system and allow attackers to remotely control the infected machine.

A computer worm can also exploit holes in licensed software. Typically, a page of a trusted web resource is faked, from which, while the user is viewing the page, a carefully altered file is transferred to the user’s computer. This file causes the browser program to stop, while simultaneously opening a back door to download more serious malware. So that the user does not notice anything, a computer worm is usually disguised as a small utility such as a file loader or downloader. With its help, more significant “malware” gets onto the user’s computer.

How to defeat a computer worm?

Not all antiviruses are capable of dealing with worms. A computer worm reproduces and modifies almost instantly. Sometimes it takes weeks for a worm to be blacklisted.

• A configured firewall will help cut off the worm's connections.
• You should not surf the Internet under an administrator account.
• A significant effect in counteracting worms is achieved by completely disabling Java scripts. Some pages will be displayed incorrectly and not fully functional (after all, Java is what makes the resource interactive). However, this often happens on suspicious sites. Practice shows that approximately a third of the resources require your browser to have a Java script enabled. The choice is yours.

A computer virus and computer worm are malicious programs that are capable of reproducing themselves on computers or through computer networks. In this case, the user does not suspect that his computer is infected. Since each subsequent copy of a virus or computer worm is also capable of self-replication, the infection spreads very quickly. There are many different types of computer viruses and computer worms, most of which are highly destructive.

What you need to know about computer viruses and worms

Malicious software from the viruses and worms subclass includes:

• Email-Worm
• IM-Worm
• IRC-Worm
• Net-Worm
• P2P-Worm
• Virus

• Computer worms

  Most known computer worms are spread in the following ways:

  • as a file sent as an attachment in an email;
  • in the form of a link to the Internet or FTP resource
  • as a link sent via ICQ or IR message
  • through peer-to-peer data exchange networks P2P (peer-to-peer)
  • Some worms spread as network packets. They penetrate directly into the computer memory, then the worm code is activated.

Computer worms can exploit network configuration errors (for example, to copy themselves to a completely accessible disk) or security holes in the operating system and applications. Many worms spread copies of themselves across the network in several ways.

• Viruses

  Viruses can be classified according to the way they infect a computer:

  • File viruses
  • boot sector viruses
  • Macro viruses
  • Virus scripts

Any program of this subclass of malware may also have program functions as additional ones.

How to protect yourself from computer viruses and worms

It is recommended to install antivirus: anti-malware software on all your devices (including PCs, laptops, Macs and smartphones). An anti-malware solution must be updated regularly to protect against the latest threats. A good antivirus (such as Kaspersky Anti-Virus) detects and prevents viruses and worms from infecting your PC, and Kaspersky Internet Security for Android is an excellent choice for protecting Android smartphones. Kaspersky Lab has created products for the following devices:

• Windows based PC;
• Mac computers;
• smartphones;
• tablets

Some of the first experiments on the use of computer worms in distributed computing were carried out at the research center in 1978. The term arose under the influence of the science fiction novels by David Gerrold "When H.A.R.L.I.E Was One" and John Brunner "On Shockwave" (David Gerrold "When H.A.R.L.I.E Was One ", John Brunner "The Shockwave Rider", Thomas Ryan "The Adolescence of P-1").

One of the most famous computer worms is the Morris Worm, written by Robert Morris Jr., who was a student at Cornell University at the time. The spread of the worm began on November 2, after which the worm quickly infected a large number of computers connected to the Internet.

Distribution Mechanisms

Worms can use various mechanisms (“vectors”) for propagation. Some worms require a specific user action to spread (for example, opening an infected message in an email client). Other worms can spread autonomously, selecting and attacking computers in a fully automatic manner. Sometimes there are worms with a whole range of different propagation vectors, victim selection strategies, and even exploits for different operating systems.

Structure

Worms can be made up of different parts.

Often there are so-called RAM-resident worms that can infect a running program and reside in RAM, without affecting hard drives. You can get rid of such worms by restarting the computer (and, accordingly, resetting the RAM). Such worms consist mainly of an “infectious” part: an exploit (shellcode) and a small payload (the worm body itself), which is located entirely in RAM. The specificity of such worms is that they are not loaded through a loader like all ordinary executable files, which means they can only rely on those dynamic libraries that have already been loaded into memory by other programs.

There are also worms that, after successfully infecting memory, save code on the hard drive and take measures to subsequently run this code (for example, by writing the corresponding keys in the Windows registry). Such worms can only be gotten rid of using an antivirus or similar tools. Often, the infectious part of such worms (exploit, shellcode) contains a small payload, which is loaded into RAM and can “upload” the worm itself directly over the network in the form of a separate file. To do this, some worms may contain a simple client in the infectious part. The body of the worm loaded in this way (usually a separate executable file) is now responsible for further scanning and spreading from the infected system, and can also contain a more serious, full-fledged payload, the purpose of which could be, for example, causing some harm (for example, DoS -attacks).

Most email worms are distributed as a single file. They do not need a separate “infection” part, since usually the victim user, using an email client, voluntarily downloads and launches the entire worm.

Often, worms, even without any payload, overload and temporarily disable networks simply due to their intensive spread. A typical meaningful payload could be the corruption of files on the victim computer (including modification of web pages, a backdoor for remote control of the victim computer. There are often cases when a new virus exploits backdoors left by the old one.

see also

Links

• John Shoch, Jon Hupp The "Worm" Programs - Early Experience with a Distributed Computation", Communications of the ACM, March 1982 Volume 25 Number 3, pp.172-180, ISSN 0001-0782
• RFC 1135 (English) - The Helminthiasis of the Internet

Wikimedia Foundation. 2010.

See what a “Computer worm” is in other dictionaries:

This term has other meanings, see Blaster (meanings). Blaster, also known as Lovsan, Lovesan or MSBlast, was a computer worm that spread on computers running Windows 2000 and... ... Wikipedia

Noun, m., used. compare often Morphology: (no) whom? worm, anyone? worm, (see) who? worm, by whom? worm, about whom? about the worm; pl. Who? worms, (no) who? worms, anyone? worms, (see) whom? worms, by whom? worms, about whom? about worms 1. A worm is... ... Dmitriev's Explanatory Dictionary

Zobot is a computer worm that exploits vulnerabilities in the Microsoft Windows XP and Windows 2000 operating systems. The American companies ABC, CNN, and The New York Times were especially hard hit by this worm, according to the Business Week newspaper from ... ... Wikipedia

Computer slang is a type of slang used both by a professional group of IT specialists and by other computer users. History The appearance of terms The rapid growth of computer technology since the second half of the 20th century, and, in ... ... Wikipedia

Computer slang is a type of slang used both by a professional group of IT specialists and by other computer users. History The appearance of terms The rapid growth of computer technology since the second half of the 20th century, and, in ... ... Wikipedia - A floppy disk with the source code of the Morris worm, stored in the Museum of Science in Boston. On November 2, 1988, the first case of the appearance and “victorious” march of a network worm was recorded, paralyzing the work of six thousand ... Wikipedia

Computer viruses, malware - all this is destructive to the operating system. What to do? How to defeat hated virus programs? Beginner users will say that it is enough to install an antivirus. But it's not that simple. After all, in order to defeat a virus, you need to know what type it belongs to.

One of the most common malware is the worm virus. How to protect your computer from penetration by this uninvited guest, and what exactly is he?

What is a “worm virus”?

There are a huge number of types of malicious computer software. One of those viruses that is quite problematic to get rid of after infection is the “network worm” virus. This is a self-replicating computer program that penetrates local and global networks. At the same time, the significant difference between an ordinary virus and this malicious program is that the second is completely independent.

Types of network worms

Computer virus worms are divided into three categories, which differ significantly in their characteristics and the harm they cause to the device.

• The first category is email worms. They are usually distributed in one file via email. The user receives a letter from an unknown recipient with an attachment. Naturally, succumbing to curiosity, he himself opens the attachment, which already contains a network worm, after which the infection occurs.
• The second category, which is the most common among malware, is RAM-resident worms. This virus does not infect hard drives, but inserts itself into RAM, thereby harming running programs. For such a worm virus to “go home”, it is enough to restart the computer.
• The third and most dangerous category is worms that save code on the device's hard drive. They are most often used to cause some kind of information harm, for example, to carry out a DoS attack. And here restarting the computer will not solve the problem. Only high-quality antivirus systems will help here, and even then not all. You should start treating the infected disk as early as possible, otherwise you will have to say goodbye to the entire operating system.

How and for what purpose do network worms spread?

Such viruses are spread by hackers to achieve different goals. Some programs are designed to intercept control of the device. At the same time, the user himself will never notice what the worm virus does. Others use an infected computer as a way to spread the virus through all available networks, both local and global.

Hackers have come up with many different ways to spread the worm. Most often, there is a virus that the user must initially run on his computer himself. This could be an electronic attachment or some mini-program downloaded from the Internet. However, there are also those who do not require someone else’s intervention to infect a device; they penetrate independently.

How to protect yourself?

To prevent a virus from infecting your computer, you need to know about protection measures. Many will say that any antivirus program will be enough, because it immediately blocks viruses when they enter the system. Actually this is not true. An antivirus program will not be able to prevent a worm from entering a device in time, since it simply warns that a malicious program is detected on a particular site. Most users do not attach any importance to this by launching or downloading an infected file to their computer.

An excellent option for protection against this type of software is proactive technology. Unlike conventional antivirus programs, this technology will prevent infection of the system, rather than searching for already known viruses on hard drives. In this case, the virus will be blocked only if it poses a real threat to the OS.

Network worm: how to remove the virus?

If malware does get onto your computer, you must remove it immediately. But how to remove a virus without damaging the operating system? In such a situation, antiviruses will come to the aid of inexperienced users. Fortunately, installing them won't take much time.

• Kaspersky Rescue Disk- a program that allows you to clean hard drives from viruses by managing the system. To start working with the program, you need to burn a bootable disk using an ISO image. And then just launch the operating system in the BIOS through it.
• Kaspersky Virus Removal Tool more suitable for novice users and those who have not yet understood the intricacies of the system. It searches for malware on your computer and removes it from the system. However, it cannot cope with all types of viruses.

• Dr.Web CureIt may well replace the previous antivirus program. Its huge disadvantage is that scanning hard drives takes a very long time. Sometimes this can take about ten hours. Of course, such a long scan is a sign that the program carefully scans each file. However, there are not many people willing to spend all day searching for one virus.

Precautionary measures

To protect yourself from hacker attacks through viruses, it is not necessary to install a bunch of special security programs on your computer. It is enough to follow precautions on the network, then not a single malicious file will get onto the device.

• If you receive an important message with an attachment by email, do not rush to open it. First you need to save the attachment to disk, and then run it using any browser. Perhaps, instead of a text document or photo, an executable file was received on the computer.
• Under no circumstances should you run any program that was received by email from an unfamiliar address. Most likely, a hacker file came to the device.
• Even if the attachment came from an already familiar e-mail, you should not rush to open it. First of all, you need to scan it with an antivirus. It is possible that the email address from which the letter came is already infected with malware and now simply sends a newsletter to all saved contacts.
• A sign that the sent attachment will contain a virus may be some sensational news in the message. This is simply a bait to make the user interested in the content and open the infected file out of curiosity.

The main way worms differ from each other is the way the worm spreads. Other signs of difference are the methods of launching a copy of the worm on the infected computer, methods of introduction into the system, as well as polymorphism, stealth and other characteristics inherent in other types of malicious software (viruses and Trojans).

Types of worms

Depending on the way they penetrate the operating system, worms are divided into:

• Mail worms(Mail-Worm) - worms that spread in the format of email messages. In this case, the worm sends either a copy of itself as an attachment to an email, or a link to its file located on some network resource (for example, a URL to an infected file located on a hacked or hacker website). In the first case, the worm code is activated when an infected attachment is opened (launched), in the second - when a link to an infected file is opened. In both cases, the effect is the same - the worm code is activated.
• IM worms(IM-Worm) - worms that use Internet messengers. Known computer worms of this type use the only method of propagation - sending messages to detected contacts (from the contact list) containing a URL to a file located on some web server. This technique almost completely replicates a similar mailing method used by mail worms.
• P2P worms(P2P-Worm) - worms that spread using peer-to-peer file-sharing networks. The operating mechanism of most of these worms is quite simple - to infiltrate a P2P network, the worm only needs to copy itself to a file sharing directory, which is usually located on the local machine. The P2P network takes care of all the rest of the work on spreading the virus - when searching for files on the network, it will inform remote users about this file and provide all the necessary services for downloading the file from the infected computer. There are more complex P2P worms that imitate the network protocol of a specific file-sharing system and respond positively to search requests - while the worm offers a copy of itself for downloading.
• Worms in IRC channels(IRC-Worm). This type of worm, like email worms, has two ways of spreading the worm through IRC channels, repeating the methods described above. The first involves sending a URL to a copy of the worm. The second method is to send an infected file to some network user. In this case, the attacked user must confirm receipt of the file, then save it to disk and open it (run it for execution).
• Network worms(Net-Worm) - other network worms, among which it makes sense to additionally distinguish Internet worms and LAN worms
  • Internet worms- worms that use Internet protocols to spread. Mostly, this type of worm spreads using incorrect processing of basic packets of the TCP/IP protocol stack by some applications.
  • LAN worms- worms spreading via local network protocols