There are many types of computer malware within the world, each with their own capabilities and purpose. One such type of malware is a worm. While their pink, earth-loving namesakes may be mostly innocent, computer worms are anything but. Much like the animal, computer worms are able to burrow deep into a network and can be difficult to contain.
What is a Worm?
The National Institute of Standards and Technology defines a worm as a “computer program that can run independently, can propagate a complete working version of itself onto other hosts on a network, and may consume computer resources destructively” (CSRC). Essentially, a worm can clone or duplicate itself and then send this new copy through your network to any other devices that might be connected. Notably, worms are able to replicate and cause damage “without human activation after breaching a system”; once a worm is on your machine, it becomes infected, even if you never actually caused it to run (Malwarebytes). Then, without you even touching it, the worm will spread to other devices “through your Internet or LAN (Local Area Network) connection” (Malwarebytes). Thus, if you have multiple devices connected to the same Wi-Fi network, they are all at risk if just one of them becomes infected with a worm.
Malwarebytes identifies worms as being “a subset of the Trojan horse malware”, citing that worms often employ social engineering in order to get unsuspecting users to download them, much like a Trojan horse (Malwarebytes). The primary difference, however, is that a Trojan horse tends to masquerade as a legitimate piece of software in order to trick users, while worms usually do not. Furthermore, many people often refer to a computer worm as a type of virus, but this is actually not the case; the “defining difference between a virus and a worm is that viruses rely on human action for activation and need a host system to replicate” (Malwarebytes). Viruses and worms are both types of malware, but a worm is not a virus.
Malwarebytes also has this helpful short video that goes over the basics of a worm:
There are many ways that a worm is able to spread to other devices. On their website, Malwarebytes has a listing of key methods or ways in which worms spread:
Malwarebytes
- Phishing: Fraudulent emails that look authentic can carry worms in corrupt attachments. Such emails may also invite users to click malicious links or visit websites designed to infect users with worms.
- Spear-Phishing: Targeted phishing attempts can carry dangerous malware like ransomware cryptoworms.
- Networks: Worms can self-replicate across networks via shared access.
- Security holes: Some worm variants can infiltrate a system by exploiting software vulnerabilities.
- File sharing: P2P file networks can carry malware like worms.
- Social networks: Social platforms like MySpace have been affected by certain types of worms.
- Instant messengers (IMs): All types of malware, including worms, can spread through text messages and IM platforms such as Internet Relay Chat (IRC).
- External devices: Worms can infect USB sticks and external hard drives.
In addition, Kaspersky lists the following as additional methods for transmission:
Kaspersky
- “Internet: Via links to infected websites; generally hidden in the website’s HTML, so the infection is triggered when the page loads on your browser…
- Downloads & FTP Servers: These worms may initially start in downloaded files or individual FTP files, but if not detected, can spread to the server and, thus, through all outbound FTP transmissions.
What Damage Can a Worm Cause?
As stated previously, “worms don’t require the activation of their host file”; thus, “[o]nce a worm has entered your system, … it can then run, self-replicate, and propagate without a triggering event (like opening the infected file)” (Kaspersky). This allows a worm to easily “infect any inadequately protected computers and servers that connect (via the network or internet) to the originally infected device. Because each subsequent copy of a worm repeats this process of self-replication, execution, and propagation, worm-based infections spread rapidly across computer networks and the internet at large when deployed” (Kaspersky). In some cases, it can be difficult to de-worm a network due to how rapidly a worm can spread across it unless proper precautions/security measures are taken.
Worms do more than just spread, however. They also can “drop other malware like spyware or ransomware, consume bandwidth, delete files, overload networks, steal data, open a backdoor, [and] deplete hard drive space” (Malwarebytes). It is not uncommon for a worm to be paired with other more sinister forms of malware in order to majorly disrupt networks or computer systems. Worms can be especially detrimental for smaller or personal networks, since they are less likely to have data backed up via offline methods, but they are also a huge difficulty for large networks due to the rapid rate at which they spread.
Despite being different types of software, “many of the symptoms of a computer worm are like that of a computer virus” (Malwarebytes). If you notice that “your computer slows down, freezes, crashes or throws up error messages”, “that files are missing or corrupted”, “that your hard drive’s space is rapidly depleting inexplicably”, or “alerts from your firewall about a breach”, then you may be infected with a worm (Malwarebytes).
What Do I Do If I Get Infected with a Worm?
If you discover that your device is infected with a worm, it is best to disconnect it from any and all networks it may be connected to. Similarly, it is not a bad idea to disconnect any other devices that are connected to the same network but have yet to be infected. This, however, becomes difficult as the network grows larger, which is why worms can be difficult to contain. Luckily, despite the hassle that worms can cause both large and small networks, “computer worms can be stopped with the right antivirus and anti-malware software and safe computing practices”, such as avoiding suspicious websites and phishing emails (Malwarebytes). In addition, as some worms are specifically designed to exploit flaws in a computer’s operating system, you should “keep up to date with all OS and application updates and patches” (Kaspersky).
Resources & Further Reading
CSRC. “Worm – Glossary: CSRC.” Computer Security Resource Center, National Institute of Standards and Technology, csrc.nist.gov/glossary/term/worm.
Kaspersky. “What’s the Difference between a Virus and a Worm?” Usa.Kaspersky.Com, AO Kaspersky Lab, 5 Dec. 2023, usa.kaspersky.com/resource-center/threats/computer-viruses-vs-worms.
Malwarebytes. “What Is a Computer Worm?” Malwarebytes, Malwarebytes, 3 Nov. 2023, www.malwarebytes.com/computer-worm.
The H.A.C.K.E.R. Project 
Leave a comment