Google+ Badge

Sunday, June 29, 2008

Worm Viruses, Deadliest Of All

Of the three most common types of malware (malware is short for malicious software, i.e. designed to harm) - viruses, Trojans and worms - the latter is the most harmful because only worms can function without human intervention.

Worms, like viruses, replicate themselves but unlike viruses are completely self-contained. Viruses need a 'host program' to spread, but worms propagate independently.

Though they can be designed to do the same kind of harm (file deletion, program corruption, etc), worms usually affect networks. Networks operate by means of servers and routers. The Internet is just a large set of mutually cooperating public computer networks.

Servers are similar to PC's, though usually faster and with more storage and other resources. They 'serve' other systems by making those resources available to multiple users. Routers are just specialized servers, typically of different hardware and operating systems, used to route network traffic. Hence the name.

Worms can be released into a network and their self-replication behavior causes damage. Since routers use memory, processor time, etc worms - like viruses - can overwhelm them, causing them to slow down and become unstable. Viruses don't have to delete files to do harm, they can cause the CPU - central processing unit, used to run programs - to be constantly busy. That leaves no resources for other programs to run.

Worms often carry 'payloads' - other types of malware such as spyware or backdoor installation programs. Spyware is used to monitor your computer activities and backdoors are hidden access points to your computer which can be exploited by hackers to send spam or steal data from your computer.

The fastest spreading worm ever was 'MyDoom'. First released in January 2004, it was distributed by e-mail and contained the message "andy; I'm just doing my job, nothing personal, sorry."

The author was never been discovered, but many believe it was designed to attack software company SCO (Santa Cruz Operation). Programmed to flood SCO's web site with Internet traffic, it quickly spread to the Internet at large causing a world-wide slowdown.

For individual computer users, the worm's payload is the biggest threat. Payloads can be designed to work around computer security by turning off antivirus functions or opening up computer ports. Ports are used by network software to move data in and out. Once done, the computer is open to data theft or malicious acts such as deleting files.

De-Worming

Firewalls are moderately effective in protecting your computer against worms. They can be set up to restrict network traffic and can help to 'cloak' your computer. If your computer can't be 'seen' it can't be infected with worms which spread over networks.

However, worms are also distributed in e-mail attachments so use caution when opening mail from unknown recipients or when someone known sends unexpected files.

Despite your best precautions, your system may become infected. You may notice your computer acting sluggish or rebooting on its own. Internet access may become very slow.

If you suspect your computer is infected with a worm, scan your system with antivirus software. If it fails to remove the worm, instructions for manual removal can be found on the Internet.