So, what exactly is a computer WORM?
What actually do you know a Worm?
A computer WORM is a self-replicating program, and it able to spread and propagate itself across a network, typically having a detrimental effect.
Host computer that have been affected by worms will be entirely contained in the computer they run on and they will use network connections start to propagate themselves to other computers. Network computer worms consist of multiple parts called 'segments', each running on different machines, possibly performing different actions, and using the network for several communication purposes. Propagating a segment from one machine to another is only one of those purposes.
Worms: this type of Malware uses network resources for spreading. This class was called worms because of its peculiar feature to spread from computer to computer using network, mail and other informational channels in a very high spreading speed.
Worms intrude your computer, calculate network addresses of other computers and send to these addresses its copies. Besides network addresses, the data of the mail clients' address books is used as well. Representatives of this Malware type sometimes create working files on system discs, but may not deploy computer resources (except the operating memory).
A computer worm is different from its other infamous sibling - the virus. A worm does not infect or manipulate files, it makes clones of itself. Therefore a worm is a standalone working program. It can use the system transmission capabilities to travel from machine to machine merrily riding around like a happy-go-lucky vagabond. A worm, after lodging itself on one machine can spawn several clones of itself. Each of these clones then marches forth to conquer the cyber world.
How does the worms spread itself through the internet and network connections?
Haven you ask yourself, how and where do newly cloned computer worms going march to? A worm can open your email address book and, in a jiffy, despatch one clone each to each of the addresses listed. Of course, the machine has to be connected to the net. If it is not, the worm silently bides it time till the connection takes place. Chats and Instant messaging software like MIRC, MSN Messenger, Yahoo IM and ICQ can also act as unwitting carriers enabling the worm to spread like wildfire throughout the cyber world (the "Jitux" worm is an example). Every operating system has vulnerabilities which are thoroughly exploited by worms to propagate themselves. Windows systems are the usual target. A very prominent example of this is the Sasser worm which uses security holes in the Windows LSASS service.
Other worms spread only by using Backdoor infected computers. E.g. the "Bormex" worm relies on the "Back Orifice" backdoor to spread. There is a facility available within peer-to-peer networks known as the P2P folder which all users of the network share. A worm can simply copy itself into the shared folder and quietly wait for the other users to pick it up. If the folder does not exist, the worm simply creates it for the benefit of the users! How benevolent can worms be! In the hall of hoodlums, worm "Axam" gets top honours for such devious activity.
Some worms take on even more deceptive forms to snare users. Sending emails with malicious code embedded within the main text or as an attachment. Some worms act as SMTP proxies (Sircam, Nimda, Sasser & co) to spread quickly. Worms can attempt remote logins (especially on Microsoft SQL servers - the "Spida" worm does this quite elegantly!) to launch DDoS (distributed denial of service) attacks. Another favourite is injecting malicious code in running services on the server like "Slammer". Phew! The arsenal available to these worms is huge and ever growing.
Worms that will be remembered for generations to come for the damage they did to global commerce are Sasser, MyDoom, Sober, Blaster, Code Red, Melissa, and the Loveletter worm. Apart from the sleepless nights it caused the government and industry backed sleuths trying to track the worm, billions of dollars went down the drain to control their menace. The face of internet surfing and computerized operations was radically changed due to these worms.
What exactly is the nature of havoc that these worms bring to bear upon us? Well, Denial of service (DoS) is one situation that users of a server may find themselves in thanks to these programs. Unlike viruses, many worms do not intend to destroy the infected computer. More often than not they have a more important job to do - subvert the computer so that the worm's creator can use it often without the owner of the computer knowing anything about it.
Worm writers nowadays work together with Spammers (they make a nice twosome, don't they?) to send out unsolicited emails to increasingly overloaded inboxes. Their worms install backdoor Trojans to convert the home computer into a "zombie". The countless variants of the "Bagle" worm are the best known examples.
"Phishing" was the lastest fad in town. It tries to prise those secret password of bank accounts and credit cards from you......start to scared of it?!
No comments:
Post a Comment