Computer Worm Report

By: Melissa Grant

Definition/Explanation:
Is a standalone malware computer program that
replicates itself in order to spread to other computers. Often,
it uses a computer network to spread itself, relying on
security failures on the target computer to access it. Unlike a
computer virus, it does not need to attach itself to an existing
program. Worms utilize networks to send copies of the
original code to other computers, causing harm by consuming bandwidth or possibly deleting files or
sending documents via email. Worms can also install backdoors on computers. Worms are often confused
with computer viruses; the difference lies in how they spread. Computer worms self-replicate and spread
across networks, exploiting vulnerabilities, automatically; that is, they dont need a cybercriminals
guidance, nor do they need to latch onto another computer program. As such, computer worms pose a
significant threat due to the sheer potential of damage they might cause. A particularly notorious incident
occurred in 1988. A computer worm since named the Morris worm caused hundreds of thousands, if not
millions, of dollars in damage, and its creator was convicted under the Computer Fraud and Abuse Act.
The actual term "worm" was first used in John Brunner's 1975 novel, The Shockwave Rider. In that
novel, Nicholas Haflinger designs and sets off a data-gathering worm in an act of revenge against the
powerful men who run a national electronic information web that induces mass conformity. "You have
the biggest-ever worm loose in the net, and it automatically sabotages any attempt to monitor it... There's
never been a worm with that tough a head or that long a tail!. The U.S. Court of Appeals estimated the
cost of removing the virus from each installation was in the range of $20053,000, and prompting the
formation of the CERT Coordination Center.

Paths to infection:
There are at least 3 different types of computer worms. There are Email Worms, Internet worms,
Network Worms. All these worms have a different path to go through but at the end of the day they are all
worms. First the email worms.

Email Worms
Email worms spread through email messages. Essentially, an
email message with an attachment arrives in a mailbox and when the
user downloads and executes that attachment, the worm creates a new
email message with a copy of itself attached and mails itself to one or
more other email addresses. Some email worms such as Nimda can
run by themselves without any intervention from the user, and may
even infect the computer from the preview pane. Details like the
alleged sender, subject, message, attachment name and file type, payload (if any), and method of finding
email addresses to send itself to can be radically different.

Internet Worms
Internet worms spread directly over the Internet. The worm searches for open ports on the
Internet and sends itself to other systems. Most of the major worms exploit known vulnerabilities to
spread. Some consider these worms to be the only "true" worms, as they require absolutely no user
intervention to spread. Morris, Slammer, CodeRed, Blaster and Sasser are a few examples of prominent
internet worms.

Network Worms
Network worms spread over network shares. Usually a network worm is also an email, Internet or
other type of worm, as it would not spread very far if it were restricted to a local network. Network
worms are designed to cause chaos on a local, regional or even national scale, and on large-scale
networks can spread rapidly over the course of even a few minutes. An example of a network worm is
Bumerang.
There are actually a few more worms, but these three are the most important and most common that are
most likely to happen. Worms are insidious and self-spreading software applications, which can infect
many computers over a network - without human involvement - by using specific security holes to
replicate themselves. The worm scans the network for another machine that has a specific security hole,
and uses it to copy itself to the new machine before replicating from there. Through this method,
computer worms spread much faster than computer viruses.

Computer Worms
Most known computer worms are spread in one of the following ways:

Files sent as email attachments

Via a link to a web or FTP resource
Via a link sent in an ICQ or IRC message
Via P2P (peer-to-peer) file sharing network

Some worms are spread as network packets. These directly penetrate the computer memory, and the
worm code is then activated. Computer worms can exploit network configuration errors (for example, to

copy themselves onto a fully accessible disk) or exploit loopholes in operating system and application
security. Many worms will use more than one method in order to spread copies via networks.

Methods to Cure Infection:

1. Make sure you are using an anti-virus program and that the anti-virus program is updated. If you
do not currently have an anti-virus installed, you should install one right away.

There are several steps that should be taken for computer worm removal. It is important to
disconnect the computer from the internet and any local area networks before taking any other
actions for worm removal. In order to prevent spreading of the worm, use a non-infected
computer to download any updates or programs required and then installs them on the infected
machine via an external storage device. Once the computer is disconnected:

Check that all antivirus signatures are up-to-date.

Scan the computer with antivirus software.
If the scan detects a computer worm or other malware, use the software to remove
malware and clean or delete infected files. A scan that detects no malware is usually
indicative that symptoms are being caused by hardware or software problems.
Check that the computers operating system is up-to-date and all software and
applications have current patches installed.
If a worm is difficult to remove, check online for specific computer worm removal
utilities.

Ways to prevent infection:

It can be difficult to get rid of malware like viruses, Trojans, and worms once they infect
a system, so its always best to prevent them from getting onto your computer in the first place.
Use a personal firewall to block external access to network services. Its easy to forget
about this part of your protection, but it is very important. Without a firewall your computer
system is fully exposed to attack on the Internet, particularly when you are using public Wi-Fi
systems at cafes and your local library. You should use care when clicking on links in social
media and email messages. If you dont know where the messages came from or you do know
but dont trust the senders, then dont click on the links. Of course its easy to make a mistake in
this regard so you should have good anti-malware protection installed on your computer.

10 Ways to avoid viruses and spyware:

Install quality antivirus
Many computer users believe free antivirus applications, such as those included with an Internet
service provider's bundled service offering, are sufficient to protect a computer from virus or
spyware infection.

Install real-time anti-spyware protection

Many computer users mistakenly believe that a single antivirus program with integrated
spyware protection provides sufficient safeguards from adware and spyware. Others think free antispyware applications.

Keep anti-malware applications current

Antivirus and anti-spyware programs require regular signature and database updates. Without
these critical updates, anti-malware programs are unable to protect PCs from the latest threats.

Perform daily scans

Occasionally, virus and spyware threats escape a system's active protective engines and infect a
system. The sheer number and volume of potential and new threats make it inevitable that particularly
inventive infections will outsmart security software.

Disable autorun
Many viruses work by attaching themselves to a drive and automatically installing themselves
on any other media connected to the system.

Disable image previews in Outlook

Simply receiving an infected Outlook e-mail message, one in which graphics code is used to
enable the virus' execution, can result in a virus infection.

Don't click on email links or attachments

It's a mantra most every Windows user has heard repeatedly: Don't click on email links or
attachments. Yet users frequently fail to heed the warning.

Surf smart
Many business-class anti-malware applications include browser plug-ins that help protect
against drive-by infections, phishing attacks (in which pages purport to serve one function when in fact
they try to steal personal, financial, or other sensitive information), and similar exploits.

Use a hardware-based firewall

Technology professionals and others argue the benefits of software- versus hardware-based
firewalls. Often, users encounter trouble trying to share printers, access network resources, and perform
other tasks when deploying third-party software-based firewalls.

Deploy DNS protection

Internet access introduces a wide variety of security risks. Among the most disconcerting may be
drive-by infections, in which users only need to visit a compromised Web page to infect their own PCs
(and potentially begin infecting those of customers, colleagues, and other staff).

http://www.pctools.com/security-news/what-is-a-computer-worm/
https://en.wikipedia.org/wiki/Computer_worm
http://malware.wikia.com/wiki/Worm
https://usa.kaspersky.com/internet-security-center/threats/computer-viruses-vsworms#.WCnoU3pKXeo
https://www.veracode.com/security/computer-worm
http://blog.trendmicro.com/what-are-worms-and-how-can-i-protect-myself-from-them/
http://www.techrepublic.com/blog/10-things/10-ways-to-avoid-viruses-and-spyware/