A computer worm is a standalone malware program that copies itself in order to spread to other devices. Using networks and security flaws to gain access to its targets. Worms will often cause damage to any network they use, sometimes in the form of bandwidth usage. Unlike viruses which almost always corrupt or change files.
Worms – masters of replication
They are designed to spread. Worms can send themselves to everyone in your email contacts, everyone in their contacts list, and so on. They can spread exponentially, which is why they can be so dangerous. Worms have even affected computer networks worldwide severely slowing down the internet in some cases.
Worms spread by exploiting vulnerabilities in operating systems, system software, and network security. They can be coded to do more than just spread, sometimes having what is known as a payload added to them. The payload might delete files, encrypt files like in a ransomware attack, or steal data like passwords and other precious documents. The most common payload is to install backdoor access to allow the worms creator to remotely control the computer.
One of the most notorious worms we’ve seen so far is the one that spreads WanaCrypt0r ransomware. Using a vulnerability in the SMB windows function (now patched), a protocol used typically for shared network access. After exploiting that vulnerability the worm makes a few checks, then begins installing and running services to initialize the crypto API to encrypt and lockdown your files.
Users need to be practiced in identifying unsafe emails, websites, and files. As we’ve covered in a previous blog post(Phishing – Identifying email scams and prevention), there are a few ways to identify fraudulent emails. It is always recommended that you keep your operating system and software as up to date as possible. As well as any anti-virus or anti-malware programs you have installed. Firewalls are an excellent source of protection for your network, and can significantly lower your chances of attacks getting through.