- Great Painters
- Accounting
- Fundamentals of Law
- Marketing
- Shorthand
- Concept Cars
- Videogames
- The World of Sports

- Blogs
- Free Software
- Google
- My Computer

- PHP Language and Applications
- Wikipedia
- Windows Vista

- Education
- Masterpieces of English Literature
- American English

- English Dictionaries
- The English Language

- Medical Emergencies
- The Theory of Memory
- The Beatles
- Dances
- Microphones
- Musical Notation
- Music Instruments
- Batteries
- Nanotechnology
- Cosmetics
- Diets
- Vegetarianism and Veganism
- Christmas Traditions
- Animals

- Fruits And Vegetables


  1. Adobe Reader
  2. Adware
  3. Altavista
  4. AOL
  5. Apple Macintosh
  6. Application software
  7. Arrow key
  8. Artificial Intelligence
  9. ASCII
  10. Assembly language
  11. Automatic translation
  12. Avatar
  13. Babylon
  14. Bandwidth
  15. Bit
  16. BitTorrent
  17. Black hat
  18. Blog
  19. Bluetooth
  20. Bulletin board system
  21. Byte
  22. Cache memory
  23. Celeron
  24. Central processing unit
  25. Chat room
  26. Client
  27. Command line interface
  28. Compiler
  29. Computer
  30. Computer bus
  31. Computer card
  32. Computer display
  33. Computer file
  34. Computer games
  35. Computer graphics
  36. Computer hardware
  37. Computer keyboard
  38. Computer networking
  39. Computer printer
  40. Computer program
  41. Computer programmer
  42. Computer science
  43. Computer security
  44. Computer software
  45. Computer storage
  46. Computer system
  47. Computer terminal
  48. Computer virus
  49. Computing
  50. Conference call
  51. Context menu
  52. Creative commons
  53. Creative Commons License
  54. Creative Technology
  55. Cursor
  56. Data
  57. Database
  58. Data storage device
  59. Debuggers
  60. Demo
  61. Desktop computer
  62. Digital divide
  63. Discussion groups
  64. DNS server
  65. Domain name
  66. DOS
  67. Download
  68. Download manager
  69. DVD-ROM
  70. DVD-RW
  71. E-mail
  72. E-mail spam
  73. File Transfer Protocol
  74. Firewall
  75. Firmware
  76. Flash memory
  77. Floppy disk drive
  78. GNU
  79. GNU General Public License
  80. GNU Project
  81. Google
  82. Google AdWords
  83. Google bomb
  84. Graphics
  85. Graphics card
  86. Hacker
  87. Hacker culture
  88. Hard disk
  89. High-level programming language
  90. Home computer
  91. HTML
  92. Hyperlink
  93. IBM
  94. Image processing
  95. Image scanner
  96. Instant messaging
  97. Instruction
  98. Intel
  99. Intel Core 2
  100. Interface
  101. Internet
  102. Internet bot
  103. Internet Explorer
  104. Internet protocols
  105. Internet service provider
  106. Interoperability
  107. IP addresses
  108. IPod
  109. Joystick
  110. JPEG
  111. Keyword
  112. Laptop computer
  113. Linux
  114. Linux kernel
  115. Liquid crystal display
  116. List of file formats
  117. List of Google products
  118. Local area network
  119. Logitech
  120. Machine language
  121. Mac OS X
  122. Macromedia Flash
  123. Mainframe computer
  124. Malware
  125. Media center
  126. Media player
  127. Megabyte
  128. Microsoft
  129. Microsoft Windows
  130. Microsoft Word
  131. Mirror site
  132. Modem
  133. Motherboard
  134. Mouse
  135. Mouse pad
  136. Mozilla Firefox
  137. Mp3
  138. MPEG
  139. MPEG-4
  140. Multimedia
  141. Musical Instrument Digital Interface
  142. Netscape
  143. Network card
  144. News ticker
  145. Office suite
  146. Online auction
  147. Online chat
  148. Open Directory Project
  149. Open source
  150. Open source software
  151. Opera
  152. Operating system
  153. Optical character recognition
  154. Optical disc
  155. output
  156. PageRank
  157. Password
  158. Pay-per-click
  159. PC speaker
  160. Peer-to-peer
  161. Pentium
  162. Peripheral
  163. Personal computer
  164. Personal digital assistant
  165. Phishing
  166. Pirated software
  167. Podcasting
  168. Pointing device
  169. POP3
  170. Programming language
  171. QuickTime
  172. Random access memory
  173. Routers
  174. Safari
  175. Scalability
  176. Scrollbar
  177. Scrolling
  178. Scroll wheel
  179. Search engine
  180. Security cracking
  181. Server
  182. Simple Mail Transfer Protocol
  183. Skype
  184. Social software
  185. Software bug
  186. Software cracker
  187. Software library
  188. Software utility
  189. Solaris Operating Environment
  190. Sound Blaster
  191. Soundcard
  192. Spam
  193. Spamdexing
  194. Spam in blogs
  195. Speech recognition
  196. Spoofing attack
  197. Spreadsheet
  198. Spyware
  199. Streaming media
  200. Supercomputer
  201. Tablet computer
  202. Telecommunications
  203. Text messaging
  204. Trackball
  205. Trojan horse
  206. TV card
  207. Unicode
  208. Uniform Resource Identifier
  209. Unix
  210. URL redirection
  211. USB flash drive
  212. USB port
  213. User interface
  214. Vlog
  215. Voice over IP
  216. Warez
  217. Wearable computer
  218. Web application
  219. Web banner
  220. Web browser
  221. Web crawler
  222. Web directories
  223. Web indexing
  224. Webmail
  225. Web page
  226. Website
  227. Wiki
  228. Wikipedia
  229. WIMP
  230. Windows CE
  231. Windows key
  232. Windows Media Player
  233. Windows Vista
  234. Word processor
  235. World Wide Web
  236. Worm
  237. XML
  238. X Window System
  239. Yahoo
  240. Zombie computer

This article is from:

All text is available under the terms of the GNU Free Documentation License: 

Computer worm

From Wikipedia, the free encyclopedia

(Redirected from Worm (computing))

A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computer terminals on the network) and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program. Worms always harm the network (if only by consuming bandwidth), whereas viruses always infect or corrupt files on a targeted computer.

Naming and history

The name 'worm' comes from The Shockwave Rider, a science fiction novel published in 1975 by John Brunner. Researchers John F Shoch and John A Hupp of Xerox PARC chose the name in a paper published in 1982; The Worm Programs, Comm ACM, 25(3):172-180, 1982), and it has since been widely adopted.

The first implementation of a worm was by these same two researchers at Xerox PARC in 1978.[1] Shoch and Hupp originally designed the worm to find idle processors on the network and assign them tasks, sharing the processing load, and so improving the 'CPU cycle use efficiency' across an entire network. They were self-limited so that they would spread no farther than intended. [2]

Though it was technically a Trojan horse, the Christmas Tree Worm was likely the first worm on a worldwide network, spreading across both IBM's own international network and BITNET in December 1987, bringing both networks to their knees.

An early worm on the Internet, and the first to attract wide attention, was the Morris worm. It was also termed 'The Internet Worm' by Peter Denning in an article in American Scientist (March-April, 1988) in which he distinguished between a virus and a worm, thereby becoming an early computer zoologist. His definition was more restricted than that of some other computer zoologists of the time (McAfee and Haynes, Computer Viruses, Worms, Data Diddlers, ..., St Martin's Press, 1989). The Morris worm was written by Robert Tappan Morris, at the time a computer science graduate student at Cornell University, and released on November 2, 1988 using a friend's account on a Harvard University computer. It quickly infected large numbers of computers attached to the Internet and caused massive disruption. That it didn't spread even farther and cause more trouble is largely due to some errors in its implementation. It propagated via several bugs in BSD Unix and related systems, and its component programs (including several versions of 'sendmail'). Morris was identified, confessed, and was later convicted under the US Computer Crime and Abuse Act. He received three years probation, 400 hours community service and a fine in excess of $10,000.

Types of computer worms

Email Worms Spread via email messages. Typically the worm will arrive as email, where the message body or attachment contains the worm code, but it may also link to code on an external website. Poor design[3] aside, most email systems requires the user to explicitly open an attachment to activate the worm, but "social engineering" can often successfully be used to encourage this; as the author of the "Anna Kournikova" worm set out to prove[4]. Once activated the worm will send itself out using either local email systems (e.g. MS Outlook services, Windows MAPI functions), or directly using SMTP. The addresses it sends to are often harvested from the infected computers email system or files. Since Klez.E in 2002[5], worms using SMTP typically fake the sender's address, so recipients of email worms should assume that they are not sent by the person listed in the 'From' field of e-mail message (sender's address).

Instant messaging worms The spreading used is via instant messaging applications by sending links to infected websites to everyone on the local contact list. The only difference between these and email worms is the way chosen to send the links.

IRC worms Chat channels are the main target and the same infection/spreading method is used as above — sending infected files or links to infected websites. Infected file sending is less effective as the recipient needs to confirm receipt, save the file and open it before infection will take place.

File-sharing networks worms Copies itself into a shared folder, most likely located on the local machine. The worm will place a copy of itself in a shared folder under a harmless name. Now the worm is ready for download via the P2P network and spreading of the infected file will continue.

Internet worms Those which target low level TCP/IP ports directly, rather than going via higher level protocols such as email or IRC. A classic example is "Blaster" which exploited a vulnerability in Microsoft's RPC. An infected machine aggressively scans random [6] computers on both its local network[7] and the public Internet attempting an exploit against port 135 which, if successful, spreads the worm to that machine.


Many worms have been created which are only designed to spread, and don't attempt to alter the systems they pass through. However, as the Morris worm, and Mydoom showed, the network traffic and other unintended effects can often cause major disruption. A "payload" is code designed to do more than spread the worm - it might delete files on a host system (eg the ExploreZip worm), encrypt files in a cryptoviral extortion attack, or send documents via e-mail. A very common payload for worms is to install a backdoor in the infected computer to allow the creation of a "zombie" under control of the worm author - Sobig and Mydoom are examples which created zombies. Network of such machines are often referred to as botnets and are very commonly used by spam senders for sending junk email or to cloak their website's address.[8] Spammers are therefore thought to be a source of funding for the creation of such worms [9] [10], and worm writers have been caught selling lists of IP addresses of infected machines.[11] Others try to blackmail companies with threatened DoS attacks.[12]]

Backdoors, however they may be installed, can be exploited by other malware, including worms. Examples include Doomjuice, which spreads using the backdoor opened by Mydoom, and at least one instance of malware taking advantage of the rootkit backdoor installed by the Sony/BMG DRM software they put on millions of music CDs ending in late 2005.

Worms with good intent

Whether worms can be useful is a common conundrum amongst theorists in computer science and artificial intelligence, beginning with the very first research into them at Xerox PARC. The Nachi family of worms, for example, tried to download then install patches from Microsoft's website to fix various vulnerabilities in the host system—the same vulnerabilities the Nachi worm itself exploited. This eventually made the systems affected more secure, but generated considerable network traffic (sometimes more traffic than the worms they were protecting against), rebooted the machine in the course of patching it, and, most importantly, did its work without the explicit consent of the computer's owner or user. As such, most security experts regard worms as malware, whatever their payload or their writers' intentions.

Protecting against computer worms

Worms mainly spread by exploiting vulnerabilities in operating systems, or by tricking users to assist them.

All vendors supply regular security updates[13] (see "Patch Tuesday"), and if these are installed to a machine then the majority of worms are unable to spread to it. If a vendor acknowledges a vulnerability but has yet to release a security update to patch it a zero day exploit is possible, but these are relatively rare.

Users need to be wary of opening unexpected email, and certainly should not run attached files or programs, or visit web sites which such email link to. However, as the ILOVEYOU showed long ago, and phishing attacks continue to prove, tricking a percentage of users will always be possible.

Anti-virus and anti-spyware software are helpful, but must be kept up-to-date with new pattern files at least every few days.

Mitigation techniques

  • TCP Wrapper/libwrap enabled network service daemons
  • ACLs in routers and switches
  • Packet-filters

See also

  • Timeline of notable computer viruses and worms
  • Spam
  • Spy software


  1. ^
  2. ^ Worm (Tapeworm) - The first description of a set of computer codes that moves from one computer to another on a network as a coherent entity.
  3. ^
  4. ^,1282,41782,00.html
  5. ^ F-Secure Virus Descriptions: Klez.E
  6. ^
  7. ^
  8. ^
  9. ^,1367,60747,00.html
  10. ^
  11. ^
  12. ^
  13. ^ [1]

External links

  • The Wildlist - List of viruses and worms 'in the wild' (i.e. regularly encountered by anti-virus companies)
  • Worm parasites - Listed worm descriptions and removal tools.
  • Jose Nazario discusses worms - Worms overview by a famous security researcher.
  • Computer worm suspect in court
  •'s Malware Removal Guide - Guide for understanding, removing and preventing worm infections
  • John Shoch, Jon Hupp "The "Worm" Programs - Early Experience with a Distributed Computation"
  • RFC 1135 The Helminthiasis of the Internet
  • Surfing Safe - A site providing tips/advice on preventing and removing viruses.
  • Computer Worms Information
  • The Case for Using Layered Defenses to Stop Worms David Albanese, Michael Wiacek, Christopher Salter, Jeffrey Six 2004

Retrieved from ""