One of the most common types of malware is a computer worm. Worms exploit operating system vulnerabilities in order to spread across networks. They generally damage the host networks by consuming bandwidth and overloading web servers. According to Kaspersky Labs, “Worms are stand-alone malicious programs that can self-replicate and propagate via computer networks, without human help.” Not requiring human help distinguishes them from a virus, which requires human assistance.
Most worms are spread via an infected email attachment, malicious link, or through peer-to-peer (P2P) file sharing. Some worms are spread as network packets that directly penetrate your computer’s memory and then activate the worm’s code. Typically, worms infect and explore system and network connections by using networking protocols and missing patches and/or upgrades.
The safest thing to do is to avoid them in the first place by updating software, patching, and disabling unused network protocols. Practicing good cyber hygiene could save you from the worst-case scenario - the need to re-image your entire system.
Preventive measures include:
UPDATES: Updating operating systems and keeping up with other software patches and updates
FIREWALLS: Firewalls that reduce access to systems
ENCRYPTION: File encryption technology to protect sensitive data stored on computers,
servers, and other devices
SCANNING: Scanning the computer with up-to-date antivirus software
CONTAINMENT: Antivirus software to remove any malware, including worms, that it finds and to clean infected files
Worms can contain payloads that damage the host far beyond replicating and spreading. They can use a payload to create a backdoor into the network allowing others to take control, spread spam, perform denial-of-service attacks, and steal or delete your files.
WannaCry ransomware is a worm that exploited a vulnerability in the first version of the Server Message Block (SMBv1) resource sharing protocol implemented in the Windows operating system.
Stuxnet employs a worm component designed to propagate the malware through infected USB devices, as well as malware that targets supervisory control and data acquisition (SCADA) systems widely used in industrial environments, including municipal utilities and water supply services.
The ILOVEYOU virus was one of the most damaging worms on record. It was propagated through several vectors, including email attachments, scripts run in IM chat sessions, and via executables renamed with common system file names.
Symptoms that may indicate the presence of a worm include:
SLOW SPEED: Computer performance issues, including degraded system performance, system freezing or crashing unexpectedly
“GHOST ACTIONS”: Unusual system behavior, including programs that execute or terminate without user interaction; unusual sounds, images or messages; the sudden appearance of unfamiliar files or icons, or the unexpected disappearance of files or icons; warning messages from the operating system or antivirus software; and email messages sent to contacts without user action
Although worms are one of the more common varieties of malware, they can be used to carry a payload that creates a backdoor into your environment. From there, attackers can deploy ransomware, create backdoors into the network, spread spam, perform denial-of-service attacks, and steal or delete your files. Practicing good cyber hygiene and keeping your security solutions up to date will help you keep this malware out of your environment.