A computer worm
is by definition a self-replicating code that infects computers. They can be malicious or for good use. They use a computer network to get from computer to computer. They can be made to send themselves through emails and other means that the user may not notice. Unlike viruses
do not need to attach to files to get onto computers.Worms
can attack computers to infect them using the latest exploits for that system. This is called a worm
net. This is where the original worm
learns of a new exploit, wheter by means of AI and Exploit-db or by the original creater writing a new exploit to the worm
and sending it out. Each worm
will then copy the source of the worm
it copied from so it can infect more computers. This method of high level attack can keep a single worm
going for many months.
The difference between worms
is that viruses
are there to cause harm on purpose. They can modify or currupt the system. Worms
however can cause harm to the network wheter as to just consume bandwidth or hook computers onto botnets.
Payloads are extra bits of code that make the worm
do more than just copy itself, they can cause harm to the victim like the ExploreZip. This worm
was sent by email to victims, when opened it would copy itself and modify WIN.INI so it is started on started on reboot. It would then look for Outlook and send itself to everyone in the mail contacts. Other payloads were ones that would encrypt a users files then display a pop-up asking the user to pay money to unlock their content or it would be deleted. This is called ransomware which a few worms
Some payload free worms
like the Morris worm
and MyDoom didn’t cause any actual damage but can cause network trouble.
Other payloads are ones like backdoors, keyloggers and RAT, Remote Admin Tool. Backdoors are when a system can be accessed again with need of hacking
as the system has already been attacked. Backdoors are usually shells that stay open for the attacker to use. Keyloggers are script
s that can capture what keys are pressed. It can send reports live to the attacker as the user types or they can be sent to an FTP server when the victim is offline or the attack is offline. The FTP server needs a username and password. The issue with this is that if this code isn’t obfusticated then if the worm
is found and the source opened then the attack may get caught.
A RAT is a program that runs connects the victim to the attacker. Some advance RATs can allow the attacker to use the camera, microphone
and the on screen keyboard. Most let you use a keylogger and several other tools. The best known RAT is DarkComet which can be tied to a worm
to make it very very dangerous.
Not all worms
are bad though. There are worms
that infect computers to patch them. I would make a windows update
r joke here but that’s too obvious. These worms
use user made patches for computers. Some like the Nachi family of worms
, for example, tried to download and install
patches from Microsoft’s website to fix vulnerabilities in the host system–by exploiting those same vulnerabilities. These worms
continued to infect and clean and so on until it hit a dead end and deleted itself. However these worms
would work without the users concent and it rebooted the computer when the update
can now spread though many other means like through social sites such as facebook
by means of clickjacking and LikeJacking sessions. These encourage the victim to do something against their knowing, editing account info or visiting a site via iframe which can infect them.
Protecting from worms
can be easy unless the bad guys have the upper hand. Zero day exploits are exploits that there is no patch for at the moment. These can be very dangerous and could take some time to get to the surface for the company to start fixing. Updating your system, keeping an eye on what needs urgent updates
such as your java which you should update
. Flash aswell as java needs to be monitered to be kept up to date as to protect your system from attack.
My personal favourite worm
is the Blaster Worm
which was written back in 2003 by a team of chinese hackers used to infect american computers. This worms
infects the victim then says it will shut down the computer in 60 seconds. If the user can not react quick enough to kill this process then the computer will shutdown and reboot over and over. This worm
would do one of a few things to infect other computers before shutting down. It would look for Outlook and use that and send itself to others. It would try to hijack an email session cookie for Hotmail or Yahoo. It would try to infect via port scanning the computer was in contact with and try to attack them wheter by wifi
or wired connection.
Well known worms
like the conficker worm
in my opinion got way to much press for what it did. There are severeal versions of the worm
and what was not told to the public was that users who were not infected with Conficker.A-D were not going to get infected with Conficker.E. This lack of information caused global panic and let companies like Symantic run rampid claiming that it was from Russia, it was from the UK, it accused people for writing it, they never found the person, they just proved that they are full of crap and know nothing on anything security as they can’t even do their jobs right.
The Conficker worm
did very little, it blocked users from running some programs that would give it away. It killed processes including an error in the code from Conficker.B that let the worm
kill itself and try to restart itself while it kills itself causing infected computers to overclock after an hour or so of this. This error was fixed in Conficker.C It also stopped the victim from looking up certain words, phrases, sites or IP ranges. The worm
did also opened up the limit as to how much data could be sent on the network. The Conficker family is classed as sevre which is quite strange as it does no real long term damage with a simple fix for it. This is very strange as no other worm
is classed as sevre without doing real damage to the computer. This is proof that media can seriously make things worse when they go talking about stuff they don’t know about.
Media and worms
go about as well together as gas and fire do. When they come together things just blow up and get out of hand. Lack of understanding they are there to report a new unholy worm
that will eat your memory and email your porn to your grandmother. When it will do what the Conficker does, very litt
le. With people who are reporting on these new worms
before experts can even disect the matter. It’s all rush in get some small detail and blow it to all hell and scare half the internet offline. Also relying on companies like Symantic, AVG and Kaspersky have bad track records of keeping things quiet and bad monitering it as they are more focused on profit instead of just trying to catch and stop the worms
This sort of behavior has allowed the bad guys to get the upperhand with new ways of encrypting their methods of attack and moving faster than any company can keep up.
This is a worm
race between who can get which worm
out fastest to the worm
using whatever eploit they can. And an endless fight between which language is the dominant C++ or perl in worm
So all in all the worm
is a fasinating piece of work, a masterpiece of coding which uses the most up to date attacks and is second to none in the world of infections.