A quick guide to computer worms - what they are, how they spread and the potential effects of having a worm infection.
What is a Worm?
A worm is a type of malicious program that spreads copies of itself to other devices over a network. Though worms are most often seen on computer systems, they can also infect mobile devices.
Spreading over networks
Worms can theoretically can be transmitted over any kind of network. The Internet, e-mail systems and instant messaging (IM) channels are the most common networks used to spread worms to computer users, but SMS or MMS messages and Bluetooth transmissions have also been used to distribute worms to mobile users.
Worms can also affect the accounts of users connected to social media networks, such as Facebook or Twitter. Even devices unconnected to the Internet or mobile networks are not entirely immune to a worm's reach, if it is designed to spread on removable media such as USB sticks.
To convince users to run or install the malware themselves, worm authors will often disguise the program as a tantalizing video, image or software. These are then distributed with an accompanying message ("LOL! This video is so cool!" or "See attached file for payment info") designed to pique the user's curiosity and lure them into running the attached file. If the user does so, then the worm is silently installed on the device.
Some worms may also spread by exploiting vulnerabilities in an installed program or network. This allows them to automatically spread and infect new machines without any user action needed at all.
Flooding the network
Once installed, the worm will replicate itself. These copies may be identical to the original sample, though more sophisticated worms will vary the details of the copies to make them harder to detect. To spread its copies, worms often exploit a vulnerability, either in the operating system or in an installed program. Usually, worms will focus on spreading themselves over one network – for example, just over the Internet – but more advanced worms will try and spread over multiple networks for maximum impact.
A worm typically creates its biggest impact by the way it spreads, since this can generate a significant amount of network traffic. If multiple infected machines on a single network are sending out worm copies, the stability of the network may suffer. In extreme cases, worms can overwhelm the network's capacity, preventing normal access until the worm has completed its distribution routine.
Many worms are only designed to replicate and spread their copies, but some also perform more malicious actions. These can range from something as simple as changing a wallpaper, to more damaging actions like stealing information or installing other malware.
The cost of network disruptions
The effects of a worm outbreak can be financially significant, especially if business or government networks are affected. Worm outbreaks can be significant enough to disrupt major national or even international networks, as was seen in the 2009 Conficker outbreak which affected an estimated 2.1 million IP addresses around the world. The cost of cleaning up even a single affected network, in time, labor and lost productivity, can run into the millions.
Worm outbreaks still occasionally occur, though they nowadays they are more often seen on social media networks and involve exploits of vulnerabilities. As these networks take prompt action to correct the issues, these outbreaks have been smaller in scale than the massive disruptions we saw in the past. Still, user vigilance is always recommended to avoid being personally troubled by this type of malware.