Articles

Worms

A quick guide to worms - what they are, how they spread and the potential effects of having a worm infection.

A worm is a program that spreads copies of itself to other devices connected to a network.

A worm can cause major disruptions to a network or service if there are too many infected devices on a network sending out worm copies at the same time.

Some of the most notorious worm outbreaks in history include:

How a worm spreads

Designed to spread

What makes a worm different from other kinds of harmful programs is that it is deliberately designed to spread over a network and infect as many connected devices as possible.

Worms have been found on almost every kind of network. The most common way they spread is over the Internet or via emails, but mobile networks have also seen their fair share of worms.

Social media networks such as Facebook or Twitter and instant messaging (IM) channels have also been used to distribute worm copies. In these cases, often the worms are designed to take control of your account on the social network, rather than your device.

Even devices that are not connected to an external network such as the Internet or a mobile network are not entirely immune to a worm's reach, as some are designed to spread on removable media such as USB sticks.

For examples of worms on various networks, see:

Tricking users and exploiting flaws

Worms are often spread disguised as a tantalizing video or image file, or as desirable software. This is a common social engineering tactic to trick you, the user, into running the worm and unwittingly infecting your device or account.

Another common strategy is to spread the worm as a file attached to an email. The email message is usually designed to tease your curiosity and lure you into running the attached file, for example:

"LOL! This video is so cool!"

"See attached file for payment info"

"Urgent: invoice overdue, payment notice in attachment"

Again, if you do open the attached file, the worm is silently installed on your device.

Some worms can also spread by exploiting vulnerabilities in a program or network. This allows it to automatically spread and infect new devices without needing you to perform any action - or if it's stealthy enough, without you noticing the worm at all.

Replicating and other actions

Once installed, the worm will make copies of itself, or replicate. These copies may be identical to the original one, though more sophisticated worms will vary the details of the copies to make them harder to detect.

Once the copies are created, the worm will look through the infected device or account for contacts or connections to other devices on the network. It then sends a copy of itself to any connected devices or accounts it can reach.

Usually, worms will focus on spreading themselves over one network – for example, just over the Internet or over a specific social media network. Some more advanced worms will try and spread over multiple networks for maximum impact.

Many worms are only designed to replicate and spread their copies, but some also perform more malicious actions. These can range from mildly annoying to very damaging, such as:

  • Changing a wallpaper
  • Playing annoying music
  • Stealing information
  • Installing other harmful programs

The cost of a worm infection

Most networks can only handle a certain amount of traffic. If too many infected devices on a network are sending out worm copies, it can cause the entire network to slow down. In extreme cases, the disruption can be so overwhelming that the network is essentially 'frozen' until the infected devices are either disconnected or cleaned.

The effects of a worm outbreak can be financially significant, especially if business or government networks are affected. The cost of cleaning up even a single affected network, in time, labor and lost productivity, can run into the millions.

Worm outbreaks can be significant enough that they disrupt major national or even international networks, as was seen in the 2009 Conficker outbreak which affected an estimated 2.1 million IP addresses around the world.

Worm outbreaks today are no longer the massively disruptive affairs that they used to be, as network administrators have adapted their defenses to quickly recognize and contain an outbreak before it can get out of hand. Still, it's always sensible to keep in mind basic security precautions when you're faced with a new or unexpected program or message, just to avoid being personally troubled by a worm.