Category :


Type :


Aliases :

Worm, Win32.Worm, worm.win32, Worm:W32, Win32.Worm.js, Worm:inf


A program that uses computer or network resources to make complete copies of itself, then distributes the copies to other connected computers or devices.


Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

A worm is a program that replicates by using a computer's resources to make copies of itself, then spreading those copies to any other accessible computers or devices on a connected network.


Worms are often spread disguised as a tantalizing video or image file, or as a legitimate program. This is a common social engineering tactic to trick users into running the file and unwittingly infecting their own device or account.

Worms have been found spreading on almost every kind of network. The most common way they spread is over the Internet or via emails, but mobile networks have also seen their fair share of worms. Social media networks such as Facebook or Twitter and instant messaging channels have also been used to distribute worm copies. In these cases, the worm is usually designed to take control of an account on the social network, rather than a device.

Worms are often classified into sub-types based on the network they use to spread. These are just a few of the possible types:

  • An Email-Worm will spread copies of itself using email messages
  • An IM-Worm spreads through instant messaging (IM) channels
  • An SMS-Worm spreads using the Short Message System (SMS) of telecommunications networks

Usually, worms will focus on spreading over one network â€' for example, just over the Internet or over a specific social media network. Some more advanced worms will try and spread over multiple networks for maximum impact.


A device that has been infected by a worm may have its performance reduced, as the worm is using the machine's resources to copy itself. A network that has multiple infected devices on it may also suffer performance issues, as its bandwidth and resources are taken up by worm copies being distributed to connected devices.

The disruption to the device or network can be severe enough that the device or network cannot function normally. If the device or network belongs to a business or government, the disruption can have severe real-world consequences. In extreme cases, if enough devices or networks are affected in a country or region, the worm is considered an epidemic, or even a pandemic.

Worms may be used offensively by attackers to perform other harmful activities, such as launching Denial of Service (DoS) attacks. They may also be used to deliver other threats, such as trojans.