Worm (Generic)

Classification

Category :

Malware

Type :

Worm

Aliases :

Worm.Generic.[variant], gen:worm.[variant]

Summary

A generic detection has identified a program or file that appears to have features or behavior similar to a worm.

Security programs use generic detections that look for broad patterns of code or behavior to identify similar programs or files. If you suspect the file was incorrectly detected, go to: Removal: Suspect a file is incorrectly detected (a False Positive)?.

Removal

Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

A worm is a program that replicates by using a computer's resources to make copies of itself, then spreading those copies to any other accessible computers or devices on a connected network.

Installation

Worms are often spread disguised as a tantalizing video or image file, or as a legitimate program. This is a common social engineering tactic to trick users into running the file and unwittingly infecting their own device or account.

Worms have been found spreading on almost every kind of network. The most common way they spread is over the Internet or via emails, but mobile networks have also seen their fair share of worms. Social media networks such as Facebook or Twitter and instant messaging (IM) channels have also been used to distribute worm copies. In these cases, the worm is usually designed to take control of an account on the social network, rather than a device.

Usually, worms will focus on spreading over one network â€' for example, just over the Internet or over a specific social media network. Some more advanced worms will try and spread over multiple networks for maximum impact.

Impact

A device that has been infected by a worm may have its performance reduced, as the worm is using the machine's resources to copy itself. A network that has multiple infected devices on it may also suffer performance issues, as its bandwidth and resources are taken up by worm copies being distributed to connected devices.

Worms may be used offensively by attackers to perform other harmful activities, such as launching Denial of Service (DoS) attacks. They may also be used to deliver other threats, such as trojans.