Home > Threat descriptions >

Worm (Generic)


Category: Malware

Type: Worm

Aliases: Worm.Generic.[variant], gen:worm.[variant]


A generic detection has identified a program or file that appears to have features or behavior similar to a worm.

Generic detections are broad patterns of code or behavior that are used by security software to identify programs or files. If you suspect the detected file was incorrectly identified, go to: Removal: Resolve a False Positive.


Automatic action

Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.

Resolve a False Positive

Security programs will sometimes unintentionally identify a clean program or file as malicious if its code or behavior is similar to a known harmful program or file. This is known as a False Positive. In most cases, a False Positive is fixed in a subsequent database release. If you suspect the detected file is a False Positive, you can:

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

A worm is a program that replicates by using a computer's resources to make copies of itself, then spreading those copies to any other accessible computers or devices on a connected network.


Worms are often spread disguised as a tantalizing video or image file, or as a legitimate program. This is a common social engineering tactic to trick users into running the file and unwittingly infecting their own device or account.

Worms have been found spreading on almost every kind of network. The most common way they spread is over the Internet or via emails, but mobile networks have also seen their fair share of worms. Social media networks such as Facebook or Twitter and instant messaging (IM) channels have also been used to distribute worm copies. In these cases, the worm is usually designed to take control of an account on the social network, rather than a device.

Usually, worms will focus on spreading over one network – for example, just over the Internet or over a specific social media network. Some more advanced worms will try and spread over multiple networks for maximum impact.


A device that has been infected by a worm may have its performance reduced, as the worm is using the machine's resources to copy itself. A network that has multiple infected devices on it may also suffer performance issues, as its bandwidth and resources are taken up by worm copies being distributed to connected devices.

Worms may be used offensively by attackers to perform other harmful activities, such as launching Denial of Service (DoS) attacks. They may also be used to deliver other threats, such as trojans.

Date Created: -

Date Last Modified: -