Worm

Worms are computer applications that can reproduce itself. Worm uses network to send a copy to other nodes (computer terminals in the network) and can do so without user intervention at all. Unlike a virus, worm does not need to smuggle himself there is no application. Worm almost be cause damage to the network, although only the bandwidth that is, where the virus almost always destroy or alter files on the target computer.

Name and history

Naming worm comes from The Shockwave Rider ', a science fiction novel published in 1975 by John Brunner. Researchers John F Shock and Jon A Hupp of wilhen PARC chose the name in the paper published in 1982; The Worm Programs, Comm ACM, 25 (3) :172-180, 1982), and then used widely.

Implementation of the worm was first applied by two researchers at Zerox PARC in 1978. Shoch and Hupp make worm to identify a processor idle (does not work) on the network and give the task in the processor, the load share the execution process, increasing the 'CPU cycle use efficiency' in the network. Worm has a limitation that programed therein, so that will not spread to the wider are of the specified.


Payload

Many worms have only made the distribution function, and does not try to change the system passed. However, since the Morris Worm and Mydoom appears, network traffic and unwanted effects can cause other serious. A 'payload' is the term used to mention the code carried by the worm and are designed to damage the system that passed - the code that may remove the file system (eksample ExploreZip worms), do the encryption in cryptoviral extortion attack, or send documents via email. Payload that is commonly used is code which inserted the worm to install a 'backdoor' on a computer that makes the infected that computer can be a 'zombie' and freely accessible by the worm - Sobig and Mydoom worm is an example of creating a zombie computer. Network computer of zombie botnet and is also often used by spammers to send junk email or hide the address of their website. Therefore, spammers often suspected as a fund of worm, and not infrequently worm maker also sell list of the infected computer's IP. Others are trying to get money from companies with the threat of DoS attacks (Denial of Service).

Backdoor can also be exploited by other malware, including worms. For example is Doomjuice, which spread through the backdoor opened by Mydoom, and at least one malware used rootkit and backdoor installed by the application of DRM owned Sony / BMG who have their music on CD until the end of 2005.

Worm with the good goal

Starting from the first research on the worm at Xerox PARC laboratory, have shown some effort to create useful worms. Nachi worm variants as an example, try to download and install a patch from the Microsoft website to fix the weaknesses in the system that place the host - with a weakness to exploit enter to the system, and then fix the patch. In practice, although this step has been made not dangerous, but this worm using the network traffic, making a re-boot machine at the time of patching, and work without users knowing.

The majority of security experts assume worms as malware, regardless of payload, or the destination.

Prevention

Worm spreads to exploit operating system weaknesses. All vendors trying to provide security updates regularly, and if a patch / update is installed on a machine, then the tendency of the spread of worms on this machine can denied. If the vendor knows the weakness in the system and not removing the update, not possible 'zero day exploit' (exploit on the same day the vendor announced a weakness (bug)). But that's rare.

Users need to be careful when opening e-mail that is not known, and it is recommended not to run a file or program that is sent as an attachment, or visiting web pages that are included in the mail. But, since the case iloveyou work, and increased growth and efficiency of phishing attacks, is still quite likely to deceive user also increased.

Application of anti-virus and anti-spyware is quite useful for dispel worm attacks, but should always be updated with the pattern of virus / worm new one every few days. Use a firewall is also recommended. Based on the experience of the author, the firewall is quite useful 'fortify' computer worm attack close to the worm or reject the intrusion.