Computer worms are so unique and insidious as they can act independently and, once a PC’s been infected, self-replicate and spread throughout the entire network. Read on to learn more about the oldest of all malware types and how to protect yourself from computer worm attacks — such as with the all-in-one protection solution Avira Free Security, which includes much more than just malware protection.
What is a computer worm and how does it work?
Computer worms are the oldest of all malware types and get their name from the way they move and spread. Just like its biological namesake crawls through the soil, a computer worm crawls through the network to infect other systems.
A computer worm is a form of malware (computer program or script) that — unlike other malware such as a virus — can self-replicate and move completely autonomously through the digital world. To replicate itself, a PC worm creates copies of itself and spreads them over network and internet connections — often at lightning-fast speed.
Besides computer viruses, computer worms are probably the most well-known type of malware. Although they share the common trait of spreading on computers worms don’t need a host file unlike viruses. They don’t need to be embedded in an executable file to replicate and spread nor do they depend on user interaction.
All this means a worm can act independently without a user needing to activate it first. As soon as it gets onto a PC, it executes automatically and nests itself unnoticed in the target system. The worm then hunts around for vulnerabilities, such as security holes in programs, operating systems, or network services, to spread to other systems and begin its work again there. Since every infected PC serves as a source for further worm infections, a worm can quickly spread exponentially and cause severe network congestion, which is what makes a large-scale worm attack so dangerous.
Although computer worms by definition don’t need a host file, they can still use files or programs as an initial means of transport to spread themselves, such as by being hidden in an email attachment. In this case, they do require user help to open the email or email attachment or to download the file.
What’s worse, computer worms can also carry helper programs to conceal their presence or scan the system for exploitable vulnerabilities. To spread more easily, they also often use tools to crack password-protected systems, applications, or accounts and bypass access restrictions. A PC worm can also use exploit frameworks to take advantage of security vulnerabilities or use port scanners to scan the internet for vulnerable IP addresses to gain access to unsecured services through open ports.
Although computer worms were originally only intended to spread and, among other things, find security holes in operating systems, they can now also be used as carriers for other types of malware. These include viruses, ransomware, or spyware, where the worm carries the malicious payload. Worms can also create a backdoor that other malware can exploit at a later stage.
But even without a payload, a computer worm can slow down or even completely paralyze systems due to the staggering amount of resources it consumes.
The beginnings of computer worms: Creeper, Reaper, and the Morris worm
When computer worms first appeared, they weren’t called worms at all. The name only took hold years later — with a potential source of inspiration being a 1975 cyberpunk novel The Shockwave Rider that describes self-replicating software that spreads across networks called a worm.
Creeper was the first known computer worm to spread uncontrollably. In the early 1970s, it spread in the forerunner of today’s internet, the ARPANET, which consisted of a computer network. ARPANET developer Bob Thomas experimented with a program as a security test to find out whether a self-replicating program was possible. He carelessly released it into the company network, from where it spread and eventually got out of control.
The second computer worm called Reaper was created several months later by Roy Tomlinson, who went on to invent email, to track down and delete Creeper. Within a very short period of time, not only was the first type of malware created but also the first program to combat malware, the helpful worm, or nematode.
The first computer worm to spread over the still young and comparatively tiny internet was the Morris worm, which was released in 1988 by student Robert T. Morris. The worm was actually only supposed to count how many computers were connected to the internet, but due to a programming error it infected around 10% of the approximately 60,000 computers attached to the internet at the time. The number was limited as it could only attack a certain operating system variant that had several security vulnerabilities. Nevertheless, it inflicted significant damage, causing network congestion and overwhelming many systems — including university computers and those at military facilities.
Types of computer worm and how they spread
In the past, worms entered a computer via infected floppy disks. Although removable storage devices like USB sticks or external hard drives are still used today, electronic infection methods and distribution channels are the more likely choice. In most cases, a computer worm gets into a computer and is circulated as a result of social engineering techniques such as phishing scams or through malvertising.
Top tip: Improve your protection against phishing web pages or malvertising infected with computer worms or other malware with a browser safety extension.
As mentioned, there are worms that activate automatically as well as those that need to be executed manually. In the case of the latter, the user must perform a specific action to activate the worm, such as opening an infected file or running an infected program. Once the worm is activated, it begins replicating and spreading on the infected computer and possibly to other systems on the network.
Computer worm types based on the initial attack vector:
- Internet/network worms: These worms don’t interact with users but instead exploit vulnerabilities on computers and other network devices, such as routers or servers, and spread over private or public networks such as the internet.
- Email worms: The worm is located in an email attachment, hidden behind an infected link, or redirects users to an infected web page. When visiting this page, the worm is either downloaded automatically through a drive-by download or actively downloaded by the user. To trick the user, the worm often disguises itself as a supposedly useful file or piece of software.
- Instant messaging worms: The malicious links are spread via texts sent on messaging services like WhatsApp and Skype.
- File sharing/P2P worms: Computer worms can also hide in popular files on P2P networks or use their communication protocols to spread.
- Possible impacts of computer worms
Worms often do not perform any harmful actions on the PC, but primarily want to spread further and “only” consume computing power and storage space. This means you can spot the signs of a computer worm infection by the fact that your PC slows down, stops responding, crashes frequently, or suddenly only has little storage space available.
That said, if a computer worm contains a payload, this can result in more serious damage which can manifest itself in different symptoms depending on the type of malware carried.
Computer worms can wreak havoc, including:
- Overloading systems by consuming vast amounts of resources (Morris worm)
- Causing enormous volumes of network traffic and impacting internet services and network connections due to bandwidth overload (Morris worm, SLQ Slammer worm)
- Damaging, overwriting, or deleting hard drives or files (ILOVEYOU worm)
- Stealing passwords and login details from email accounts, social networks, and other online services (ILOVEYOU worm)
- Automatically generating emails with infected attachments or links to send worm copies to every contact in the infected PC’s address book or to randomly generated or predefined email addresses (ILOVEYOU worm)
- Adding computers or networked devices to a botnet to use it for DDoS attacks (Mydoom & Code Red worm) or cryptomining (NoaBot worm) or to send spam en mass (Storm worm)
- Installing blackmailing ransomware and encrypting files (WannaCry ransomware with worm functionality)
- Recording and sending keystrokes (Regin worm)
Modular malware with a worm component is now also common. Examples include the incredibly dangerous and destructive Emotet malware strain, which was originally a banking Trojan and was always evolving. It could snoop on online banking data; read login information from web browsers, email programs, and other applications; send spam to all Outlook contacts; carry out DDoS attacks; and install a backdoor. This ultimately led to the injection of the highly modular malware strain Trickbot and the ransomware variant Ryuk. Ryuk encrypted the data that Trickbot had already snooped on and classified as sensitive or important.
How can you protect yourself from computer worms?
Since a firewall provides protection against malicious software transmitted over network connections, it’s important that you always keep your firewall running and up to date. In addition to general precautions, such as when opening email attachments and downloading programs, we also recommend using antivirus protection. It can help you better detect, stop, and, if necessary, remove computer worms.
Avira Free Security not only includes real-time protection to help you strengthen your defenses against computer worms, computer viruses, and other types of malware but also a browser safety. This helps you block infected ads and web pages like phishing pages, preventing a worm attack.
It’s also important to close the entry points for computer worms, such as security holes in outdated software, by keeping your apps and programs up to date. These updates often include what are called security patches to fix known vulnerabilities in programs. A software updater can be a great help here — something Avira Free Security includes as well.
Since mobile worms also exist that target smartphones, which can spread via texts, MMS, Bluetooth, the mobile network, and Wi-Fi, you should also protect your mobile devices — such as with an antivirus protection app like Avira Antivirus Security for Android.