Posted by : Anonymous Tuesday, November 30, 2010
A worm is a computer virus designed to copy itself, usually in large numbers, by using e-mail or other form of software to spread itself over an internal network or through the internet.
How do they spread?
When you receive a worm over e-mail, it will be in the form of an attachment, represented in most e-mail programs as a paper clip. The attachment could claim to be anything from a Microsoft Word document to a picture of tennis star Anna Kournikova (such a worm spread quickly in February 2001).
If you click on the attachment to open it, you’ll activate the worm, but in some versions of Microsoft Outlook, you don’t even have to click on the attachment to activate it if you have the program preview pane activated. Microsoft has released security patches that correct this problem, but not everyone keeps their computer up to date with the latest patches.
After it’s activated, the worm will go searching for a new list of e-mail addresses to send itself to. It will go through files on your computer, such as your e-mail program’s address book and web pages you’ve recently looked at, to find them.
Once it has its list it will send e-mails to all the addresses it found, including a copy of the worm as an attachment, and the cycle starts again. Some worms will use your e-mail program to spread themselves through e-mail, but many worms include a mail server within their code, so your e-mail program doesn’t even have to be open for the worm to spread.
Other worms can use multiple methods of spreading. The MyDoom worm, which started spreading in January 2004, attempted to copy infected files into the folder used by Kazaa, a file-sharing program. The Nimda worm, from September 2001, was a hybrid that had four different ways of spreading.
What do they do?
Most of the damage that worms do is the result of the traffic they create when they’re spreading. They clog e-mail servers and can bring other internet applications to a crawl.
But worms will also do other damage to computer systems if they aren’t cleaned up right away. The damage they do, known as the payload, varies from one worm to the next.
The MyDoom worm was typical of recent worms. It opened a back door into the infected computer network that could allow unauthorized access to the system. It was also programmed to launch an attack against a specific website by sending thousands of requests to the site in an attempt to overwhelm it.
The target of the original version of MyDoom attack was the website of SCO Group Inc., a company that threatened to sue users of the Linux operating system, claiming that its authors used portions of SCO’s proprietary code. A second version of MyDoom targeted the website of software giant Microsoft.
The SirCam worm, which spread during the summer of 2001, disguised itself by copying its code into a Microsoft Word or Excel document and using it as the attachment. That meant that potentially private or sensitive documents were being sent over the internet.
How do I get rid of them?
The best way to avoid the effects of worms is to be careful when reading e-mail. If you use Microsoft Outlook, get the most recent security updates from the Microsoft website and turn off the preview pane, just to be safe.
Never open attachments you aren’t expecting to receive, even if they appear to be coming from a friend. Be especially cautious with attachments that end with .bat, .cmd, .exe, .pif, .scr, .vbs or .zip, or that have double endings. (The file attachment that spread the Anna Kournikova worm was AnnaKournikova.jpg.vbs.)
Also, install anti-virus software and keep it up to date with downloads from the software maker’s website. The updates are usually automatic.
Users also need to be wary of e-mails claiming to have cures for e-mail worms and viruses. Many of them are hoaxes that instruct you to delete important system files, and some carry worms and viruses themselves.
As well, some users should consider using a computer with an operating system other than Windows, the target of most e-mail worms. Most of the worms don’t affect computers that run Macintosh or Linux operating systems.