APPLICATION SECURITY
Knowledge Base
Search Our Knowledge Base
Computer Worm
What is a computer worm?
Computer worms are among the most common types of malware. They spread over computer networks by exploiting operating system vulnerabilities. Worms typically cause harm to their host networks by consuming bandwidth and overloading web servers. Computer worms can also contain “payloads” that damage host computers. Payloads are pieces of code written to perform actions on affected computers beyond simply spreading the worm. Payloads are commonly designed to steal data or delete files. Some payloads even create backdoors in host computers that allow them to be controlled by other computers. Malicious parties can use networks of these infected computers (“botnets”) to spread spam and perform denial-of-service attacks.
Computer worms are classified as a type of computer virus, but there are several characteristics that distinguish computer worms from regular viruses. A major difference is the fact that viruses spread through human activity (running a program, opening a file, etc) while computer worms have the ability to spread automatically without human initiation. In addition to being able to spread unassisted, computer worms have the ability to self-replicate. This means that worms can create multiple copies of themselves to send to other computers. This often happens through the sending of mass emails to infected users’ email contacts.
Computer Worm Examples
Computer worms have caused billions of dollars in damages over the past decade. Today, the Stuxnet, Duqu, and Flame computer worms continue to make headlines as a new breed of malware: computer worms designed for cyber warfare.
The Stuxnet virus is a computer worm discovered in June 2010. Stuxnet was created by the United States and Israel, targeting Iran’s Uranium Enrichment Program. Stuxnet was created as part of a top-secret cyber war program codenamed “Olympic Games.” The computer worm crashed 984 centrifuges at Iranian nuclear power plants between 2008 and 2012, setting back nuclear weapon production capabilities in Iran by about two years.
The Duqu computer worm was discovered in September 2011 and is believed to be linked to the Stuxnet virus. Duqu and Stuxnet operate very similarly and were both created by governments to target nuclear production in Iran. Rather than being used to disrupt the production of nuclear weapons, Duqu was used for stealing information. Some versions of Duqu did include a payload capable of deleting files from the host’s computer.
The Flame virus was discovered in 2012 and is regarded as one of the most sophisticated computer worms ever found. Flame’s code shares many similarities with the Stuxnet code, and Flame, like Stuxnet, was designed as part of a government-sponsored cyber program. While the Stuxnet computer worm was designed to sabotage nuclear weapon production, Flame is believed to have been created purely for cyber spying. Flame has infected thousands of computers since its deployment, mostly in Iran and other Middle Eastern countries.
Protecting yourself from Computer Worms
There are several best practices users can follow to protect their computers from worms. Following these steps will not only decrease the risk of infection, but also provide for easier detection and computer worm removal.
- Keep the computers’ operating system and software up-to-date with vendor-issued security releases. These updates often contain security patches designed to protect computers from newly discovered worms.
- Avoid opening emails that you don’t recognize or expect, as many computer worms spread via email.
- Refrain from opening attachments and clicking on links from untrusted/unfamiliar sources.
- Run a firewall and antivirus software to be further protected from computer worms. Software firewalls will keep the computer protected from unauthorized access. Choose an antivirus program that includes download scanning functionality (to detect malicious content in email and web downloads) as well as malware removal tools.
Symptoms of a Computer Worm
Users should be familiar with the symptoms of a computer worm so that they can quickly recognize infections and begin the process of computer worm removal. Here are some of the typical symptoms of a computer worm:
- Slow computer performance
- Freezing/crashing
- Programs opening and running automatically
- Irregular web browser performance
- Unusual computer behavior (messages, images, sounds, etc)
- Firewall warnings
- Missing/modified files
- Appearance of strange/unintended desktop files or icons
- Operating system errors and system error messages
- Emails sent to contacts without the user’s knowledge
While other issues can cause these symptoms, the appearance of multiple symptoms from this list or the repeated occurrence of certain symptoms usually indicates that the computer has been infected with a worm.
Computer Worm Removal
There are several steps that should be taken for computer worm removal. It is important to disconnect the computer from the internet and any local area networks before taking any other actions for worm removal. In order to prevent spreading of the worm, use a non-infected computer to download any updates or programs required and then install them on the infected machine via an external storage device. Once the computer is disconnected:
- Check that all antivirus signatures are up-to-date.
- Scan the computer with antivirus software.
- If the scan detects a computer worm or other malware, use the software to remove malware and clean or delete infected files. A scan that detects no malware is usually indicative that symptoms are being caused by hardware or software problems.
- Check that the computer’s operating system is up-to-date and all software and applications have current patches installed.
- If a worm is difficult to remove, check online for specific computer worm removal utilities.