How does Computer Worms work ?

People use e-mail more than any other application on the internet, but it can be a frustrating experience, with spam and especially e-mail worms filling our inboxes.

Worms can spread rapidly over computer networks, the traffic they create bringing those networks to a crawl. And worms can cause other damage, such as allowing unauthorized access to a computer network, or deleting or copying files.

So what exactly is a computer worm?

A computer worm is different from its other infamous sibling - the virus. A worm does not infect or manipulate files, it makes clones of itself. Therefore a worm is a standalone working program. It can use the system transmission capabilities to travel from machine to machine merrily riding around like a happy-go-lucky vagabond. A worm, after lodging itself on one machine can spawn several clones of itself. Each of these clones then marches forth to conquer the cyber world.

How do they spread?

Where do newly cloned computer worms march to? A worm can open your email address book and, in a jiffy, despatch one clone each to each of the addresses listed. Of course, the machine has to be connected to the net. If it is not, the worm silently bides it time till the connection takes place.

Chats and Instant messaging software like MIRC, MSN Messenger, Yahoo IM and ICQ can also act as unwitting carriers enabling the worm to spread like wildfire throughout the cyberworld (the “Jitux” worm is an example).

Every operating system has vulnerabilities which are thoroughly exploited by worms to propagate themselves. Windows systems are the usual target. A very prominent example of this is the Sasser worm which uses security holes in the Windows LSASS service.Other worms spread only by using Backdoor infected computers. E.g. the “Bormex” worm relies on the “Back Orifice” backdoor to spread.

There is a facility available within peer-to-peer networks known as the P2P folder which all users of the network share. A worm can simply copy itself into the shared folder and quietly wait for the other users to pick it up. If the folder does not exist, the worm simply creates it for the benefit of the users! How benevolent can worms be! In the hall of hoodlums, worm “Axam” gets top honours for such devious activity.

Some worms take on even more deceptive forms to snare users. Sending emails with malicious code embedded within the main text or as an attachment. Some worms act as SMTP proxies (Sircam, Nimda, Sasser & co) to spread quickly. Worms can attempt remote logins (especially on Microsoft SQL servers - the “Spida” worm does this quite elegantly!) to launch DDoS (distributed denial of service) attacks. Another favourite is injecting malicious code in running services on the server like “Slammer”".

When you receive a worm over e-mail, it will be in the form of an attachment, represented in most e-mail programs as a paper clip. The attachment could claim to be anything from a Microsoft Word document to a picture of tennis star Anna Kournikova (such a worm spread quickly in February 2001).

If you click on the attachment to open it, you’ll activate the worm, but in some versions of Microsoft Outlook, you don’t even have to click on the attachment to activate it if you have the program preview pane activated. Microsoft has released security patches that correct this problem, but not everyone keeps their computer up to date with the latest patches.

After it’s activated, the worm will go searching for a new list of e-mail addresses to send itself to. It will go through files on your computer, such as your e-mail program’s address book and web pages you’ve recently looked at, to find them.

Once it has its list it will send e-mails to all the addresses it found, including a copy of the worm as an attachment, and the cycle starts again. Some worms will use your e-mail program to spread themselves through e-mail, but many worms include a mail server within their code, so your e-mail program doesn’t even have to be open for the worm to spread.

What do they do?

The nature of havoc that these worms bring to bear upon us? Well, Denial of service (DoS) is one situation that users of a server may find themselves in thanks to these programs.

Unlike viruses, many worms do not intend to destroy the infected computer. More often than not they have a more important job to do - subvert the computer so that the worm’s creator can use it often without the owner of the computer knowing anything about it.

Worm writers nowadays work together with Spammers to send out unsolicited emails to increasingly overloaded inboxes. Their worms install backdoor trojans to convert the home computer into a “zombie”. the countless variants of the “Bagle” worm are the best known examples.”Phishing” is the latest fad in town. It tries to prise those secret passwords of bank accounts and credit cards from you… all courtesy of a piggy back ride on the worm’s powerful shoulders.

Most of the damage that worms do is the result of the traffic they create when they’re spreading. They clog e-mail servers and can bring other internet applications to a crawl.

But worms will also do other damage to computer systems if they aren’t cleaned up right away. The damage they do, known as the payload, varies from one worm to the next.

The MyDoom worm was typical of recent worms. It opened a back door into the infected computer network that could allow unauthorized access to the system. It was also programmed to launch an attack against a specific website by sending thousands of requests to the site in an attempt to overwhelm it.

How do I get rid of them?

The best way to avoid the effects of worms is to be careful when reading e-mail. If you use Microsoft Outlook, get the most recent security updates from the Microsoft website and turn off the preview pane, just to be safe.

Never open attachments you aren’t expecting to receive, even if they appear to be coming from a friend. Be especially cautious with attachments that end with .bat, .cmd, .exe, .pif, .scr, .vbs or .zip, or that have double endings. (The file attachment that spread the Anna Kournikova worm was AnnaKournikova.jpg.vbs.)

Also, install anti-virus software and keep it up to date with downloads from the software maker’s website. The updates are usually automatic.

Users also need to be wary of e-mails claiming to have cures for e-mail worms and viruses. Many of them are hoaxes that instruct you to delete important system files, and some carry worms and viruses themselves.

As well, some users should consider using a computer with an operating system other than Windows, the target of most e-mail worms. Most of the worms don’t affect computers that run Macintosh or Linux operating systems.


Post a Comment

Subscribe to Post Comments [Atom]

<< Home