A computer worm “is a self-replicating virus that does not alter files but resides in active memory and duplicates itself.” Worms live and replicate within the operating system that is invisible to the computer user.
Users typically encounter the worms when their computer starts to slow down substantially due to the resources taken up by the worm during self-replication.
Whereas viruses need some form of intervention from the computer user, such as opening an e-mail attachment or link, worms can spread without the help of the user. Worms also do not need a host program to spread.
Worms exploit system vulnerabilities (i.e., weaknesses or flaws in the computer operating system or management of the system) to intrude a computer or network. Once the worm is inside the computer, it replicates and causes damage similar to viruses, such as destroying or stealing data, sending e-mails to other computers by using the address book, and infecting other computers. Worms replicate via network connections.
Removing a worm from an infected computer is very difficult because the worm is intertwined with the system. If antivirus or antimalware software does not remove the worm, users may have to do a clean install of the operating system.
Similar to viruses, worms are not only a threat to computers but also to Bluetooth devices such as mobile phones, health trackers, wireless surveillance cameras, connected-drive cars, and similar devices.
Research suggests that Bluetooth worms spread quickly to other devices. The first mobile worm, called Cabir, was discovered in 2004 and infected Nokia devices via unsecured Bluetooth connections during the 2005 10th World Athletic Championships in Helsinki. Cabir accessed the contacts in the user’s phone and sent itself to other users.
Worms create several risks to computers and mobile devices, including (1) risks to the integrity of the computer system, (2) risks to maintaining the confidentiality of information on the computer, (3) risks to the availability of computer files, and (4) Internet slowdown. Table 1 provides a list of the five most destructive worms.
Table 1 The Five Most Destructive Worms
|Sobig||2003||United States||Crashed internet gateways and e-mail servers|
|I LOVE YOU||2000||Philippines||10% of the World’s PCs|
|Conficker||2007||Ukraine||Infected millions of PCs|
|Sasser||2004||Germany||Infected critical infrastructures|
Risks Created by Worms
The integrity of the computer system
Some worms will cause the pop up of messages such as “I think (user’s name) is a big, stupid jerk!” This worm was called the WM/97 Jerk worm. After the message was displayed, users could continue to work. Other worms may not only show a message but also lock the computer when the message disappears.
Confidentiality of information on the computer
The user should be the only one who has access to the computer and information stored on the computer. Some worms breach this confidentiality. For instance, the Koobface worm infected computers of users who clicked on a link to update their Adobe Flash. Once inside the operating system, the Koobface worm started to send advertisements for software and recorded the clicks of the user and web searches, which were then sold to the malicious authors of the Koobface worm. This type of worm is also used by criminals who engage in identity theft to steal passwords, credit card numbers, or tax returns.
Availability of computer files
Worms can interfere with users’ access to their files by making files unavailable, damaging files, or slowing down the computer. For instance, the Michelangelo worm upon activation began damaging computer files by overwriting the information in these files.
In January of 2016, the Slammer worm caused network interruptions across the United States, Asia, and Russia. The worm also infected the network of news provider ABC and caused hundreds of cash machines of the Bank of America to be unavailable. The Slammer further disabled websites of major credit card companies and shut down more than 900 systems in the DoD. Worms such as the Slammer can have very serious impacts on network systems and national security.