If you worry about computer security, then worms are probably near the top of your list. Although much has been done to combat the threat posed by spyware and adware, computer worms and viruses pose a constant, and constantly changing threat. The following information contains useful background from the fine contributors to Wikipedia and may help you avoid this potent danger.
In short, a computer worm is a self-replicating computer program. It uses a network to send copies of itself to other systems and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program. In general, worms always harm the network and consume bandwidth, whereas viruses always infect or corrupt files on a targeted computer. Email worms spread via email messages.
Typically the worm will arrive as email, where the message body or attachment contains the worm code, but it may also link to code on an external website. Poor design aside, most email systems requires the user to explicitly open an attachment to activate the worm, but "social engineering" can often successfully be used to encourage this; as the author of the "Anna Kournikova" worm set out to prove. Once activated the worm will send itself out using either local email systems or directly using SMTP.
The addresses it sends to are often harvested from the infected computers email system or files, which can be embarrasing and compromise personal identity. Therefore recipients of email worms should assume that they are not sent by the person listed in the 'From' field of e-mail message (sender's address). Instant messaging worms spread via instant messaging applications by sending links to infected websites to everyone on the local contact list. The only difference between these and email worms is the way chosen to send the links.
With IRC worms, chat channels are the main target and the same infection/spreading method is used as above: sending infected files or links to infected websites. Infected file sending is less effective as the recipient needs to confirm receipt, save the file and open it before infection will take place. File-sharing networks worms copy themselves into a shared folder, most likely located on the local machine. The worm will place a copy of itself in a shared folder under a harmless name. Now the worm is ready for download via the P2P network and spreading of the infected file will continue. Internet worms are those which target low level TCP/IP ports directly, rather than going via higher level protocols such as email or IRC.
A classic example is "Blaster" which exploited a vulnerability in Microsoft's RPC. An infected machine aggressivly scans random computers on both its local networ and the public internet attempting an exploit against port 135 which, if successful, spreads the worm to that machine. Users need to be wary of opening unexpected email, and certainly should not run attached files or programs, or visit web sites which such email link to. However, as the ILOVEYOU showed long ago, and phishing attacks continue to prove, tricking a percentage of users will always be possible. Anti-virus and anti-spyware software are helpful, but must be kept up-to-date with new pattern files every few days at least.
Andrew Morris is a writer and computer professional living in Austin, Texas. Find out more about computer security threats at Remove Adware Components.
