Computer Worm Malware: How It Works

Computer worms originated back in the 1980s and are still prevalent today with the recent Conficker worm. There are many types of worm malware that are created to perform specific malicious acts. Computer worm malware can be more complicated and damaging than a computer virus depending upon the type of worm.

Worms are capable of copying themselves from computer to computer, a process which occupies a considerable amount of network bandwidth and computer time. A worm functions with several main elements that make up the malware.

How a Worm Works

The initial element of a worm is malcode which acts as a penetration tool that locates vulnerabilities on a PC so it can exploit them. Once it locates the vulnerability the malcode transfers the worm through the vulnerability. This is where the installer takes command by transmitting the malcode to your PC.

Once the malcode has infected the PC, the worm will use a tool that is designed to discover other computers that are connected to the network. From there it scans the other computers on the network to locate vulnerabilities and then uses the penetration tool to access those computers. This is known as a payload and is malware that is capable of operating remote access applications, keylogging, spying, as well as any other types of malicious behaviors.

The payload can also disguise itself in the form of an email attachment. It will trick the user into opening it by making the user believe it has come from a trusted source. This is accomplished by sending the email from a known person's address without the knowledge of that user. The payload uses the email account and address book to copy itself and then spread to other email recipients.

Replication

What makes a worm so destructive is its capability to replicate itself as many as 250,000 times over a several hour period. Not only can it scan for computers that are on the network, it will also scan for unsecured servers and then replicate itself to each server. Depending upon the type of worm, it can be programmed to replicate itself on specific days of the month for the purpose of making targeted attacks on certain events.

Computer worm malware generally replicates itself through an email program by searching for email addresses that it can mail itself to. Once it has located a list of email addresses, it will mail itself in the form of an attachment to each recipient.

The process a worm uses to replicate itself causes the Internet to slow to a crawl due to the massive amount of traffic it creates. It can also gain unauthorized access to a website to launch an attack by sending thousands of information requests to the site in an attempt to crash the site.

Although email is the most common way a worm will replicate itself, it will also attack other applications such as Microsoft Word and Excel by inserting malcode into those applications and then using them as an attachment.

(0 Comments)
Log in or sign up to comment.

Post a comment

Log in or sign up to comment.
Identity theft comes in many forms.

A person\92s identity can be 'borrowed' for the purpose of creating fictional credit cards or a person\92s entire identity can be usurped to the point where they can have difficulty proving that they really are who they claim to be.

Up to 18% of identity theft victims take as long as four years to realize that their identity has been stolen.

There are many ways to protect your personal identity and many steps you can take to prevent your identity from being stolen:

*Never give out unnecessary personal information
*Never provide bank details or social security numbers over the Internet
*Always remain aware of who is standing behind you when you type in your personal credit codes at ATM machines and at supermarket checkout swipe machines.