The History of Worms
Malware with self-replicating capability has been an issue in the world of computing for several years, dating back to the first self-replicating code created by Ken Thompson in 1984. Over the past few years, both worms and viruses have become major problems, mainly due to widespread use of the internet. This wide open platform enables these infections to spread rapidly with no geographic restrictions. Worms in particular are becoming more sophisticated as malicious coders have learned from their mistakes and successes as well.
In this article, we will take brief glance at the history of computer worms and how they have impacted the current state of computing.
Self-replicating applications date back to the early days of the Unix operating system. Ken Thompson's code was essentially a compiler modification that manipulated login procedures and the compiler itself. The conventional virus became a common plague in the era of the Apple II system. This infection moved rather slowly, yet provided the means of distributing some of the most known viruses, such as Chernobyl and Michelangelo.
The first Internet infection that required no human intervention to propagate was the Morris Worm, discovered in 1988 and released by Robert Morris. It spread very quickly, infecting a number of vulnerable computers in a matter of hours. The Morris Worm infected various machines and also used multiple exploits including buffer overflows, debugging routines in mail components, password sniffing, and other streams of execution to improve its ability to attack other computers.
Although released on accident, the benign concept doesn't really apply to the Morris Worm, as it had a significant amount of impact because of the bug in its code. When reinfecting a computer, there remained the possibility that the new infection would be persistent, allowing other worms to run and terribly impact system performance. However, this caused the worm to be noticed instantly, and therefore, quickly contained.
Active computer worms have returned to prominence in recent times. The first one to cause an eruption was Code Red. This infection proved how quickly a simple self-replicating program could spread via the internet's current infrastructure. Code Red exploited a buffer flow condition in the Microsoft IIS (Internet Information Server). It was able to propagate quickly because of the "always on" nature of IIS and many versions of the Windows operating system. Code Red was also equipped with scanning capabilities that improved its throughput and gave it the ability to elude numerous IP address security features.
Once a system has been compromised by a worm, there is actually little that can be done to mitigate the damage aside from removing it as quickly as possible. Just as everyone should devise a continency plan in case of a fire, one should also create a strategy to elude worm exploits. While there is no perfect solution, there are many steps that can be taken to prevent damage and reduce the spread of infection. Anti-virus software and firewalls are a must these days, two powerful weapons that will keep you one step ahead of a worm outbreak. It is also critical to conduct routine backups of your data as these infections can easily corrupt or completely overwrite existing files. When it comes to the disruption of worms and other malware, it's much better to be safe than sorry.