Computer Worm Malware: How It Works
Computer worms originated back in the 1980s and are still prevalent today with the recent Conficker worm. There are many types of worm malware that are created to perform specific malicious acts. Computer worm malware can be more complicated and damaging than a computer virus depending upon the type of worm.
Worms are capable of copying themselves from computer to computer, a process which occupies a considerable amount of network bandwidth and computer time. A worm functions with several main elements that make up the malware.
How a Worm Works
The initial element of a worm is malcode which acts as a penetration tool that locates vulnerabilities on a PC so it can exploit them. Once it locates the vulnerability the malcode transfers the worm through the vulnerability. This is where the installer takes command by transmitting the malcode to your PC.
Once the malcode has infected the PC, the worm will use a tool that is designed to discover other computers that are connected to the network. From there it scans the other computers on the network to locate vulnerabilities and then uses the penetration tool to access those computers. This is known as a payload and is malware that is capable of operating remote access applications, keylogging, spying, as well as any other types of malicious behaviors.
The payload can also disguise itself in the form of an email attachment. It will trick the user into opening it by making the user believe it has come from a trusted source. This is accomplished by sending the email from a known person's address without the knowledge of that user. The payload uses the email account and address book to copy itself and then spread to other email recipients.
What makes a worm so destructive is its capability to replicate itself as many as 250,000 times over a several hour period. Not only can it scan for computers that are on the network, it will also scan for unsecured servers and then replicate itself to each server. Depending upon the type of worm, it can be programmed to replicate itself on specific days of the month for the purpose of making targeted attacks on certain events.
Computer worm malware generally replicates itself through an email program by searching for email addresses that it can mail itself to. Once it has located a list of email addresses, it will mail itself in the form of an attachment to each recipient.
The process a worm uses to replicate itself causes the Internet to slow to a crawl due to the massive amount of traffic it creates. It can also gain unauthorized access to a website to launch an attack by sending thousands of information requests to the site in an attempt to crash the site.
Although email is the most common way a worm will replicate itself, it will also attack other applications such as Microsoft Word and Excel by inserting malcode into those applications and then using them as an attachment.