A computer worm is a standalone malware computer program that
replicates itself in order to spread to other computers. Often, it
uses a computer network to spread itself, relying on security failures
on the target computer to access it. Worms almost always cause at
least some harm to the network, even if only by consuming bandwidth,
whereas viruses almost always corrupt or modify files on a targeted
Many worms that have been created are designed only to spread, and do
not attempt to change the systems they pass through. However, as the
1 History 2 Harm 3 Countermeasures 4 Worms with good intent 5 See also 6 References 7 External links
The actual term "worm" was first used in John Brunner's 1975 novel,
The Shockwave Rider. In that novel, Nichlas Haflinger designs and sets
off a data-gathering worm in an act of revenge against the powerful
men who run a national electronic information web that induces mass
conformity. "You have the biggest-ever worm loose in the net, and it
automatically sabotages any attempt to monitor it... There's never
been a worm with that tough a head or that long a tail!"
On November 2, 1988, Robert Tappan Morris, a Cornell University
computer science graduate student, unleashed what became known as the
Morris worm, disrupting a large number of computers then on the
Internet, guessed at the time to be one tenth of all those
connected. During the Morris appeal process, the U.S. Court of
Appeals estimated the cost of removing the virus from each
installation at between $200 and $53,000; this work prompted the
formation of the CERT Coordination Center and Phage mailing
list. Morris himself became the first person tried and convicted
under the 1986 Computer Fraud and Abuse Act.
Any code designed to do more than spread the worm is typically
referred to as the "payload". Typical malicious payloads might delete
files on a host system (e.g., the
ExploreZip worm), encrypt files in a
ransomware attack, or exfiltrate data such as confidential documents
Probably the most common payload for worms is to install a backdoor.
This allows the computer to be remotely controlled by the worm author
as a "zombie". Networks of such machines are often referred to as
botnets and are very commonly used for a range of malicious purposes,
including sending spam or performing DoS attacks.
Worms spread by exploiting vulnerabilities in operating systems.
Vendors with security problems supply regular security updates
(see "Patch Tuesday"), and if these are installed to a machine then
the majority of worms are unable to spread to it. If a vulnerability
is disclosed before the security patch released by the vendor, a
zero-day attack is possible.
Users need to be wary of opening unexpected email, and should
not run attached files or programs, or visit web sites that are linked
to such emails. However, as with the
ACLs in routers and switches Packet-filters TCP Wrapper/ACL enabled network service daemons Nullroute
Worms with good intent
Main article: Helpful worm
Beginning with the very first research into worms at Xerox PARC, there
have been attempts to create useful worms. Those worms allowed testing
John Shoch and Jon Hupp of the
Botnet Code Shikara (Worm) Computer and network surveillance Computer virus Email spam Self-replicating machine Timeline of computer viruses and worms Trojan horse (computing) XSS worm Zombie (computer science)
^ Barwise, Mike. "What is an internet worm?". BBC. Retrieved 9
^ Brunner, John (1975). The Shockwave Rider. New York: Ballantine
Books. ISBN 0-06-010559-3.
^ "The Submarine".
^ "Security of the Internet". CERT/CC.
^ "Phage mailing list". securitydigest.org.
^ Dressler, J. (2007). "United States v. Morris". Cases and Materials
on Criminal Law. St. Paul, MN: Thomson/West.
^ Ray, Tiernan (February 18, 2004). "Business & Technology: E-mail
viruses blamed as spam rises sharply". The Seattle Times.
^ McWilliams, Brian (October 9, 2003). "Cloaking Device Made for
Mydoom Internet worm likely from Russia, linked to spam mail:
security firm". www.channelnewsasia.com. 31 January 2004. Archived
from the original on 2006-02-19.
^ "Uncovered: Trojans as Spam Robots". Hiese online. 2004-02-21.
Archived from the original on 2009-05-28. Retrieved 2012-11-02.
^ "Hacker threats to bookies probed". BBC News. February 23,
^ "USN list". Ubuntu. Retrieved 2012-06-10.
^ Threat Description Email-Worm
^ Threat Description Email-Worm: VBS/LoveLetter
^ Sellke, S. H.; Shroff, N. B.; Bagchi, S. (2008). "Modeling and
Automated Containment of Worms".
v t e
Computer virus Comparison of computer viruses Computer worm List of computer worms Timeline of computer viruses and worms
Trojan horse Rootkit Backdoor Zombie computer Man-in-the-middle Man-in-the-browser Man-in-the-mobile Clickjacking
Privacy-invasive software Adware Spyware Botnet Keystroke logging Form grabbing Web threats Fraudulent dialer Malbot Scareware Rogue security software Ransomware Crimeware
By operating system
Linux malware Palm OS viruses Mobile malware Macro virus Classic Mac OS viruses MacOS malware iOS malware Android malware
Anti-keylogger Antivirus software Browser security Internet security Mobile security Network security Defensive computing Firewall Intrusion detection system Data loss prevention software
Computer and network surveillance Operation: Bot Roast Honeypot