The menace of Worms

  • June 29, 2005
  • 5 min read

It is a given in this world that every entity has two aspects – one benign, and the other malignant. This duality of function can be found in virtually everything. Take the humble kitchen knife, for example. Cooks use it for chopping vegetables. It can also be used to kill. The human brain can be used to do constructive things – such as planting seeds in farms to grow food crops, construct strong shelters that protect against nature’s forces and build computers and software that make life so easy. The human brain can also do destructive things – such as build a bomb, indulge in genocide and take advantages of the computer’s weaknesses to wreck havoc the internet.

The worms are but another example of man’s darker side of genius.

Worms are such pesky creatures. They apparently appear out of nowhere and start doing what their creators designed them to do; our only clue is that the PC and the internet are suddenly inexplicably slow. Their reproducing and replicating mechanisms are so simple. Computer worms share similar attributes. They are apparently very easy to construct too.

The first worm that attracted wide attention was actually written by a student! When it was released to an unsuspecting world in 1988, it damaged a lot of BSD UNIX machines before an angry world could track it down and catch both the worm and its creator red-handed. The boy – Robert Tappan Morris Jr. – was convicted and fined.

So, what exactly is a computer worm?

A computer worm is different from its other infamous sibling – the virus. A worm does not infect or manipulate files, it makes clones of itself. Therefore a worm is a standalone working program. It can use the system transmission capabilities to travel from machine to machine merrily riding around like a happy-go-lucky vagabond. A worm, after lodging itself on one machine can spawn several clones of itself. Each of these clones then marches forth to conquer the cyber world.

How do worms spread?

Where do newly cloned computer worms march to? A worm can open your email address book and, in a jiffy, despatch one clone each to each of the addresses listed. Of course, the machine has to be connected to the net. If it is not, the worm silently bides it time till the connection takes place. Chats and Instant messaging software like MIRC, MSN Messenger, Yahoo IM and ICQ can also act as unwitting carriers enabling the worm to spread like wildfire throughout the cyberworld (the “Jitux” worm is an example). Every operating system has vulnerabilities which are thoroughly exploited by worms to propagate themselves. Windows systems are the usual target. A very prominent example of this is the Sasser worm which uses security holes in the Windows LSASS service.

Other worms spread only by using Backdoor infected computers. E.g. the “Bormex” worm relies on the “Back Orifice” backdoor to spread. There is a facility available within peer-to-peer networks known as the P2P folder which all users of the network share. A worm can simply copy itself into the shared folder and quietly wait for the other users to pick it up. If the folder does not exist, the worm simply creates it for the benefit of the users! How benevolent can worms be! In the hall of hoodlums, worm “Axam” gets top honours for such devious activity.

Some worms take on even more deceptive forms to snare users. Sending emails with malicious code embedded within the main text or as an attachment. Some worms act as SMTP proxies (Sircam, Nimda, Sasser & co) to spread quickly. Worms can attempt remote logins (especially on Microsoft SQL servers – the “Spida” worm does this quite elegantly!) to launch DDoS (distributed denial of service) attacks. Another favourite is injecting malicious code in running services on the server like “Slammer”. Phew! The arsenal available to these worms is huge and ever growing.

Worms that will be remembered for generations to come for the damage they did to global commerce are Sasser, MyDoom, Sober, Blaster, Code Red, Melissa, and the Loveletter worm. Apart from the sleepless nights it caused the government and industry backed sleuths trying to track the worm, billions of dollars went down the drain to control their menace. The face of internet surfing and computerized operations was radically changed due to these worms.

What exactly is the nature of havoc that these worms bring to bear upon us? Well, Denial of service (DoS) is one situation that users of a server may find themselves in thanks to these programs. Unlike viruses, many worms do not intend to destroy the infected computer. More often than not they have a more important job to do – subvert the computer so that the worm’s creator can use it often without the owner of the computer knowing anything about it.

Worm writers nowadays work together with Spammers (they make a nice twosome, don’t they?) to send out unsolicited emails to increasingly overloaded inboxes. Their worms install backdoor trojans to convert the home computer into a “zombie”.  the countless variants of the “Bagle” worm are the best known examples.

“Phishing” is the latest fad in town. It tries to prise those secret passwords of bank accounts and credit cards from you… all courtesy of a piggy back ride on the worm’s powerful shoulders

So much for the end-of-the-world-speech! What is the cure for all this, for crying out loud! You ask.

Like a cat-and-mouse game, the moment worms came into existence, worm-trappers came into existence too. Special software has been designed that not only kill worms the software knows about, but also updates itself on a daily basis against any new threats.

However, updating is always going to be a tad behind the ultra-sophisticated lethal wizardry of worms. The best way to guard against this is to use the anti-worm software Emsisoft Anti-Malware – software that it is at the forefront of malware prevention.

How does Emsisoft Anti-Malware score over other anti-worm and anti-virus products?

Anti-Malware has a special Malware Intrusion Detection System (Malware-IDS) that is able to detect and kill worms before the worms get a foot in the door. The great thing about this is that the detection process does not require any signature scanning to identify a worm. All the other products are handicapped because they require a signature to be able to identify and kill a worm.

The Malware-IDS, once installed, never sits idle. Visualize a worrying, paranoid housewife obsessed with keeping the house clean, who runs after every rat or other vermin that she sees with broomstick in hand! Like this housewife, the Malware-IDS is continuously on alert, checking every program that is running (or trying to run) on your machine, ready to pounce on any program that is trying to do something that “good” programs are not supposed to do. Such “delinquent” programs are caught by the IDS and paraded before you. You can relax and take your time to decide whether the program has nefarious intentions or not. The program is stopped until you pronounce verdict. The program is either acquitted honourably or sent to the gallows.

With a strong development and support team spanning continents, Anti-Malware has emerged as an important player in the war against the malware domain. Trusting your machine to Anti-Malware is the best defence possible now and in the future.

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

Protect thyself!

Emsi

Emsi

Emsisoft founder and managing director. In 1998 when I was 16, a so called 'friend' sent me a file via ICQ that unexpectedly opened my CD-ROM drive, which gave me a big scare. It marked the start of my journey to fight trojans and other malware. My story

What to read next