Thursday, November 21, 2024

Worm Type Virus

What is a Worm Virus

A worm is a virus that uses open (insecure) computers or known security bugs to gain access to a machine. A worm is a self-replicating program like a virus. However, unlike a virus, a worm does not infect other programs.

Worms are generally embedded in programs or attachments to email messages. When the user opens the file, the work begins a two-part attack on the system. First, the worm performs its damage, such as destroying files, corrupting programs or damaging the operating system. Then, the virus uses a process known as replication to transmit itself to everyone in the infected user’s email address book. If the computer is not on the internet at the time, then the transmission could be stopped; however, with the increasing number of users who have ‘always-on’ connections via DSL or cable-modems, the worm is usually able to transmit itself to thousands of unsuspecting recipients in a flash!

Worms can also infect Microsoft’s Active-X and Sun’s Java script controls, which means that worms can be embedded in web pages and launch themselves upon visitors who simply visit the site and view the web page! While this has rarely occurred to date, it is a distinct possibility in the future that simply browsing the web could be very dangerous without adequate antivirus protection!

The scariest part of worm attacks is that they are usually invisible to the infected user. Worms work silently in the background, and if they do not actually damage obvious files in the user’s computer, they go undetected for a long time while they continue to transmit themselves to recipients via email.

There are many Infamous worms i.e. The Anna Kournikova Worm, I love you worm, Code Red. or Nimda which is reputed to be the worst to date. Nimda was released on September 18, 2001

The Nimda worm has the potential to affect both user workstations (clients) running Windows 95, 98, ME, NT, or 2000 and servers running Windows NT and 2000. It spreads via email, network shares and websites. Its main goal is simply to spread over the Internet and Intranet, infecting as many users as possible and creating so much traffic that networks are virtually unusable. It may also take up a large amount of space on your hard drive.

The email messages created by the worm contain an attachment that can be executed even if the user does not open it and without the user’s knowledge. It infects HTML documents. When the infected documents are accessed (locally or remotely), the machine viewing the page is infected. When the virus finds an open share, it copies itself to each folder on the drive in .EML format. This can include the START UP folder.

The worm scans IP addresses looking for IIS servers to infect via the Web Folder Transversal vulnerability. It tries to use the backdoor created by W32/CodeRed.c to infect. It adds worm code to .EXE files. Email addresses are gathered by extracting the email addresses from MAPI messages in Microsoft Outlook and Microsoft Outlook Express, as well as from HTM and HMTL documents. Once infected, your system is used to seek out others to infect over the web. As this creates a lot of port scanning, this can cause a network traffic jam.

Back To Computer Section Home Page

Comments are closed.