Computer worms are programs that are based on an internal mechanism to spread over local and global computer networks for specific purposes.
The Meaning of Computer Worms
Many computer worms spread not only as files but also as network packets. Such network worms are called fileless or packet worms, it is quite difficult to detect them, it is even more difficult to resist their penetration into the computer, since you, without actually downloading anything or launching any files, will get yourself a network worm by simply clicking on an Internet link. Such network worms, using errors in the software of operating systems, go directly to the computer’s RAM and independently activate their code there. Network worms also spread across the network in many ways. First, of course, e-mail, various instant messaging programs, file exchange resources, local networks, networks of exchange between mobile devices.
The main goals of computer worms are:
- penetration into remote computers with the partial or complete interception of control over them (hidden from the user – the owner of this computer, of course);
- launching your copy on a computer;
- further distribution over all available networks, both local and global.
There are various types of network worms. First of all, we should mention the RAM-resident worms, which are located in the computer’s RAM without affecting the files on the hard disk. To get rid of such computer worms is quite simple – you need to restart the operating system, and the data in RAM will be reset, and the worm will be erased accordingly. RAM-resident viruses consist of two parts: the shellcode with which they penetrate the computer, and the worm’s body itself. Certain network worms also have properties of other types of malicious software. For example, it may contain Trojan functions or also infect executable files on the local disk, have the properties of a Trojan program, or a computer virus.
The Computers Warms Definition
Computer worms are a type of malware that can independently penetrate computers, distribute and launch copies of themselves. The computer worm acquired its name due to its ability to multiply its duplicates in an unauthorized manner, i.e. “Crawl” from one computer to the next. What distinguishes them from classic viruses is the use of network resources for further distribution of copies to remote computers. The computer worm definition is unable to invade other computing devices; it spreads to local computer resources.
The life cycle of a worm program is a recursive cycle and is simplified as follows: a network worm activates on a computer, launches a locator of vulnerable targets, sends copies to identified vulnerable nodes via the network, on which copies are then launched and the algorithm is repeated in the same way.
It should be noted that modern computer worms rarely strive to persist on a computer for as long as possible and secretly. They often have a certain time period, and then self-destruct, sending gigabytes of spam information to other computers. They are also distinguished from viruses by their focus on performing specific actions, for example, overcoming the protection system against unauthorized access. In addition to their harmful effect, network worm attacks can provoke hotbeds of Denial of Service (DoS) attacks, if their functioning does not provide for ignoring the attacked or infected hosts.
Email worms are distributed as an attachment or link in e-mail messages (for example, Email-Worm.Win32.Zafi.d.). In some cases, the attachment may have a “double” extension in order to mislead the user and induce him to launch the file (an executable program disguised as an image with the name “postcard.jpg.exe”, etc.).