At
the turn of the millennium, the Internet was beginning to experience widespread
use. The opportunity rose for hackers to
make money off of people using their credit cards online or doing their banking
online, etc. Viruses could help them do
the job, but they weren’t exactly the stealthiest or most efficient programs
out there. There was yet another
program—the worm—that would prove
much more helpful.
(It’s
important to note that worms had come into existence long before the late 90s. This was just the time when they began to
become popular.)
How Worms Work
Worms
have a couple of things in common with viruses:
-
They self-replicate
- They have some dependency on the host computer to spread
However,
the way they spread makes them far different—and more dangerous: worms
do NOT infect files. That’s
right; they leave your files alone.
However, this actually makes them more of a threat because it increases their efficiency. Instead of depending on infecting files to get around, worms employ two other major avenues of travel:
- Through computer network connections* (ex. if you work in an office and are connected to an office network)
- Through email (many worms can automatically send spam emails with themselves as attachments to your contacts)
* For those who aren’t familiar with the term, a “network” is a group of computers that are connected to one another and can share files with each other.
Both
of these actions are automated. For
example, as long as you are connected to a network, the worm can
travel from your computer to other computers in the network completely on its own. With viruses, you have to actually be using
your computer to spread the bug around.
However, a worm really doesn't need you at all after it has embedded itself in your system. A worm could spread
right under your nose whenever it wants—while you’re eating lunch, taking a
walk, or even reading a nice informative blog on Internet security.
As
for email: it gets a bit tricky here.
A lot of people have online email accounts now—like Yahoo! or
Gmail. If you have an online email
account and you’re infected by a worm, the worm won’t be able to reach your
email because your email account and your hard drive are not connected. The worm can’t “jump” from the hard drive to
the password-protected online email account, thank God!
However,
let’s assume you use, say, Outlook Express, which is an email program that resides on your computer. In this case, your email account and your
hard drive are connected. Many worms are programmed so that, upon
infection, a spam email with the worm as the attachment will be sent to all
your contacts.
In the last
several years, worms have received a lot of media attention simply because
their ability to exploit weaknesses in network and email security allows them
to travel the globe in a very short period of time. These are some worms you may have heard
about:
- LoveLetter (a.k.a. the "ILOVEYOU virus")
- MsBlast/Blaster
- Conficker (or Downadup, Kido, the "virus" that gave you a couple of days off work a few years ago because it crashed the entire computer system at your office, whatever you want to call it)
Conficker, in particular, is an important one. It has been accurately described as one of the most “obstinate” malicious programs out there. It was first discovered in November 2008, reached its peak infection count within a few months, and despite security experts’ efforts is still prevalent in the cyber world. It is primarily a network worm, and at its peak it had anywhere from 7 to 12 million computers under its control—including computers owned by not only major corporations but the British Parliament and the French Navy. Even today, about 4 1/2 years after its initial release, infection estimates remain at about 7 million.
Conficker is a
major problem, especially since worms of this caliber can theoretically be used
as digital international weapons. I have
plans to bring the subject up again in later posts, but honestly, if you are really
interested in learning about not only Conficker but the threat posed by hackers
and malware in general in the modern world, I strongly recommend you read Worm: The First Digital World War by
Mark Bowden. It’s a fantastic book, and
one of the very few pieces of tech literature that is aimed at everyday people
and explains rather complex subjects in an easy-to-understand manner. It was also one of my main inspirations
for wanting to become a security specialist myself.
Recap
The Basics of the Worm:
- Self-replicate
- Do NOT infect files
- Spread mainly via networks and email
Advantages:
-
Harder to discover infection because there are no infected files
- Can spread faster, more mobile on its own
- Less dependent on human intervention
Disadvantages:
- Because it spreads so easily, it’s not good for contained attacks.
- In email form, it still relies on tricking the user into opening the attachment.
Next time, we’ll
talk about the final, most common, and—in some ways—the most dangerous type of
malware of all: the Trojan Horse.