A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computer terminals on the network) and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program. Worms always harm the network (if only by consuming bandwidth), whereas viruses always infect or corrupt files on a targeted computer.

          An early worm on the Internet, and the first to attract wide attention, was the Morris worm. It was also termed 'The Internet Worm' by Peter Denning in an article in American Scientist (March-April, 1988) in which he distinguished between a virus and a worm, thereby becoming an early computer zoologist.      

        Types of Computer Worm:

          Email Worms Spread via email messages. Typically the worm will arrive as email, where the message body or attachment contains the worm code, but it may also link to code on an external website. Most famous E-mail worms: Klez, Nimda, Yaha, Sircam, Bugbear, Magistr, Braid, Badtrans, PrettyPark, Sobig

          IRC worm (Internet Relay Chat worm) is usually a standalone program that uses IRC networks to spread itself. Such worm either tries to spread itself by establishing connection to an IRC server or it can drop specific scripts to an IRC client directory. The most affected IRC client is mIRC. Usually an IRC worm replaces some INI files in mIRC directory with its own scripts and when a user connects to an IRC server and joins any channel, these scripts instruct a client to send a worm's executable file to everyone in that channel. Most famous IRC worms: Aplore, Maldal, Gokar, Spester, Irok, Nymph.

           File-sharing networks worms Copies itself into a shared folder, most likely located on the local machine. The worm will place a copy of itself in a shared folder under a harmless name. Now the worm is ready for download via the P2P network and spreading of the infected file will continue.

           Internet worms Those which target low level TCP/IP ports directly, rather than going via higher level protocols such as email or IRC. A classic example is "Blaster" which exploited a vulnerability in Microsoft's RPC. An infected machine aggressively scans random computers on both its local network and the public Internet attempting an exploit against port 135 which, if successful, spreads the worm to that machine

  
       
   

 

  
 		  

Team

Disclaimer

Glossary

            ©  Awareness Towards CyberCrime