Security terminology demystified: the worm

A secretive code army hidden inside an innocuous looking email and ready to wreak havoc on your computer empire

In our comprehensive guide to all things deadly and dangerous in the world of computer security you would have noticed that, along with Greek mythology (Trojan) and hostage situations (Ransomware), you will find the common garden variety worm.

This nasty little creature can cause untold damage to your systems as it has the ability to replicate itself, spreading little segments of wormy disaster across different computers and systems.

There are different types of worm, each one using the principles of sneak and replicate to infiltrate systems and create increasingly larger and more damaging versions of itself until it can take over the entire network.

Most worms find their way into your system through a security loophole or vulnerability and, often, they are so secretive and smart that you don’t even know you’ve been infected until it is way too late. Often, a worm can sit on your system for years until it’s activated.

 

The definition

Worms tend to have different ‘jobs’ dependent on who created them and for what purpose. They are often designed to enter into systems so that they can take control of networks by replicating themselves and building a bad botnet.

A bad, or malicious, botnet, according to Norton, is the workhorse of the internet. It’s a bunch of connected computers performing specific tasks or commands on behalf of the cybercriminal. They take control of your systems and use your power and network to add to their own and then they pull it into use to orchestrate a variety of attacks on other networks, systems or computers.

Worms can arrive in your system through a variety of different channels. If you’ve not updated your security software, they could take advantage of a software hole in your system, or they can arrive inside spam or an instant message. Most hostile worms carry what is known as a payload.

This is the bad stuff that’s piggybacked on the worm and that’s designed to do damage. The payload can do anything from change and delete files to extracting personal or private information to being used as part of a ransomware attack.

While worms and viruses sound quite similar in terms of the impact they have on systems and lives, worms are more likely to be used to take control of networks and system settings. In fact, some worms just sit and replicate themselves until they fill up an entire system, rending it unusable.

Fun fact: Every system and slice of technology is at risk of being attacked by a worm. In 2013, WhatsApp for Android was found to be vulnerable to a worm called Priyanka. While not considered particularly violent, the worm was virulent. It spread through contacts and changed contact names to ‘Priyanka’, in some cases changing all group names as well. It was easy to remove and plenty of walkthroughs appeared immediately online, but it revealed how easy it was to fool people into downloading a worm through instant messaging channels.

 

The threat

There are several different types of worm that you need to be aware of:

• Network worm – This chap is all about diving into your system and causing havoc, affecting its reliability and availability. These are so-named because they use networks to jump from one system to another, attaching themselves to computers that allow them in due to a vulnerability.
• Instant Messaging Worm – People often think that WhatsApp, Skype, Facebook Messenger and other popular messaging platforms are safe from danger because they’re so intimate and immediate. Wrong. Every one of these platforms has been infected by a worm at some point in their past, and likely will be again in their future.
• Email Worm – These worms are embedded into emails sent to the innocent and the unsuspecting. Hidden inside website links or attachments, they’re activated the moment they’re clicked on and off they go, doing their best to cause chaos.
• File Sharing Worm – There you are, fed up of having to pay for the right to watch any TV show that you want. So, you decide to join a peer-to-peer website where you can download TV shows and movies for free. Brilliant. Except that you rarely know who to trust and which media are trustworthy. You download the file; you open it to start watching TV and the next thing you’re actually watching the end of your machine.
• Internet Worm – These nasty critters roam the internet unfettered until they find vulnerable machines to infect, and then they do so with great gusto.

Fun fact: The most famous worm of all time is considered to be Stuxnet and it is well worth reading the story of how it managed to attack a nuclear plant in Iran with absolute precision. It is suspected that Stuxnet entered the plant on the back of a USB stick – although nobody is quite sure if it was accidental or deliberate. The worm then spread through the system and attacked a very specific part of the plant – the centrifuges – and caused them to spin at varying speeds until they disintegrated. By the time that the worm was found, the Natanz plant had to decommission around 20 centrifuges.

 

The protection

Here are seven steps that you should follow to protect your system and life from worms:

1. Watch your hard drive space – Because they replicate themselves worms can take up a lot of unused space on your system. If you notice that suddenly all of your free space is disappearing then you may be infected.
2. Watch your performance – By the same token, your performance will slow down and become sluggish. This is very likely as a result of your losing precious hard drive space as well as the worm happily dancing its way through your computer and using what it wants to get what it needs.
3. What’s that file? Interestingly, worms can create or remove files in your system. So, if you suddenly discover a new file or notice that files are going missing, it’s time to call in the big guns.
4. Your first big gun is to select an excellent internet security solution, an equally powerful antivirus system, and to keep your shields running. Pick an internet security software platform that’s got a solid reputation along with anti-phishing technology and defences against all the online threats that hang about trying to get into your system.
5. Keep your system updated. One of the key words that consistently comes up with regards to worms is ‘vulnerabilities’. If you don’t keep your system updated and ensure that you have all the holes patched, updates installed and firewalls managed, then you may as well hang out a welcome sign and invite those worms on in for tea.
6. Backup your data. Ensure your files are constantly backed up and stored in a secure location that cannot be accessed over the network. That will ensure your information remains free from infection.
7. Don’t click on unexpected or unknown attachments. It isn’t worth the risk. If you really must know, email the person who sent it to you and confirm that it is genuinely from them. Avoid: clicking on popups, opening strange links in an email, downloading and installing programs from unknown sources, opening unsolicited attachments.