By Charles Joseph | Cybersecurity Advocate
Of all the types of malware out there, there’s one that takes sneakiness — and destruction — to the next level: the worm.
Insidious, exploitative, and highly contagious worms have been responsible for billions of dollars of damages over the past 50 years. They’ve impacted everyone, from the most casual computer users to massive corporations to the world’s most powerful governments.
So just what is a worm, and how is it capable of causing so much harm?
What Is a Worm?
Worms are a subtype of malware, or malicious software, that can replicate and execute without any user interaction. They’re standalone programs that run themselves and spread automatically.
This makes them distinct from viruses, which require a host program and user input to run.
Worms, however, are programmed to start running invisibly all on their own. And because they aren’t limited by the capabilities of their host programs, they can cause a huge variety of complex damage within a very short timespan.
How Worms Spread
Social engineering often plays a role in the initial spread of a worm, as it needs to find its “patient zero” in order to begin replicating. Thus, some worms find their way onto your computer via infected email attachments, scammy IMs, sketchy websites, or pirated file downloads.
Part of a phishing attack, for instance, may involve disguising a worm as an important document, then attaching it to an email.
But more often, worms propagate by exploiting security holes and network vulnerabilities, allowing them to spread automatically to any vulnerable device.
Let’s say one of your coworkers, unbeknownst to him, has a worm on his computer. He brings the computer to work and connects it to the office network.
The worm sees that it has access to a new network and begins scanning every computer it can find for a certain Windows vulnerability that will allow it to spread.
Luckily, this vulnerability has been patched in the latest Windows update. Unluckily for you, you dismissed the update notification last night when it interrupted your evening gaming session, so your computer is still at risk.
In a matter of milliseconds, your coworker’s worm travels over the office network, around your firewall, and into your system files. It does the same to many of your colleagues… and it’ll repeat the process on every network its victims connect to in the future.
What Worms Do
Originally, worms had no purpose other than to spread. They weren’t programmed to harm users, files or devices — rather, they were exercises in pushing the boundaries of code and exploring what computer programs were capable of.
These early worms often had the unintended side effect of clogging up network bandwidth and making systems lag, but they were otherwise benign.
But these days, the opposite is true. Cybercriminals have turned worms into intentional weapons, and though the effects are widely varied, they’re never pleasant.
Worms Can Damage Your OS and Files
Many worms are designed to corrupt or delete the files on your computer, including both your personal files and your OS’s critical system files.
A worm may replace all text in your Word documents with gibberish, alter the encoding of your photos so they all appear blank, or delete random files altogether.
Other worms target program or system files, preventing you from opening your apps or using various OS tools. In severe cases, a worm may damage your system to the point that it crashes constantly or becomes unbootable.
Worms Can Load Your Computer Up with Junk
If you’ve ever opened your web browser only to find a bunch of useless toolbars you don’t remember installing or been bombarded with pop-up ads despite having an ad blocker, a worm may have been responsible.
Hackers often make money by forcing unwanted ads and programs onto their victims’ computers. Some even take it a step further, drowning you in awful ads before showing you one for an expensive “antivirus” program that purports to remove the ads — but in reality, only puts money in the attacker’s pocket.
Worms Can Hold Your System Hostage
A self-replicating program multiplies exponentially: every instance of it can copy itself, then those copies can copy themselves, and so on until the resource demands become untenable.
This incessant replication can cause your hard drive to fill up with copies of the worm and other junk files until there’s no space left for your own files. The worm can also place a heavy load on your RAM and CPU, hogging all your memory and processing power to fuel its propagation.
Some worms even create a literal hostage situation with ransomware. They encrypt your files and prevent you from accessing them or using your computer until you pay the hacker a certain amount of money — anywhere from $50 to hundreds of thousands of dollars.
Worms Can Steal Your Personal Information
A worm may trawl your computer for sensitive information like passwords, social security numbers, credit card numbers, and private personal messages or images. Anything it finds is sent back to the attacker, who can do what they please with it.
Worms can also include keyloggers — programs that record every key you press. The attacker then has a log of everything you type, including passwords and other sensitive data.
Worms Can Create Backdoors into Your System
Perhaps most terrifyingly, sophisticated worms can install backdoors deep in your system, creating new vulnerabilities for other hackers and malware to exploit.
Backdoors can also give the attacker full control over your system, opening up unlimited opportunities for surveillance and theft.
Worst of all, the attacker may even use your computer to commit other crimes, making it appear as if you’re the one committing them.
Key Worm Takeaways
- Worms are a type of malware that run independently without host programs or user interaction, often going completely undetected by the victim.
- Worms may spread through files, but more typically propagate over networks by exploiting program or system vulnerabilities.
- Exponential replication allows worms to infect huge numbers of systems in very little time.
- A worm’s goal may be to steal files, harvest passwords, hold your device for ransom or make it easier for other malware to infect your computer.
- Worms can make your computer slow or unresponsive, corrupt your files, overwhelm you with ads or fill your hard drive up with junk.
History of Worms
The term “worm” in reference to a self-replicating computer program was first used in 1975 by sci-fi novelist John Brunner. His novel The Shockwave Rider features a worm that collects data on the architects of a dystopian surveillance state.
But the first actual computer worm came four years earlier, in 1971. The Creeper worm was an experimental, benign program designed to show how code could replicate itself to other computers.
In 1988, a computer science student at Cornell named Robert Tappan Morris unleashed the first public worm on the internet, intended to demonstrate how inadequate the current computer security systems were. The so-called “Morris Worm” ultimately infected around 6,000 computers — around 10% of all internet-connected computers.
Beginning in the late ’90s and early ’00s, worms became more overtly malicious, spurred by the growing popularity of the internet and increased computing power. By the late ’00s, even world governments were using them against other countries as a form of cyberwarfare.
Worms by the Numbers
- Worms, excluding worms that include backdoors or trojans, account for 11% of all malware activity
- By 2000, worms and other malware were causing over $10 billion of damage per year
- In 2004, the MyDoom email worm was responsible for 1 out of every 12 emails sent worldwide
- In 2003, the Slammer worm infected 90% of all vulnerable computers in just 10 minutes
The Code Red Worm
In 2001, web servers around the world began displaying an ominous message: “HELLO! Welcome to http://www.worm.com! Hacked By Chinese!”
It was the result of Code Red, a worm that exploited a Microsoft Internet Information Services vulnerability to infect over 350,000 machines.
The worm was programmed to spend 20 days propagating, then launch denial-of-service attacks on several IP addresses, including that of the White House. This forced the White House to change its IP address and ultimately caused over $2 billion in damage worldwide.
The Stuxnet Worm
In 2007, the US and Israel were concerned about Iran’s development of nuclear weapons. They teamed up to create a top-secret worm that could crash Iran’s nuclear plants and stymie weapon development: Stuxnet.
By 2010, Stuxnet had infected over 200,000 computers and caused over 1,000 to physically degrade. This included over ⅕ of Iran’s nuclear centrifuges, setting the country’s nuclear development back 2 years.
Join Our Community
The WannaCry Ransomware Worm
In 2017, the WannaCry worm was released into the wild, kicking off one of history’s worst malware attacks.
Victims turned on their computers to find all of their data permanently encrypted — unless they sent the attackers a ransom of $300-600 in bitcoin. They had less than a week to pay up, or their data would be lost forever.
The scale of the attack was unprecedented: it had encrypted over 200,000 computers in 150 countries. Affected organizations, many of which had no choice but to pay up, included NHS hospitals in the UK, Honda, Boeing, and FedEx.
All told, the attack caused an estimated $4 billion in economic losses, and the attackers were never definitively identified.
What Is a Computer Worm and How Does It Work? (Video)
"Amateurs hack systems, professionals hack people."
-- Bruce Schneier, a renown computer security professional