Odds are over the years you’ve heard about large scale computer virus attacks that have caused widespread damage to large numbers of computers. The ILOVEYOU virus in the late 1990s, the Blaster and Sasser viruses in the mid 2000s, Conficker and Stuxnet in the early 2010s have all gotten front page coverage and become (nearly) household words. Certainly, they’ve helped to make computer security something we all know to take seriously.
All of these attacks are examples of a very specific type of computer virus; they’re all what are called “worms.” This type of malware is designed not only to infect a system, but to turn around and try to infect as many other systems as possible. Early computer security researchers coined the term worm based on the way this type of virus crawls across networks and makes its way into systems not unlike a worm crawling and boring into an apple.
Worms will use a variety of means to identify and connect to other systems. Some worms like Conficker use network shares and connections to connect to other systems to spread themselves. Other worms like ILOVEYOU use your email client and address book to send copies of itself to everyone you know. Some worms even use instant messaging clients to send themselves to all of your contacts. Regardless of the specific way a worm spreads, or propagates, the goal is the same: to use your infected system to infect as many other systems as possible.
What makes worms so damaging is that they’re able to spread very quickly. It takes an IM worm less than a minute to try and send itself to all of your contacts. For example, if you have 20 IM contacts and all your contacts (and their contacts) have 20 contacts, in less than 5 minutes a worm can try to spread to and infect over 3,200,000 systems. The Blaster worm in 2003 took only two days to spread to millions of Windows systems worldwide, bringing many networks down because it flooded their networks. Worms can become so widespread that it’s nearly impossible to eradicate them; as soon as cleaned systems are put back on the network, they become reinfected. Because of this security experts consider worms the most dangerous form of virus out there and the hardest to get rid of.
In some cases, your Internet Service Provider (ISP) will cut off your Internet access if your system is infected with a worm, to protect the Internet and other users.
With the advent of mature antivirus and security packages, worms are less of a threat than they used to be. The prevalence of firewalls in particular has helped to curb the fast spread of worms.
Blaster showed everyone that it’s not impossible for a really bad, fast spreading worm to bring the Internet itself down. This is why it’s critical that you run antivirus software on your systems, preferably one with firewall capabilities. It protects not just you and your data, but the entire Internet.