The Worm...internet computer bait

A computer worm is a self-contained, self-replicating computer program or set of programs able to spread or send functional copies of itself or its segments to other nodes (computer terminals on the network) or computer systems, usually via network connections.

How about a simpler description?

A worm is a mischievous code that attempts to propagate itself over networks (computers that are linked to and share information on the internet). In other words, go forth and prosper all ye programs, be fruitful and multiply among all Internet connected computers.

worm,virus,malicious code,malware,cybercriminal,hacker,phishing,internet,computer,host,morris,hepps,shock


Invisus Hacker Safe Logo



Because a worm does not need to attach itself to a host, it has the ability to be both a network and a host computer worm. As a host, it runs on and uses network connections only to copy itself to other computers and is entirely contained within the computer it runs on. When a host worm copies itself, the original terminates after launching a copy of itself onto another host. Because of this process, only one copy will run on the network at any given moment making it difficult to track.

The particular code does not have to attach itself to a host program. Like a virus, it is capable of being a network worm. These networks are sometimes called "octopuses" because one segment behaves like the command center and coordinates the work of the other segments. These network worms consist of multiple segments each running on different machines. It is feasible for them to perform different actions using the network for communication purposes, and propagating is only one of their purposes.

How the code is written and what details comprise the make-up of such a program is beyond the intended scope of this description. However, let me know in the comment box that follows that you are interested in learning more about these codes, and I will provide you links to additional information. What you will find here is a history, the "who done it", and how not to step in it again, but not so much the in-depth technical jargon. You will know what a worm code is, how it came about, and, most importantly, how to avoid this type of malicious code. I don't know if you will get to every page on this web site, but one comment that will appear on most pages is that "computers were not built for security". The fact is that security is a trade-off with convenience, and, for most of us users, convenience ranks high which, I believe, will cost all of us in the future. We all need to do what is necessary and become better, more responsible cybercitizens. Lock your computers down and protect your family, your business, and yourself by learning more about a managed security service. The Internet worm is an automated intrusion agent. It looks for a vulnerable host, infects it, take up residence, and then looks for other vulnerable targets to attack. Unlike the virus that looks to spread through social engineering, this malicious code attacks through the technical weaknesses of the host. The other difference is that a virus attaches itself to a carrier or existing programs and the worm runs independently. Worms were not always the malevolent threat that they are today. In fact, the earlier programs were designed to perform useful tasks within a network. One of the first programs was developed by Bob Thomas in 1971 to assist air traffic controllers. This program allowed air traffic controllers to be notified when the controls of a plane moved from one computer to another computer. It was called the "creeper". The difference was this program did not reproduce itself. In 1975, the term "worm" was coined by science-fiction author, John Brunner, in his novel called "The Shockwave Rider". The idea of developing these programs slowly faded, but a few people did continue to experiment. Despite the perceived usefulness of these programs, their destructive capabilities became evident as witnessed by John Shock and Jon Hepps of the Xerox PARC (Palo Alto Research Center).

In 1978, both Shock and Hepps designed a program called a "worm". They developed a total of five program variations, each performing a particular function. The original task of the variation on the network was simple and was called the "town crier". Its function was to post announcements throughout the network (think of a screen saver) on all the computers. Later, more complicated programs were designed. The "Vampire Worm" was to lay dormant during the day (working hours) and at night (after hours). Its function was to find idle processors on the network, harness the extra computing power by sharing the processing load, and assign them tasks which improved efficiency across the entire network. The process was repeated each night.

As with most new technology, these programs were designed to be helpful around the network; however, a glitch wormed its way out and sent a stern warning of its destructive nature and of what it was capable of delivering. Shock and Hepps returned to Xerox PARC in the morning to find the computers had crashed. It was discovered that one of the programs had malfunctioned and created havoc in the network. Due to these problems, the research diminished for a few years until the '80s when the malevolent impact of these programs again began to rear its ugly head. The first true worm and, debatably, the most famous was the Internet Worm of 1988. It was released on November 2nd by Robert Tappan Morris, a 23-year-old doctoral student at Cornell University.

There has been a great deal of discussion about whether or not the 99 lines of program written by Morris should be referred to as a virus. Many still refer to the program, which crippled the Internet in late 1988, as a virus but this type of code is now known as a "worm".

The Morris program was not meant to be malicious, but was intended to be a benign proof of concept. Unfortunately, there was a bug in the code allowing the program to replicate without quitting, causing a massive build up of running programs that ultimately ended up invading 4,000 to 6,000 computers in 24 hours. The cost according to the United States General Accounting Office was between $100,000 and $10,000,000 due to the inability to access the Internet at an infected host. The method of operation used to reproduce or spread is what distinguishes the differences between a worm and virus. One difference between the two is the virus enters a computer on the actions of the operator and lays dormant until the user activates the virus, at which time it will perform its nefarious deeds. A second distinction, at least back in 1988, was that the virus was carried by diskettes; if an individual was careful and only used safe disks the chance of viral infection was nil but, today viruses can be downloaded. Learn more about the history of viruses. A worm is more powerful than a virus and usually gains access through the internet. After gaining access, it will search for other internet locations and infect them if it can. Unlike the virus, it needs no user assistance from any unsuspecting individual to trigger an event. It will operate its own program and travel over the internet, so all machines attached to infected machines are at risk. Once a worm locates an internet connection, it will simply download a copy of itself to that location and continue running as normal.

The Morris program eventually shut down sixty thousand computers across the country including research and military installations. If any good came from the Internet Worm of 1988, it was the awareness that there were a number of glaring holes in the system. This event provided a wake-up call to system administrators around the country. And because of the event, other bugs were discovered. One of the more important issues that came out of this catastrophe that is probably more relevant today is that, instead of concentrating on network security, maybe the focus on defenses should be at the host or computer level (the end point). This is an important point that should be applied today when considering the security of the internet. The greatest portion of internet users is comprised of small businesses and individuals and yet that is the weakest sector. We need to secure the "end user". Learn more about a managed security service. A new set of problems for internet security has developed because of the significant growth of the web and its underlying new technologies. In fact, IBM has identified mobile phones as a possible major threat for attacks. Many industry experts accept the fact that the development of new worms that could cause greater devastations are almost inevitable.

One of the unique features of a computer is that whenever another computer says, "hello", the other computer has to respond back in return by answering "hello". Consequently, a malicious code can have a devastating effect. For instance, it can use affected computers (thousands at one time) to bombard websites with requests for data, causing havoc and ultimately overloading and crashing the computers. There have been cases when the server has been overheated and caught on fire; a real melt-down. Think of thousands of computers under the control of a cybercriminal saying "hello" to a targeted site. That site's computer has to respond and will crash and burn. It is not unheard of for a competitor to sabotage another competitor in this manner.

In other cases, the worm can encrypt the user's files and render them unusable and blackmail the company. Not only are companies falling prey to this extortion, the individual consumer is getting caught up in this "Denial of Service" (DDoS). A hacker will encrypt your files and demand payment for the key to release them. If you do not pay, your files will be deleted one at a time until you do. The cost may be only $30.00 but multiply that by a factor of thousands and it becomes attractive to a cybercriminal who can operate an extortion scam online from anywhere in the world. Get protected with a bundled best-of-breed technology. Many malicious codes open a "back door" (remember, there are 65,000 access ports on your computer), allowing hackers to take control. When this happens your computer has become a "zombie" under the control of another operator. That operator or hacker will use your computer as a platform to send out illegal spam or pornography and, in all cases, you are the owner of the computer and you are responsible. This is one case when "you are guilty until proven innocent". I've made the statement earlier that we all need to become responsible cybercitizens. I'd like to add that what is also needed is to change the competing factions that exist between security and ease of use (convenience). The temptation is to overlook security, thereby, leaving the door open for the next piece of malicious code. We haven't even talked about spyware which is probably more insidious. Here is a test that you can run to validate or just verify if what you are running on your computer is really working and keeping you out of harm's way. If you are not running security software, it is in your best interest to run the test and subscribe to a managed security service. Test your computer now for spyware and hacker tools: no charge.

Invisus Hacker Safe Logo

What You Don't Know Is Exactly What A Cybercriminal Banks On...and On...and On

How May We Better Serve You?
What's Your Top Internet Security Concern?
First Name*
E-mail Address*

Please enter the word that you see below.

  



Worm back to Home Page