Computer Protection: Worms

Consider them viruses; only smarter.

An example on how fast worms can compromise an unsecured system as well as try to find new targets to infect. > 

Worms. Chances are if you have ever read any type of newspaper, you have read about worms. From Love Bug to Code Red, these babies cause unimaginable amounts of damage world-wide. We have no doubt in our minds that the Internet is going to be playing a crucial role in wars from now on; if worms are programmed properly, they can be one of the fastest methods of causing damage on a global scale.

The question is how can worms spread so fast, and how are they different from viruses? We've noticed the terms virus and worm are spoken like they are synonymous with one another. While they both have many similarities, there is one distinguishing feature that separates the viruses from the worms:

Worms, unlike viruses, have self-propagating engines. What this means is while a virus needs a person to activate it (thus giving it the capability to spread), worms can do this without any human interaction.

This is how worms cause such a large amount of damage. They spread by themselves and unleash their payload on every computer they infect. This leads to another question: how do worms spread themselves???

Excellent question! Worms can do this in a variety of ways. With the worms we have analyzed (as well as the popular ones you see in the news), they primarily spread in the following ways:

·       Email address harvesting: When a worm infects your system, it will check a variety of file types on your computer for additional email addresses to send itself to. The main file types that worms look for in email addresses are files with .doc (Microsoft Word documents), .txt (Notepad files), .htm and .html (both are webpages) extensions.

·       Same-domain search engine queries: Once a worm infects your system, it will determine what domain your computer is on. Once it figures this out, the worm will actually use popular search engines such as Google and Yahoo to search for additional email addresses that match your domain name.

Want to figure out what domain your computer is on? Do the following:

·       Click Start, then Run...

·       In the new window that opens, type "cmd" (without the quotes) and click OK

·       When the black box opens, type "ipconfig" (without the quotes) and hit Enter

·       The value to the right of "Connection-specific DNS Suffix" is the domain your computer resides on

·       Once you discovered the domain your computer is on, type "exit" (without the quotes) and hit Enter

Think that worms are smart? Unfortunately, they are even smarter than you think. Now, you would think once worms find additional email addresses to send itself to, it would just send the exact same email to every email address... we wish that were true. Worms are developed with what you could consider an email generator. Every email that is sent through the worm can have a combination of a randomized Sender, Subject, Email Attachment (both the attachment name and its extension), and Body. Since everything can be randomized except your email address, it makes it very difficult to spot a worm. Kinda gives you a new perspective of opening junk mail, doesn't it!

Nobody ever wants to deal with worms, that is obvious (unless you are a malicious software analyzer or just crazy). Fortunately, the good guys a lot of the time know what to look for in worms and can quickly produce a remedy for the general public. There are tons of worms that have had a lifespan of less than an hour because of the rapid releases of security patches from companies worldwide! How's that for a breath of fresh air!

Want to jump into the fight of preventing worms from spreading? Do the following:

·       Keep your computer up-to-date with the latest patches: We can't exaggerate the importance of this. These patches seal up security holes worms take advantage of, so it's in your best interest to keep up with the most recent patches available. Not sure if you have the most up-to-date patches? Look at Microsoft's website and click on the Microsoft Update link on the left-hand menu. You also have the option of having critical patches automatically update your machine when available. To set this option, do the following:

o      Click Start, then My Computer

o      Under the Other Places menu to the left, click Control Panel

o      If you are in Category View, click Security Center and click on the Automatic Updates section at the bottom of the new window that opened. In the new window that opened, make sure the Automatic (recommended) is selected.

o      If you are in Classic View, click System. When the new window opens, click the Automatic Updates tab and make sure the Automatic (recommended) is selected.

·       Have anti-virus software installed with up-to-date virus definitions: Having anti-virus software with the most up-to-date virus definitions is one of your best defenses against worms. Not only that, anti-virus software is pretty useless if you don't keep its virus definitions up-to-date. Have a look at the Checklist section for more information about anti-virus software.

·       Use extreme caution when opening emails from unknown users: This is how worms like to spread. Always use anti-virus tools to scan emails for worms. Even if the email looks like it came from someone you know, it never hurts to scan it for worms. You just never know if a worm got onto a computer of someone you know and sent its own email to try and infect your system.

Do yourself a favor and have a look at this malicious software prevention and detection suite that uses ground-breaking technology to protect your computer.  This is by far our favorite security suite and we would not consider a computer secure without it.