“Anti-Virus software does nothing to stop worm..!”

– Christopher Klaus

Background Of Worm?

The word of ‘worm’ was first used in John Brunner’s in 1975 novel, The Shockwave Rider.

On November 2, 1988, Robert Tappan Morris, a Cornell University computer science graduate student, unleashed what became known as the Morris worm, disrupting a large of computers then on the Internet. It spread very rapidly, infecting all vulnerable machines in a matter of hours. The Morris Worm attacked multiple security holes and used multiple streams of execution to improve its throughput when attacking other machine. Although intended to be a benign proof of concept, the Morris Worm had a significant impact due to a bug in the code. When it reinfected a machine, there was a fixed chance that the new infection wouldn’t quit, causing the number of running worms on a machine to build up, thereby causing a heavy load on many systems. During the Morris appeal process, the U.S. Court of Appeals estimated the cost of removing the virus from each installation was in range of $200-53,000, and prompting the formation of the CERT Coordination Center and Phage mailing list. Morris himself became the first person tried and convicted under the 1986 Computer Fraud and Abuse Act.

Characteristics of Worm?

 Computer worms are one of the most common malware to computers and electronic devices. It also classified as a type of computer virus, but there are several characteristics that distinguish computer worms from regular viruses. Firstly, the primary difference is the fact that computer worms do not need a human help to propagate because it standalone program while viruses spread through human activity like running a program and opening a file. Besides that, computer worms often operate as standalone program. In addition to being able to spread unassisted, computer worms have the ability to replicate themselves. This means that worms can create multiple copies of themselves to spread and do the damage to other computers.

How Worm attack?

 Computer worms replicate themselves which penetrates an operating system in order to spread a malicious code around a computer network and from computer to computer. Worms typically cause damage to the host networks by consuming bandwidth and overloading web servers. Computer worm can duplicate itself on the local drive of a computer, removable media like flash drive, on the internet like the attachment but it does not attach itself to corrupt or damage any host file.  A worm enters a computer through a vulnerability in the system and takes advantage of file-transport or information-transport features on the system, allowing it to travel unaided. It noticed only when their uncontrolled replication consumes system resources, slowing the other task.

How to trace Worm?

 There are many ways or tools that can be used to trace or detect the computer worms and malwares in a computer. Antivirus is one of the ways that users can used and installed in a computer because antivirus is capable of both detecting and removing malware. Nowadays, there are many types of antivirus that can protect user’s computer or file from corrupt by computer worms and malware such as Kaspersky Antivirus, AVG Antivirus, Avast Antivirus, Avira Antivirus and so on.

Besides that, Microsoft’s Malicious Software Removal Tool (MSRT) also a good general malware detector and removal tool, simply because Microsoft should know whether the scanned code is theirs or not. The features of MSRT are the scan and removal process is automated, Windows Update keeps the signature file database current automatically, it also less intrusive and more likely to be accepted by management.