WAYS OF INFECTION
Worms replicate themselves and infect a computer without user knowledge and consent. There are three major ways these unsolicited parasites can get into the system.
1. Some parasites called mass-mailing worms propagate through e-mail. They arrive in files attached to e-mail messages or come embedded into letters. Once the user opens such a letter or file the worm silently installs itself to the system. The user cannot notice anything suspicious, as a parasite does not display any setup wizards, dialogs or warnings.
2. Widely spread worms infect vulnerable computer on the Internet by exploiting known operating system and installed software security vulnerabilities. Such parasite spread on their own and therefore do not require any user interference.
3. Many worms distribute themselves in infected files that arrive attached to instant messages or can be downloaded from file sharing networks or unprotected network shares. Such worms spread the infection in files with meaningful names in order to trick the user into executing them. Once the user opens a file, the worm silently infects a computer.
Worms affect mostly computers running Microsoft Windows operating system.
WHAT A WORM DOES?
- Uses a compromised system to spread through e-mail, file sharing networks, instant messenger, online chats or unprotected network shares.
- Infects files, corrupts installed applications and damages the entire system.
- Steals or discloses sensitive personal information, valuable documents, passwords, login names, identity details and user contacts.
- Installs a backdoor or drops other dangerous parasite.
- Modifies essential system settings in order to decrease overall system security and make it more vulnerable.
- Severely degrades Internet connection speed and overall system performance, causes software instability. Some parasites are badly programmed, they waste too much computer resources and conflict with installed applications.
- Provides no uninstall feature, hides processes, files and other objects in order to complicate its removal as much as possible.
EXAMPLES OF WORMS
There are thousands of different computer worms. The following examples illustrate how treacherous and harmful worms can be.Melissa
is an infamous mass-mailing worm that was first found in the early 1999. It comes attached to e-mail messages and looks like a text document. However, when a user opens such an attachment, the worm silently installs itself to the system and starts to spread. It modifies Microsoft Word settings and infects lots of text documents. Then it sends out infected documents attached to e-mails to all the contacts from the address book. These actions disclose user's personal information and other confidential data. The worm sends out huge amount of infected letters and can overload mail servers. Some Melissa variants delete critical system files and therefore damage the entire system.ILoveYou
, also known as LoveLetter and Love Bug, is perhaps the most widely-known worm in all history of worms. It struck the computer world in 2000, and infected a big number of systems all over the world. ILoveYou spreads through email as an attachment to the letters. But the text of the letters seems so nice and sweet that users open attachments without even thinking that there could be a virus. The text of e-mail may contain words like “I love you” and everything that is similar to that. ILoveYou spreads very fast, because when it gets to the system, it immediately sends its copies to all the addresses from the Microsoft Outlook Express address book. It also harms the system, by overwriting essential system files, user personal documents, multimedia files and other critical data. Some ILoveYou variants are responsible for a Denial of Service attack on the official White House web site.Sobig
is an Internet worm, which spreads by e-mail in letters with infected attachments. Once such attachment is executed, the worm installs itself to the system and distributes itself to e-mail addresses found in files of several types. It also infects vulnerable computers with shared resources in a local network. Sobig contains a backdoor, which can be used to update it or install additional plugins. Although this worm can cause a high overload of mail servers, it is outdated and doesn't spread now. However, its backdoor can still be active and may be used by attackers. Sobig is responsible for millions of infections around the world in 2003.MyDoom
, also known as Novarg, Shimgapi and Mimail, is the fastest spreading worm ever. The parasite propagates by e-mail and through file sharing networks. It comes in infected files attached to e-mail messages that trick the user into believing that they were sent by regular mail servers as delivery error notifications. Once the user executes such a file, MyDoom silently installs itself to the system and runs its payload. The worm sets up a backdoor that gives the remote attacker full unauthorized access to a compromised computer and performs a Denial of Service attack against SCO and Microsoft companies web sites. It also blocks access to several reputable domains. MyDoom is responsible for significant worldwide Internet performance slowdown that took place in the beginning of 2004. One in ten of all e-mail messages at that time contained a copy of the parasite.
worm is an infamous Internet parasite that infects vulnerable computers running systems with unfixed security breaches. It doesn't distribute itself by e-mail or some networks, but infects computers directly and doesn't depend on the user's actions. Sasser installs itself to the system and searches for other vulnerable hosts. The worm can hang the infected computer or reboot it frequently. It also severely compromises the security of infected systems, so the attackers are able to connect and control them remotely.
CONSEQUENCES OF A WORM INFECTION
Most Internet worms spread through e-mail, file sharing networks or unprotected network shares. This distribution method noticeably decreases overall computer performance and degrades Internet connection speed. The user, which computer is infected with a worm, usually have multiple web surfing problems, system instability and software unreliability issues. Moreover, his computer becomes the source of infection and poses serious threat to other hosts over the Internet or in a local network.
Many worms attempt to decrease system security by modifying security-related application settings, turning off antivirus or anti-spyware protection. Some parasites drop even more dangerous security and privacy threats such as various backdoors or trojans. The remote attacker can use these pests to gain full unauthorized access to a compromised computer, steal user sensitive information or totally destroy the entire system and all user data.
A worm by itself is a great privacy risk. Lots of these parasites are designed specially to collect valuable user information like passwords, bank account details, credit card numbers or identity data and silently transfer it to the attacker. Some worms are made for criminal purposes. They are created to infect computers of corporate users and steal or disclose to public secret documents and other confidential information.
HOW TO REMOVE A WORM?
Worms work in the same manner as the regular computer viruses and therefore can be found and removed with the help of effective antivirus products like Symantec Norton AntiVirus, Kaspersky Anti-Virus, McAfee VirusScan, eTrust EZ Antivirus, Panda Titanium Antivirus, AVG Anti-Virus. Some advanced spyware removers, which are able to scan the system in a similar way antivirus software does and have extensive parasite signature databases can also detect and remove certain worms and related malicious components. Powerful anti-spyware solutions such as Microsoft AntiSpyware Beta
, Spyware Doctor
, Ad-Aware SE
or eTrust PestPatrol
are known for quite fair worm detection and removal capabilities.
In some cases even an antivirus or spyware remover can fail to get rid of a particular worm. That is why there are Internet resources such as 2-Spyware.com, which provide manual malware removal instructions. These instructions allow the user to manually delete all the files, directories, registry entries and other objects that belong to a parasite. However, manual removal requires fair system knowledge and therefore can be a quite difficult and tedious task for novices.