Networking / Beginners

Worm

A worm is a self-contained and independent program that is usually designed to propagate or spawn itself on infected systems and to seek other systems via available networks. The main difference between a virus and a worm is that a virus is not an independent program.

However, there are new breeds of computer bugs that are blurring the difference between viruses and worms. The Melissa virus is an example of this new hybrid. In 1999 the Melissa virus attacked many users of Microsoft products. It was spread as an attachment, but the virus spread as an active process initiated by the virus. It was not a passive virus passed along by unsuspecting users.

One of the first and perhaps the most famous worms was the Internet Worm created and released by Robert Morris. In 1986, Morris wrote his worm program and released it onto the Internet. The worm's functioning was relatively benign, but it still had a devastating effect on the Internet. The worm was designed to simply reproduce and infect other systems. Once released, the program would spawn another process. The other process was simply another running copy of the program. Then the program would search out other systems connected to the infected system and propagate itself onto the other systems on the network. The number of processes running grew geometrically. Figure below illustrates how the Internet worm grew and spread: One process spawned to become two processes. Two processes spawned to become four processes. Four processes spawned to become eight. It didn't take very long for the spawning processes to consume all the CPU and memory resources until the system crashed. In addition, each time the processes spawned another, the processes would seek outside connections. The worm was designed to propagate, seek out other systems to infect them, and then repeat the process.

Internet worm

Stopping the processes from growing was a simple matter of rebooting the system. However, system administrators found that they would reboot their systems and get them functioning again only to find them being reinfected by another system on the Internet. To stop the worm from reinfecting systems on the network, all of the systems had to be shut down at the same time or taken off-line. The cost to clean up the Internet worm was estimated to be in the tens of millions of dollars. Morris was arrested, prosecuted, and convicted for his vandalism.

[Previous] [Contents] [Next]

In this tutorial:

  1. Threats and Attacks
  2. The OSI Reference Model
  3. TCP/IP Protocol Suite
  4. Threats, Vulnerabilities, and Attacks
  5. Attacks
  6. Viruses
  7. Worm
  8. Trojan Horses
  9. Trap Doors
  10. Logic Bombs
  11. Port Scanning
  12. Spoofs
  13. Sequence Number Spoofing
  14. DNS
  15. DNS Poisoning
  16. Redirects
  17. Password Cracking
  18. Sniffing
  19. War Dialing
  20. Denial of Service
  21. Ping of Death
  22. SYN Flooding
  23. SPAM
  24. Smurf Attack