Вы находитесь на странице: 1из 3

A computer worm is a standalone malware computer program that replicates

itself in order to spread to other computers.[1] Often, it uses a computer


network to spread itself, relying on security failures on the target computer to
access it. Unlike a computer virus, it does not need to attach itself to an
existing program.[] !orms almost always cause at least some harm to the
network, even if only "y consuming "andwidth, whereas viruses almost
always corrupt or modify #les on a targeted computer.
$any worms that have "een created are designed only to spread, and do not
attempt to change the systems they pass through. %owever, as the $orris
worm and $ydoom showed, even these &payload free& worms can cause
ma'or disruption "y increasing network tra(c and other unintended e)ects. A
&payload& is code in the worm designed to do more than spread the worm*it
might delete #les on a host system +e.g., the ,xplore-ip worm., encrypt #les
in a cryptoviral extortion attack, or send documents via e/mail. A very
common payload for worms is to install a "ackdoor in the infected computer
to allow the creation of a &0om"ie& computer under control of the worm
author. 1etworks of such machines are often referred to as "otnets and are
very commonly used "y spam senders for sending 'unk email or to cloak their
we"site2s address.[3] 4pammers are therefore thought to "e a source of
funding for the creation of such worms,[5][6] and the worm writers have "een
caught selling lists of 78 addresses of infected machines.[9] Others try to
"lackmail companies with threatened :o4 attacks.[;]
<ackdoors can "e exploited "y other malware, including worms. ,xamples
include :oom'uice, which can spread using the "ackdoor opened "y $ydoom,
and at least one instance of malware taking advantage of the rootkit and
"ackdoor installed "y the 4ony=<$> :?$ software utili0ed "y millions of
music @:s prior to late AA6.[B][du"ious C discuss]<eginning with the very
#rst research into worms at Derox 8A?@, there have "een attempts to create
useful worms. Ehose worms allowed testing "y Fohn 4hoch and Fon %upp of
the ,thernet principles on their network of Derox Alto computers. Ehe 1achi
family of worms tried to download and install patches from $icrosoft2s
we"site to #x vulnera"ilities in the host system*"y exploiting those same
vulnera"ilities.[G] 7n practice, although this may have made these systems
more secure, it generated considera"le network tra(c, re"ooted the machine
in the course of patching it, and did its work without the consent of the
computer2s owner or user. ?egardless of their payload or their writers2
intentions, most security experts regard all worms as malware.
4everal worms, like D44 worms, have "een written to research how worms
spread. Hor example, the e)ects of changes in social activity or user "ehavior.
One study proposed what seems to "e the #rst computer worm that operates
on the second layer of the O47 model +:ata link Iayer., it utili0es topology
information such as @ontent/addressa"le memory +@A$. ta"les and 4panning
Eree information stored in switches to propagate and pro"e for vulnera"le
nodes until the enterprise network is covered.[1A]
8rotecting against dangerous computer worms[edit]
!orms spread "y exploiting vulnera"ilities in operating systems. Jendors with
security pro"lems supply regular security updates[11] +see &8atch Euesday&.,
and if these are installed to a machine then the ma'ority of worms are una"le
to spread to it. 7f a vulnera"ility is disclosed "efore the security patch
released "y the vendor, a 0ero/day attack is possi"le.
Users need to "e wary of opening unexpected email,[1] and should not run
attached #les or programs, or visit we" sites that are linked to such emails.
%owever, as with the 7IOJ,KOU worm, and with the increased growth and
e(ciency of phishing attacks, it remains possi"le to trick the end/user into
running malicious code.
Anti/virus and anti/spyware software are helpful, "ut must "e kept up/to/date
with new pattern #les at least every few days. Ehe use of a #rewall is also
recommended.
7n the AprilCFune, AAB, issue of 7,,, Eransactions on :ependa"le and 4ecure
@omputing, computer scientists descri"e a potential new way to com"at
internet worms. Ehe researchers discovered how to contain the kind of worm
that scans the 7nternet randomly, looking for vulnera"le hosts to infect. Ehey
found that the key is for software to monitor the num"er of scans that
machines on a network sends out. !hen a machine starts sending out too
many scans, it is a sign that it has "een infected, allowing administrators to
take it o) line and check it for malware.[13][15] 7n addition, machine learning
techniLues can "e used to detect new worms, "y analy0ing the "ehavior of
the suspected computer.[16]
$itigation techniLues[edit]
A@Is in routers and switches
8acket/#lters
E@8 !rapper=li"wrap ena"led network service daemons
1ullrouting
%istory[edit]
$orris !orm source code disk at the @omputer %istory $useum
Ehe actual term &worm& was #rst used in Fohn <runner2s 1G;6 novel, Ehe
4hockwave ?ider. 7n that novel, 1ichlas %aMinger designs and sets o) a data/
gathering worm in an act of revenge against the powerful men who run a
national electronic information we" that induces mass conformity. &Kou have
the "iggest/ever worm loose in the net, and it automatically sa"otages any
attempt to monitor it... Ehere2s never "een a worm with that tough a head or
that long a tailN&[19]
On 1ovem"er , 1GBB, ?o"ert Eappan $orris, a @ornell University computer
science graduate student, unleashed what "ecame known as the $orris
worm, disrupting a large num"er of computers then on the 7nternet, guessed
at the time to "e one tenth of all those connected[1;] :uring the $orris
appeal process, the U.4. @ourt of Appeals estimated the cost of removing the
virus from each installation was in the range of OAAC63,AAA, and prompting
the formation of the @,?E @oordination @enter[1B] and 8hage mailing list.[1G]
$orris himself "ecame the #rst person tried and convicted under the 1GB9
@omputer Hraud and A"use Act.[A]