The Conficker or Downadup worm has been taking the headlines in the past few months, with a $250,000 bounty currently on the head of the man responsible for unleashing a bug that eventually hit an estimated 15 million PCs, making it one of the most widespread infections since the SQL Slammer in 2003.
The spread of the worm wasn’t helped by, according to experts, such a huge number of unsecure PCs; with estimates suggesting that 30% of Window’s remained ‘unpatched’ during the worm’s peak.
So why then, did so many of us forget to patch our PCs and update our antivirus software in the midst of the biggest computer infection outbreak for six years? Is it because many still aren’t overly aware of what a “worm” actually is? After all, we’re constantly being told to keep our passwords safe and watch out for email lottery scams, but how many times have you been told to “look out for that worm”?
Worms work a little bit differently to your typical computer virus in that it doesn’t rely on user activity to activate and spread. Whereas viruses typically activate after a user clicks on an executable file or other program, worms often spread themselves from one computer to another without a user’s prior knowledge.
The typical way in which worms spread is via email. Once they work their way onto a PC, they tend to send copies of themselves to every email address in a user’s email contacts – and then the contacts stored on the recipients PC and so on – one of the reasons why the Conficker worm spread so quickly. Some worms, including Conficker, are also finding ways to infect removable USB flash drives, increasing the spread further.
Once on your PC, worms will look to exploit flaws in an operating system. They will usually hide in parts of the system that are difficult for users to find them in, such as the registry files, and are often only removed with a dedicated worm removal tool.
As for what worms do, that depends largely on the creator’s intentions.
Many worms have been created purely to spread and with comparatively minimal disruption to the computers they pass through, a tactic often used by spammers.
Other worms, however, carry what is known in the industry as a “payload”. This is a code that is designed to cause significant disruption and damage, be it deleting files or encrypting key files on your PC. Some worms are also known to create so-called “openings” or “back doors” for other forms of adware, spyware or viruses at a later date.
By their nature, worms are much less overt than over malware attacks, making them more difficult to spot and prevent. Whilst it is unlikely that you are ever 100% secure from these threats, up-to-date antivirus software, firewall and the latest Microsoft Window’s security updates, will ensure that you have the best possible protection against internet worms.