The computer worm, a threat that crawls... and strikes fast!

One of the most insidious cyber threats is the computer worm. It infiltrates, replicates and wreaks havoc on computer systems. 🪱

How does it work? How can you protect yourself? We've put together a comprehensive guide, including security measures, to everything you need to know about the computer worm, the threat that crawls and strikes fast!

See all software Computer Security

Definition of a worm

What is a worm?

In practical terms, a computer worm is malware whose main characteristic is that it replicates itself autonomously and ultra-fast. Once introduced on a computer, it spreads throughout the entire system, without the need for any external action.

To gain a foothold, the worm exploits vulnerabilities in mailboxes, instant messaging systems, file-sharing networks and the Internet. They can also be physically embedded on USB sticks or other storage media.

Hackers use worms to install backdoors, steal data, deploy other types of malware and generally damage systems.

Signs of a worm

Detecting a computer worm can be a complex task, so discreet is its action. 🥷 However, several characteristic signs should alert you:

• Noticeable system slowdowns,

• Inexplicable use of disk space,

• Unusual program behavior,

• Unusual message received from one of your contacts.

The different types of computer worms

• Internet worms: These spread through Internet-connected systems by exploiting vulnerabilities in web browsers and web-enabled software.

• E-mail worms: Spread when the recipient opens an infected attachment or clicks on a corrupted link.

• File-sharing worms: Embedded in files or folders, they spread in peer-to-peer (P2P) mode to infect other systems when shared.

• Instant messaging worms: infect workstations via booby-trapped links sent over messaging services such as WhatsApp.

• Removable media worms: Copied onto USB sticks or external hard drives, they infect new computers as soon as the media is plugged in.

Worm infection: possible consequences

Initially, worms had no other objective than to reproduce ad infinitum. They were created by hackers to expose computer flaws, prove their skills or simply have fun.

Unfortunately, over time, hackers realized that they could also use worms to plant malware in a computer system.

The technique? Insert malicious code into the worm (payload) so that it opens a backdoor in the device. The hacker can then :

• 🏴‍☠️ take control of the computer,
• 🏴‍☠️ harvest sensitive data,
• 🏴‍☠️ encrypt files to install ransomware, etc.

Worms can also be responsible for network saturation due to their propagation and damage to certain files.

The financial cost to companies can be very high (loss of data, clean-up costs), not to mention damage to reputation.

What's the difference between a virus and a worm?

A virus is a type of malware attached to an existing file or program. To run and spread, it requires external human action.

This is not the case with worms, and that's what makes them so different from viruses. The worm is autonomous, reproducing and propagating on its own, without the need for a host file or external intervention.

Worms are also faster, and can infect thousands of connected workstations in a very short time.

Let's take an example. In 2005, the Samy worm infected over a million MySpace users in just 20 hours.

Historical examples of worms

The first recognized computer worm was Creeper. In the 70s, it spread on the ancestor of the Internet (ARPANET) on the initiative of its creator, Bob Thomas. Wanting to test the security of his network, Thomas developed a program capable of reproducing itself autonomously. He then distributed it on the network, where it did far more damage than expected.

In 1988, student Robert T. Morris wanted to count the number of Internet users at the time (around 60,000 computers) by propagating a program. Unfortunately, due to a programming error, the program caused major damage to the network. Universities, military installations and more than 10% of the Internet at the time experienced system saturation.

Since then, many other worms have risen to fame:

• ILOVEYOU worm: in 2000, this worm disguised as a love letter infected over 10 million Windows computers worldwide.

• Mydoom worm: spread very rapidly, causing an estimated $40 billion in damage to 50 million infected computers.

• Sasser: the worm infected over 2 million computers in 2004, causing crashes and reboots worldwide.

• Stuxnet: a targeted worm which, in 2020, affected and damaged 20% of Iran's nuclear centrifuges.

How does the worm work?

1. The worm infiltrates a device via a booby-trapped download, e-mail, USB key, etc. The worm activates itself autonomously.

2. The worm activates itself autonomously in the device, executing the action for which it was designed.

3. Once executed, the worm scans its environment to detect other vulnerable systems.

4. It then copies itself onto another machine connected to the same system to execute again.

5. The cycle then begins again on a new device, then another, and so on.

Computer worms: what security measures should be taken?

To combat the spread of computer worms, you need to combine human and technical resources. On the one hand, implement effective security hygiene, based on common-sense practices. On the other, enhance your security with an arsenal of effective software.

Use high-performance antivirus software

The main line of defense against worms (but also ransomware, spyware and other malware) is, of course, a good antivirus program. Don't settle for freeware for individuals. As a private or public organization, you often have to manage sensitive data. So opt for a complete security solution!

💡 Check out our directory of the best antivirus software to choose yours!

Use complex passwords

Worms sometimes use factory credentials to infect devices. Don't take any risks by favoring strong, hard-to-guess and unique passwords. With this simple habit, you can considerably increase the protection of your systems.

Update your software

Worms are looking for the slightest loophole to get in. Obsolete software is one of their favorite entry points.

👉 To avoid this risk, update your programs and operating systems day one. This way, you benefit directly from security patches adapted to new threats.

Don't click on "suspicious" ads and links

This type of advice may seem obvious, but you wouldn't believe the number of viruses that infiltrate through this channel... To minimize the risks of this type, use an ad blocker. At the same time, train your teams in good Internet surfing practices to avoid dangerous domain names.

Don't open suspicious-looking attachments

When you receive a suspicious e-mail, even if it comes from a trusted contact, don 't open the attachment. If in doubt, contact your CIO or IT manager to clarify the situation. 🕵️

Disable auto-run

When a USB stick is plugged in, some systems launch the files on the storage medium directly. Disable this function to prevent malware from executing. This gives your staff time to thoroughly analyze the files before installing them.

IT solutions against worms

An active firewall for network protection

The firewall is the basic protection against worm invasions from the net. It filters incoming and outgoing traffic and acts as a barrier between your internal network and the Internet.

Anti-malware (workstations and mobiles)

Anti-virus software is no longer enough to deal with cyberthreats. You need to equip your organization's workstations with comprehensive anti-malware solutions. These suites offer essential features to detect and block threats before they take hold and spread.

A mail filtering system

We advise you to equip your corporate mailboxes with filtering software. Thanks to AI-based detection technology and deep learning, these tools are able to detect suspicious signs and block threats in real time.

See all software Computer Security

The worm in a nutshell

The worm is not a cyberthreat like any other. Even if it is less "popular" than ransomware or phishing, it is just as dangerous. Imagine, in just a few hours, all your company's central servers could be contaminated and all your data overwritten, due to a lack of vigilance.

So install high-performance security software on your workstations and make your teams aware of the importance of IT security. The worm is a threat that knows how to be discreet - that's its greatest strength!