In the last blog post we discussed a specific type of malware called a virus. This week we will discuss another type of malware called a worm.
There are some distinguishing characteristics of a worm: It can replicate itself without human interaction and it does not need to attach itself (i.e., infect) to a file to do damage. Worms usually exploit some sort of software vulnerability like a flaw in the operating system and use that as the vector to spread itself very rapidly. The name “worm” was chosen deliberately because most often a worm is designed to spread or wiggle its way through an entire network such as a government agency or company. Therefore, worms are often used to penetrate a high value target and either destroy it (make the computer systems crash) or steal sensitive data.
Although worms are often used to infiltrate high value targets, another popular use is to quickly infect large numbers of computers to form a botnet which is controlled by a central authority. This army of bots can then be used to perform various nefarious acts on demand such as to flood a specific website with a large volume of traffic in order to bring it down (denial of service). Other uses for a botnet include sending spam email or stealing data such as passwords. The key is that the botnet is large and distributed with new bots coming and going over time.