Worms
Worms
A worm is a self-reproducing program which can travel over networks using networking mechanisms, without requiring any software or hardware support (such as a hard drive, a host program, a file, etc.) to spread; a worm is therefore a network virus.
How worms of the 1980s worked
The most famous worm story dates from 1988. A student (Robert T. Morris of Cornell University) had created a program which could spread over a network. He ran it, and within eight hours, it had already infected several thousand computers. Because of this, many computers crashed within just a few hours, as the "worm" (as we now know it) reproduced too quickly to be erased by the network. What's more, all of these worms clogged up bandwidth, which forced the NSA to shut down the connections for a day.
Here's how the Morris worm spread on the network:
- The worm gained entry into a UNIX machine
- It created a list of machines connected to it
- It brute-forced all the passwords from a list of words
- It passed itself off as a user from each of the other machines
- It created a small program on the machine so it could reproduce
- It hid itself on the infected machine
- and so on
Current worms
Current worms spread mainly with email clients (especially the client Outlook) using attachments that contain instructions for gathering all email address found in the address book and sending copies of themselves to all of these recipients.
These worms are usually scripts (typically in VBScript) or executable files sent as an attachment, which trigger when the recipient clicks on the attachment.
How do worms spread?
It is simple to protect yourself from infection by a worm. The best method is to avoid blindly opening files which are sent to you as attachments.
If you do, any executable files, or files which the OS can interpret, may potentially infect your computer. Files with the following extensions, in particular, may potentially be infected:
exe, com, bat, pif, vbs, scr, doc, xls, msi, eml
interpreted by the OS, and therefore the risk of infection from them is minimal:
txt, jpg, gif, bmp, avi, mpg, asf, dat, mp3, wav, mid, ram, rm
In Windows, it is recommended to disable the feature "hide extensions", because this feature can trick the user into thinking a file has a different extension. So a file with the extension .jpg.vbs will look like a .jpg file. files may contain viruses.
In reality, any kind of file may contain code carrying a virus, but the system must have first been modified by another virus in order to interpret the code found in the files
Files with the following extensions are not
It is common to hear that GIF or JPG
For any files whose extension hints that the file may be infected (or for extensions that you don't recognise), be sure to install an antivirus program and systematically scan every attachment before opening it.
Here is a larger (but non-exhaustive) list of extensions for files which may be infected by a virus:
Extensions
386, ACE, ACM, ACV, ARC, ARJ, ASD, ASP, AVB, AX, BAT, BIN, BOO, BTM, CAB, CLA, CLASS, CDR, CHM, CMD, CNV, COM, CPL, CPT, CSC, CSS, DLL, DOC, DOT DRV, DVB, DWG, EML, EXE, FON, GMS, GVB, HLP, HTA, HTM, HTML, HTA, HTT, INF, INI, JS, JSE, LNK, MDB, MHT, MHTM, MHTML, MPD, MPP, MPT, MSG, MSI, MSO, NWS, OBD, OBJ, OBT, OBZ, OCX, OFT, OV?, PCI, PIF, PL, PPT, PWZ, POT, PRC, QPW, RAR, SCR, SBF, SH, SHB, SHS, SHTML, SHW, SMM, SYS, TAR.GZ, TD0, TGZ, TT6, TLB, TSK, TSP, VBE, VBS, VBX, VOM, VS?, VWP, VXE, VXD, WBK, WBT, WIZ, WK?, WPC, WPD, WML, WSH, WSC, XML, XLS, XLT, ZIP
