When we think of worms, most of us think of the creature that helps our gardens thrive, however, in the technology field the word “worm” strikes fear into many a technology user. This particular form of malware has caused billions of dollars in damages in the last decade alone!1 Using Symantec’s definition, worms are “programs that replicate themselves from system to system without the use of a host file. This is in contrast to viruses, which requires the spreading of an infected host file.”1 Some liken it to a chain letter that no one wants, but is far more insidious and damaging.
“They make your computer more vulnerable to future attack, because every machine with a worm infection is broadcasting to the entire Internet that it can be taken over by anyone who cares to copy the method the worm used. Also some viruses and worms disable standard security measures, or install their own back-door services that allow other people to use your computer over the Net.”2
The first known worm was the Morris worm in 1988, named after Robert Morris, a student at M.I.T. While the worm was initially harmless, it “quickly began replicating copies of itself onto Internet servers of the day (predating the World Wide Web), eventually causing them to stop working due to exhaustion of resources.”3
In 2001 a worm by the name “Nimda” (admin spelled backwards), infected nearly 2.2 million servers and PCs within a 24-hour period through a multi-pronged approach including searching for unpatched applications, sending an infected mass email to a victim’s contact list, and downloading from a compromised website.4 This worm caused over $635 million in damages and dramatically decreased internet speeds and wreaked havoc on a user’s email account.
One of the more powerful attributes of a worm is its ability to propagate seemingly by itself, with little to no human interaction. This makes it ideal for cyber warfare. A prime example of this is the 2010 attack on Iran; the United States and Israel created what is now known as the Stuxnet worm to attack Iran’s nuclear enrichment program. By the time the worm was discovered and expelled from their infrastructure, 984 uranium enriching centrifuges were destroyed, setting Iran’s nuclear weapons program back by approximately 2 years!5
How does it spread?
What makes worms so dangerous and insidious is that once it is on your machine, it can wreak havoc without the user’s knowledge. Once the initial sequence is started (opening an attachment, clicking on a link, etc.), the worm will move on its own through the system, impeding the user’s activity. Worms also infect other machines by self-replicating and sending mass emails through the infected users’ email contacts.1 Oftentimes, victims think they are simply opening an attachment from a friend or acquaintance so their guard is down.
How do you know when you have a worm? There are several key symptoms that may indicate you have been infected:
- Emails sent without consent. If you are contacted by an individual in your contact list about a strange email you sent, but have no recollection of, you may be a victim of a worm.
- Software suddenly appearing on your desktop. If you notice that applications are suddenly appearing on your desktop, or have been removed, that’s a red flag that your machine may be compromised.
- Slow computer performance. If infected, your machine may run slower as the worm needs memory to effectively run and propagate.
- Pop-ups galore. If you are seeing numerous pop-ups and messages, it’s a surefire sign that you have a worm or virus on your machine.
- New windows open when connecting to the internet. A common symptom of an attack or worm is when you connect to the internet and it opens a new window that you did not request.
How to protect against worms
So, what can you do to prevent such an attack from occurring?
- Be cautious around attachments. Even if you recognize the sender, be cautious if they send you an unexpected email with an attachment and a vague subject line (“You have to see this!”). Be extremely cautious if you don’t recognize the sender.
- Perform regular updates. Their intended purpose is to quickly push out fixes to bugs that may be occurring and create a safe computer environment. When you browse the internet, your computer is at the mercy of its current protective measures. Viruses, malware and rootkits are always on the search for security holes to exploit and gain entry to your personal data. While the best antivirus software would prevent this from ever happening, in order to accomplish such a goal, you need to perform recommended updates.
Working with a managed IT service provider (MSP) can remove a lot of the burden and take away the mystery of proactive measures to protect your business.
Protecting your company’s data and infrastructure should be a top priority, but you do not need to do it alone. Let the Bryley experts help protect your company’s data and infrastructure. Please contact us at 844.449.8770 or by email at ITExperts@Bryley.com.