Worry about the worm

People are aware of the dangers computer viruses pose, but computer users need to be aware of another growing threat called a worm, he said. The two are somewhat similar, but they differ in one important way: The way they spread.

Viruses spread from one file to many on a single computer, but they don't move to another computer on their own, he said. A user has to do something to make it happen -- whether it's accidentally sharing a contaminated diskette or inadvertently passing or receiving an infected file via e-mail. A worm, on the other hand, lives to go forth and proliferate.

"A worm is a program specifically designed to spread itself from one computer to another on a network," Trilling said.

A virus spreads only as fast as people exchange information, but a worm spreads at the speed of the Internet, he said. A worm is less interested in infecting additional files on a single PC and is more interested in reaching more PCs.

People often confuse viruses and worms, he said. Why did Melissa, ExploreZip, and Love Letter spread so fast? They were worms.

The ExploreZip worm came out last year. It arrived as an e-mail, and when you clicked it, the worm would sit on your system and respond to each incoming e-mail. It also spread from one shared drive to the next without any user intervention, he said.

Melissa hit in March 1999. Once it arrived on a system it would send itself out to the first 50 people in the user's address book. Thanks to mailing lists with hundreds of names, it spread to more than 50 people each time it went out, he said.

A History of the Worm

The first worm was created for beneficial purposes at Xerox, Trilling said. In 1982 the company created a worm to perform a variety of repetitive tasks on computers such as cleaning up temporary files. It was a very useful program, until it went bad. The worm began to crash systems, and Xerox had to create one of the first antivirus programs to get rid of it.

In 1987, a new worm called Christmas.exe spread throughout IBM's e-mail network, he said. It moved like the Love Bug and displayed a primitive Christmas tree on its victims' monitors.

And finally, in 1988 a Cornell computer science graduate released an infamous worm called the Morris Internet worm. It used known Unix backdoors to break into some 6000 systems. These backdoors had patches, but people hadn't installed them, Trilling said.

These early worms stirred people up, but had limited worldwide impact. However, today's worms are able to reach considerably more users thanks to combination of factors.

Defense Against the Worm

Computers and networks were once based largely on proprietary hardware and software, which made it difficult to create a one-size-fits-all worm. The rise of a homogeneous computing infrastructure has led to a proliferation of worms, Trilling said.

So many people and companies are standardising on the same software and hardware, one worm can infect many systems, he said. With today's powerful software and hardware, just about any miscreant can create and test a worm, and the rise of the Internet makes it all too easy to spread it.

By January 2001, experts predict there will be 300 million Internet users, and if they're all using basically the same types of systems and software, one worm can reach them all, he said.

And just wait until more home users get broadband, he said. Most threats today hit corporations because of their always-on connections. Individuals become more vulnerable when they're connected full time.

Traditional virus-fighting methods can't cope with worms, Trilling said. Antivirus companies such as Symantec and its competitors will have to react much faster and work more proactively, he said. Today Symantec can respond to a new virus within 48-hours, which is plenty of time. But it won't be fast enough when new worms begin appearing daily.

An effective firewall can help defend against worms. But Trilling said antivirus vendors need to create a more automated system to create and deploy fixes faster, he said, Human beings don't operate at the speed of the Internet. The need will be to spread a cure at a faster rate than the threat moves.

And what if villainous programmers begin pumping out worms every 10 seconds? Traditional software can't handle it, he said. Corporations and users will have to stop using programs with macros, they'll have to strip executable content at the Internet gateway, before it reaches the computers.

Two new technologies could help to fight worms, too. Digital immune systems will automatically detect suspicious behavior and automatically forward samples to a company like Symantec. The company replicates the infection, creates and tests a cure, and ships it to subscribers automatically. The approach can work, but it's still reactive, he said.

A more future-looking technology is called behavior blocking. It looks at the operating system and watches what a program is doing. If a program acts weird -- such as deleting files it didn't create -- it can flag it as malicious. Today this approach is still prone to too many false positives, but down the road it will be more viable, he said.

Regardless of what method proves best, it's time people and companies started thinking about the worm problem more seriously, he said. It might not be a 15-year-old that launches the next one: It could be someone intent on causing more serious damage.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tom Mainelli

PC World
Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?