What Is a Worm Virus (Computer Worm)?

History of Worm Viruses (Computer Worms)

The term "worm" was first used in John Brunner's 1975 novel, The Shockwave Rider. In the novel, Nicholas Haflinger designs and releases a data-gathering worm in an act of revenge against the powerful men who run a national electronic information web.

In 1982, based on the concept in The Shockwave Rider, Shock and Hupp proposed the idea of a helpful worm. They argue that a worm with good intent can be used as a diagnostic tool for Ethernet network devices.

On November 2, 1988, Robert Tappan Morris, a Cornell University computer science graduate, released a virus, later known as the Morris worm, disrupting many computers that were on the Internet, guessed to be one tenth of all those connected at the time. The Morris worm prompted the formation of the CERT Coordination Center and Phage mailing list. Morris himself became the first person tried and convicted under the 1986 Computer Fraud and Abuse Act.

Common Types and Spreading Modes of Worm Viruses

Worms mainly use system vulnerabilities to spread themselves. A worm resides in one or more computers and scans other computers to infect them. It can spread from one computer to another through different means, such as email attachments, malicious links, or LANs. The following are common worm types and spreading modes:

• Email worm: A worm creates an email, attaches a copy of itself to this email, and sends the email to all addresses in a user's contact list. After infecting the user system, the worm gains control of the system email, installs the worm copy locally, modifies the registry, searches for specific files on the local host and LAN, and spreads itself through the files.
• File sharing worm: A worm copies itself to a shared folder. After users download files in the shared folder, the worm enters the users' computers to infect them.
• Encryption worm: A worm encrypts a large number of files on computers, servers, or hard disks and threatens to destroy the files unless the victims pay a ransom to decrypt the files.
• Instant messaging worm: A worm disguises as a link or attachment in instant messages and is sent to infect the contacts of a victim.

What's the Difference Between a Worm Virus (Computer Worm) and a Virus?

A virus is a set of computer instructions or program code embedded in computer programs to modify or delete data for the purpose of damaging the functionality or data of computers. Viruses attach themselves to programs or files and spread from one computer to another. The viruses only affect the computers when the programs are run or the files are opened. This means that a virus cannot spread without manual operations. For example, if a user just downloads a spreadsheet embedded with a virus to a computer, the computer will not necessarily be infected. Rather, the virus is only activated once the user opens the spreadsheet.

Worms are designed similarly to viruses, but do not modify programs or spread in the same way. The difference is that worms can automatically infect computers by transmitting files or information between computers without manual operations. Without needing a victim to open a file or even click anything, a worm can run and spread itself to other computers. Instead of sending the worm itself, an infected computer sends hundreds of thousands of copies of a worm. As worms spread, excessive system memory or network bandwidth is consumed, preventing servers or computers from responding.

Notable Worm Virus (Computer Worm) Events

Worms have been around since the start of the Internet. Some worms cause interruptions to a large number of networks and services, resulting in severe impacts. The following lists some high-profile worm attacks:

• Morris worm

  The Morris worm was first discovered in 1988, and is widely regarded as the first computer worm. Targeting different vulnerabilities, it infected a large number of computers running the UNIX operating system. It exhausted resources, causing serious damage to the computer network at that time.

• ILOVEYOU worm

  In 2000, the worm was first discovered in an email with the subject line "ILOVEYOU" and the attachment "LOVE-LETTER-FOR-YOU.TXT.vbs". The script automatically runs in Microsoft Outlook. It adds Windows registry data so that it can automatically start upon system startup, and replaces other files with a copy of itself, so as to masquerade other files. Then, the worm copies itself to addresses in the address book, allowing it spread to other computers.

• Stuxnet worm

  Stuxnet was first discovered in 2010. It consists of two parts: malware that targets at monitoring and data collection systems; and a worm that spreads the malware by infecting USB devices. The Stuxnet worm spreads through the vulnerabilities of the Windows operating system, finally leading to the failure of the nuclear centrifuges.

• WannaCry worm (Wanna Decryptor)

  The WannaCry worm was first discovered in 2017. It is a ransomware worm that spreads by exploiting remote security vulnerabilities of the Windows operating system. WannaCry scans Windows computers that leave port 445 open for file sharing. It can be implanted in vulnerable computers or servers without any user operation, as long as the computers and servers are powered on and connected to the Internet. Once an organization is compromised, WannaCry continuously scans for and then infects vulnerable computers. As a result, the number of infected computers increases rapidly. On an infected computer, WannaCry locks the computer and encrypts various types of files, including photos, images, documents, compressed files, audio files, video files, and executable programs. After the encryption succeeds, the worm demands a bitcoin payment for file decryption.

Methods Used to Reduce Worm Virus (Computer Worm) Attacks

The key to defending against worms is by improving the system's defense capability and users' security awareness. The following are suggestions on how to defend against worms:

• Install firewall and antivirus software, and update the virus signature database in a timely manner.
• Download authorized software from the official website and install patches for the operating system and other software in a timely manner.
• Set complex passwords (for example, using a combination of characters, uppercase letters, lowercase letters, and digits) for computer system accounts. Delete or disable expired accounts in a timely manner.
• Use antivirus software to check any mobile storage before opening it.
• Regularly back up the system and data of the computer and mobile phone, pay attention to alarms, and rectify faults in a timely manner.
• Use antivirus software to scan new software before executing or installing it.
• Do not open untrusted web pages or links in emails or SMS messages.
• Do not open untrusted files received on instant messaging tools.
• Do not trust warning messages displayed when you browse web pages.

How Huawei Helps Defend Against Worms

In recent years, Huawei has launched next-generation AI firewall products, including HiSecEngine USG6000E series and HiSecEngine USG6000F series. These products support IPS functions, which are used to analyze network traffic, detect attacks such as worms and Trojan horses, and terminate the attacks in real time, effectively protecting intranet servers and users from threats. Huawei AI firewalls have the following advantages:

• 20,000+ vulnerability signatures, including 8000+ CVE vulnerabilities as well as 2000+ botnet, Trojan horse, and worm families
• Huawei-developed security dedicated acceleration engine, which delivers the pattern matching acceleration capability and fast detection speed
• 400+ anti-evasion methods, such as traffic reassembly and application content identification