How do worms spread?
Posted by Jackie R. on December 7, 2006
A worm can open your email address book and despatch one clone each to each of the addresses listed. Of course, the machine has to be connected to the net. If it is not, the worm silently bides it time till the connection takes place. Chats and Instant messaging software like MIRC, MSN Messenger, Yahoo IM and ICQ can also act as unwitting carriers enabling the worm to spread like wildfire throughout the cyberworld (the “Jitux” worm is an example). Every operating system has vulnerabilities which are thoroughly exploited by worms to propagate themselves. Windows systems are the usual target. A very prominent example of this is the Sasser worm which uses security holes in the Windows LSASS service.Other worms spread only by using Backdoor infected computers. E.g. the “Bormex” worm relies on the “Back Orifice” backdoor to spread. There is a facility available within peer-to-peer networks known as the P2P folder which all users of the network share. A worm can simply copy itself into the shared folder and quietly wait for the other users to pick it up.Some worms take on even more deceptive forms to snare users. Sending emails with malicious code embedded within the main text or as an attachment. Some worms act as SMTP proxies (Sircam, Nimda, Sasser & co) to spread quickly. Worms can attempt remote logins (especially on Microsoft SQL servers – the “Spida” worm does this quite elegantly!) to launch DDoS (distributed denial of service) attacks. Another favourite is injecting malicious code in running services on the server like “Slammer”.