What is a computer worm and how does it spread?


During his first year at Cornell in 1988, Robert Tappan Morris Jr. released what is widely considered to be the world’s first computer worm (an achievement that earned him three years of probation, 400 hours of community service and a $10,500 fine).

When asked why he did it, Morris simply replied:

“To demonstrate the inadequacies of current security measures on computer networks by exploiting the security defects that I had discovered.”

Little did Morris know how enduring his words would turn out to be.

Fast forward 30 years and worms are still exploiting vulnerable systems, endlessly replicating themselves and wiggling their way into poorly protected computers. Indeed, the worm component of WannaCry ransomware made it possible to wreak havoc on computers around the world, infecting more than 200,000 systems in over 150 countries and holding the infected machines ransom for $300 a pop. Mere weeks later, Petya/NotPetya ransomware used a worm to spread within local networks.

So, worms are very much alive and well in 2017 – but what can you do about it?

Well, when it comes to computer worms (and just about every other ailment, for that matter), prevention is always the best cure. Stay vigilant and minimize your risk of infection by learning more about how worms function, the most common ways they spread and how you can stop them dead in their tracks.

What exactly is a computer worm?

A computer worm is a form of malware, just like its more notorious cousin, the virus. Where a worm differs from a virus is that it typically doesn’t infect or manipulate files on its own. Instead, it simply clones itself over and over again and spreads via a network (say, the Internet, a local area network at home, or a company’s intranet) to other systems where it continues to replicate itself.

In turn, these clones reproduce and spread and, in a very short time period, can quickly infect an enormous number of machines. For instance, it’s estimated that the infamous ILOVEYOU worm infected about 10 percent of the world’s internet-connected computers within just 10 days.

How have computer worms changed?

Traditional computer worms were created simply to spread. Left unchecked, they would multiply exponentially and disrupt network bandwidth, but they did not actually alter a system’s functionality. This all changed in 2004 with the arrival of Witty, a worm that attacks the firewall and computer security products of a specific company and is thought to be the first worm to carry a payload (a piece of code designed to do real, tangible damage).

Since then, a number of payload-carrying worms have been unleashed on the world, with damage ranging from Nyxem’s ability to delete Microsoft Office files to the keylogging capabilities of Daprosy.

As computer worms continue to become more advanced, there’s a growing need for users and businesses alike to up the ante and prevent the spread of worms. While Emsisoft Anti-Malware offers an excellent level of protection against all known worms, you can further reduce your risk of infection with some insight into how the nasty critters spread.

How do computer worms spread?

1. Email

One of the most common ways for computer worms to spread is via email spam. In years gone by, worms could hide in the main text of an email, but as modern email clients caught on and began blocking direct embedding circa 2010, the risk for this type of attack is fairly low.

While embedded worms may be things of the past, email attachments remain popular hiding spots for worms. What may appear to be a benign work document or personal photo can, in fact, be hiding malicious code, waiting to be released when you click a link or open said attachment. Once a machine has been infected, the worm may replicate itself by emailing itself to everyone in your address book or automatically replying to emails in your inbox.

Reduce risk: Be very wary when opening emails (even those sent to you by someone in your address book). If you think a link or attachment looks suspicious, check with the sender before clicking anything.

2. Operating system vulnerabilities

Every operating system has its vulnerabilities (yes, even macOS) and some worms are specifically coded to take advantage of these weak points. Perhaps the most infamous example is Conficker, a worm first identified in 2008 which exploited a vulnerability in a network service present in many versions of Windows, including Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 Beta and Windows 7 Beta. At its peak, Conficker infected as many as 15 million computers.

Reduce risk: Operating systems are continually receiving security updates designed to protect your computer from computer worms and other malware. Always keep your operating system up to date, have auto-update enabled and regularly spring clean your machine.

3. Instant messaging

Worms can take on similarly deceptive forms in instant messaging software and take advantage of users who are probably not on high alert when using such services.

In the past, instant messaging software such as mIRC, MSN Messenger, Yahoo IM and ICQ proved to be exceptionally fertile breeding grounds for worms. In today’s digital landscape, modern chat systems are just as vulnerable, with Facebook Messenger a common infection point for worms such as Dorkbot, which spreads via an executable file disguised as a JPG image.

Reduce risk: Keep your guard up when using chat services and social media platforms in general (Facebook is home to more than worms!). Always verify URLs before clicking and be wary of downloading any attachments – even those that have apparently been sent by a trusted contact.

4. Smartphones

Globally, there were about 2.8 billion active smartphones being used at the end of 2016, according to data collated by market intelligence firm Newzoo. With these figures in mind, it should come as little surprise that worm creators are increasingly turning their attention to mobile devices.

Research from Syracuse University suggests that every major mobile operating system (including Android, iOS, Blackberry and Windows Phone) are potentially vulnerable to worms as they all support HTML5-based mobile apps. One of the key security flaws of HTML5 is that malicious code can easily be inserted into it, meaning that when a user launches an app they could also be unwittingly executing a damaging program.

Reduce risk: You can mitigate this risk to an extent by only downloading and using apps released by reputable organizations. Take the time to read the permission requirements of your apps and consider uninstalling those that are unnecessarily intrusive. Finally, you can further reduce the risk of worm infection on your Android device by downloading and installing Emsisoft Mobile Security.

Prevention is key in the fight against computer worms

Infectious, self-replicating and increasingly destructive, preventing the spread of worms is an ongoing battle. Thankfully, adopting some of the security practices discussed here and coupling them with our unrivaled Emsisoft Anti-Malware software will go a long way toward helping you minimize the risk of a worm infecting your system.

Emsisoft Endpoint Protection: Award-Winning Security Made Simple

Experience effortless next-gen technology. Start Free Trial

Have a great, malware-free day!



Writer. A picture is worth a thousand words but unfortunately I can't draw. The world of IT security has always fascinated me and I love playing a small role in helping the good guys combat malware.

What to read next