A worm is a program that makes and facilitates the distribution of copies of itself—for example, from one disk drive to another, or by copying itself using email or another transport mechanism. The worm can do damage and compromise the security of the computer. It can arrive via exploitation of computer vulnerability or when a user clicks on an infected email.
Worms have been developed to attack vulnerabilities in operating systems, services and daemons. Worms such as the Morris Worm (one of the first in-the-wild worm programs that impacted overall network performance, released in the late 1980s) spread through UNIX® and VAX™ computers that shared a common vulnerability, allowing execution of code through improperly secured debugging routines and other vulnerabilities.
Rate of Propagation
Unlike viruses, the automatic replication of worms can allow even seemingly benign worms to congest networks and impair recovery procedures. Although the Nachi worm downloaded an update from Microsoft to patch the very vulnerability it exploited, the worm generated considerable traffic and impacted network performance even for users who had already installed the patch on their own computers.
In March 2004, the Witty worm set a new record for the speed at which a discovered vulnerability has been used to generate a live worm program, a record that stands at the time of this text’s writing. Less than two days after the initial advisory announcing a newly discovered vulnerability, the Witty worm was released to take advantage of the vulnerability before the operating computer vendor could develop and distribute a patch for this newly discovered security weakness.
The popularity of the Microsoft Windows operating system has been suggested as one factor contributing to the incredible rate of propagation experienced by recent worm releases. However, the implementation of complex worms capable of spreading through many different vectors provides a strong indication that even if there were two or three equally dominant platforms sharing the market, worm authors would simply target vulnerabilities present in multiple platforms and so gain near the same distribution levels.