Sunday, November 27, 2005

Dissecting Worms

Although commonly referred to as viruses, anti-virus software developers and others in the industry actually classify worms as a separate entity from viruses. A virus moves from file to file on one user’s system, remaining dormant in a file or the boot sector of a diskette until someone or something launches it or a victim accesses it; a worm copies itself and travels among computers over a network and/or uses email messages to transmit to other computers via the Internet.
A worm’s creator, for example, might program it to try using a string of IP (Internet Protocol) addresses until it finds another vulnerable system. In addition, maybe the worm’s creator programmed it to search an email program’s address book, make copies of itself, and forward itself to each of the email addresses it finds.
Some people also confuse worms with Trojan horses because the two types of malware often bundle together in a blended threat, a type of two-in-one malware.
Worms also differ from Trojan horses in that a Trojan horse, unless coupled with a worm, will not travel from computer to computer. A Trojan horse only causes damage when a user launches it, which usually occurs because the user believes it’s actually another type of program, such as a fun game.
All types of malware carry a payload, the content or code that causes the damage. In other words, a worm’s payload dictates what the worm will do to harm a system or network once it becomes active. The payload might be code that destroys specific files, alters web sites, or crashes a system.
Anti-virus software developers and other industry experts sometimes refer to two types of worms: active and passive.


Post a Comment

<< Home