We don’t hear much about internet worms anymore, but they’re still an important part of the malware ecosystem. But what are worms, how do they spread, and how are they used by hackers?
Internet Worms Spread like Real-World Parasites
Most malware has to brute-force its way onto your computer, either by tricking you into downloading dubious software or by piggy-backing on benign email attachments. But worms are different.
Worms, unlike viruses or trojans, take advantage of a computer’s pre-existing security vulnerabilities at an operating-system level. Worms are also standalone software or files, and they typically travel across a computer network (your home or work network, for example), rather than through software downloads.
The function of an internet worm is similar to that of a real-life parasite. Like a tapeworm, an internet worm duplicates itself across as many hosts (computers) as possible, without trying to create any severe damage.
That’s right; a worm won’t corrupt your files or break your computer. If anything, a worm will slow down a computer or network by sucking up hardware resources or internet bandwidth (again, similar to a real parasite).
But some worms carry malicious payloads—code that makes your computer vulnerable to other malware. Since worms can quietly (and harmlessly) duplicate themselves across networks, they make great vehicles for large-scale virus attacks or ransomware attacks on governments and businesses.
Modern Internet Worms Usually Carry Payloads
On their own, worms are mostly harmless. Sure, they slow down computers and turn high-speed networks into snails, but when compared with file-corrupting viruses and hundred-thousand-dollar ransomware, worms are a walk in the park. That is unless the worm carries a payload.
As of right now, hackers rarely create payload-less worms. Remember, worms target system vulnerabilities. In the age of frustratingly frequent software updates, those vulnerabilities change week by week. Additionally, when a hacker spreads a worm, they’re effectively telling tech companies that an OS vulnerability exists. Once tech companies detect that worm through in-house testing or reports from anti-virus companies, they’ll respond by patching the vulnerability that made the worm possible.
So instead of wasting a perfectly good system vulnerability on a crappy worm, modern hackers like to focus their efforts on large-scale payload attacks. The 2004 Mydoom worm, as an example, contained a RAT payload, which allowed hackers to access infected computers remotely. Since worms travel across networks, these hackers gained access to a ton of different computers, and they used this access to perform a DDOS attack on the SCO Group website.