Monday, May 25, 2020

Worm

Unlike viruses, which need to "executed" and usually come in an email attachment, worms do not need the interaction in order for you to become infected.  A worm will make copies of itself and attempt to connect to other computers to infect them.  

A 1996 report released by Carnegie Mellon Institute entitled the "Security of the Internet", computer worms "are self-replicating programs that spread with no human intervention after they are started." In contrast, "[v]iruses are also self-replicating programs, but usually require some action on the part of the user to spread inadvertently to other programs or systems."

After a computer worm loads and begins running on a newly infected system, it will typically follow its prime directive: to remain active on an infected system for as long as possible, and to spread to as many other vulnerable systems as possible.  And that is the key - a worm will be created to exploit an operating system vulnerability.  Keep your system updated, not just your antivirus.  

The Wannacry ransomware worm was written to exploit a Microsoft SMB vulnerability.  SMB is a Windows program - Server Message Block protocol, which assists in helping computers on the network communicate with each other.  Though Microsoft had released a patch for the vulnerability, may computers had yet to be updated.  It swept across the globe in just hours.  The attack was estimated to have affected more than 200,000 computers across 150 countries, with total damages ranging from hundreds of millions to billions of dollars. 

You have probably seen a computer worm in action - receiving an email from a friend with just a link.  That friend has a worm that replicates by sending a malicious link to everyone in that person's contact list. 

Again, install and/or update your antivirus and run a thorough scan.  Change your passwords.  They may have been compromised during the worm attack.  

Contact BSCANS if you have additional questions or concerns.