It’s very easy to confuse viruses with worms, and again, the two terms are oftentimes interchanged.
In fact, if we look at this article from HP, we can see that the article is titled “The Top 10 Worst Computer Viruses in History,” yet the vast majority of these start by saying “…this is actually a worm.”
The reason for this is because viruses and worms have a subtle difference, and that difference is important to understand.
Viruses require both some sort of human or program interaction to execute, and they require a software host to spread to. Worms, on the other hand, do not.
They are designed to self-replicate via vulnerabilities in operating systems, and they spread to others throughout networks. They are usually self-contained programs that enter devices via normal communication channels and then run their own commands.
In fact, because of how good worms are at spreading to other devices, they’re often used by malicious actors to deliver other payloads.
Let me illustrate with some examples.
The Morris Worm
One of the first computer worms to ever be distributed via the Internet is known as the Morris Worm.
The Morris Worm was unleashed on November 2nd, 1988, from a computer at the Massachusetts Institute of Technology.
Within 24 hours, roughly 6,000 out of 60,000 computers connected to the Internet on campus were infected with this worm. The program then spread to other networks, including NASA, Harvard, Princeton, Stanford, and others. This was before the World Wide Web existed, or it probably would have been much worse.
This worm wasn’t necessarily designed to do anything malicious, but it caused systems to grind to a halt and go down, which rendered those systems useless for a certain period of time.
If you’d to learn more about this interesting story, check out this article.
Going back to the HP article, let’s take a look at some of the most damaging worms in history.
- Mydoom – $38 bn damages in 2004
- Sobig – $30 bn damages in 2003
- Klez – $19.8bn damages in 2001
- ILOVEYOU – $15bn damages in 2000
The top mentioned worm in terms of financial damage caused is called Mydoom. This worm was spread by mass emailing, and apparently, Mydoom was responsible for 25% of all emails sent at one point.
It would scrape email addresses from infected machines, then send copies of itself to all of those addresses. At the same time, it would also turn those devices into bots creating what’s called a botnet, and which we’ll talk about in another lesson.
One thing that many of these worms have in common, is that they’re spread via email. Attackers have realized that this can be a highly effective way of spreading malicious software, which is why many of the most damaging types were designed to spread this way.
As we wrap up this lesson, remember that the key similarities and differences between worms and viruses are:
- Viruses require some sort of activation, worms do not
- Both worms and viruses are designed to self-replicate
- Viruses latch on to other software
- Worms spread through vulnerabilities
With that, let’s mark this lesson as complete and move on to the next!