How Does a Computer Worm Spread?
Computer worms spread themselves rather than relying on a user to open a malicious attachment or take a similar action. Worms can spread via various means, including the following:
- Unpatched Vulnerabilities: Computer worms commonly spread by exploiting unpatched vulnerabilities in software or operating systems. For example, WannaCry exploited a vulnerability in an SMB server to spread itself.
- Insecure Protocols: Some protocols, such as TFTP and Telnet, may allow access with no credentials or be configured to use default credentials. Worms can transfer themselves to computers using these protocols and then execute themselves.
- Shared Access: Network drives and other shared access provides the ability to share files and folders across multiple computers. Worms can use this shared access to infect other devices.
- Removable Media: Worms can spread themselves via removable media such as USB drives and external hard drives. The worm copies itself to all removable media plugged into an infected computer, which carries it to new devices.
What Does a Computer Worm Do?
Computer worms are defined by their ability to spread themselves without user interaction. Once they gain access to a computer, they can perform any malicious action.
As mentioned earlier, WannaCry is an example of a ransomware worm. It gained the title of a “worm” due to its self-spreading by exploiting SMB vulnerabilities using the EternalBlue exploit. However, once it was installed on a computer, it performed the actions of ransomware malware, encrypting files and demanding a ransom to decrypt those files.
Types of Worm Viruses
Worms are commonly classified based on how they spread themselves from one machine to another. Some examples of common types of worms include the following:
- Email Worms: Email worms spread themselves by sending emails with malicious attachments, such as a trojan containing the malware.
- P2P Worms: P2P worms use peer-to-peer (P2P) networks to copy themselves to other users of the network.
- Net Worms: Net worms spread over the network using shared resources such as network drives.
- IM Worms: IM worms spread via instant messaging (IM) by accessing an infected user’s contacts and sending a copy of itself to each contact.
- Internet Worms: Internet worms infect websites and infect computers visiting those sites by exploiting vulnerabilities in their web browsers.
Computer Worm vs Virus
Computer viruses and worms are both malware that replicate themselves. However, their replication mechanisms differ. Unlike worms, computer viruses rely on human interaction. For example, a user may be tricked into running a malicious executable that allows the malware to spread to other systems.
How to Prevent Worm Viruses
Worms can gain access to an organization’s systems via various means. Some best practices to help protect against infection by worms include the following:
- Endpoint Security: An endpoint security solution — such as an endpoint detection and response (EDR) product — should be able to identify and remediate infections by worm malware.
- Email Security: Infected attachments are one common way that worms can spread. Email security solutions can scan emails for malicious content and block them from reaching the target inbox.
- Firewall Rules: Worms may attempt to enter an organization’s network by initiating an inbound connection or via unused protocols. Firewall security rules can be used to filter and block this malicious traffic.
- Vulnerability Patching: Worms like WannaCry spread by exploiting unpatched vulnerabilities. Promptly applying patches and security updates can help to close these security gaps before they can be exploited by a worm.
- Protocol Security: Insecure protocols such as Telnet and TFTP should be disabled to prevent them from being used by malware. Additionally, default credentials should be changed for all accounts that allow remote access.
Protect Against Computer Worms with Check Point
An infection by a worm can rapidly become a large security headache for an organization. Since this type of malware is self-spreading, a worm infection can rapidly expand to include many corporate devices.
Additionally, these worms commonly have malicious payloads that are designed to pose additional danger to an organization. For example, ransomware worms like WannaCry not only spread through an organization’s network but also encrypt files and demand a ransom to recover them.
One of the most effective ways of protecting against worms is to deploy an endpoint security solution capable of detecting and remediating potential infections. Check Point Harmony Endpoint offers robust protection against worms and other types of malware. To learn more about how Harmony Endpoint and the entire Harmony suite of tools can protect your organization against malware and other threats, sign up for a free demo today.