Computer Worm

2. The ever-popular computer worm

Computer worms are more sophisticated than viruses, being able to replicate without user intervention. If the malware uses networks (Internet) to propagate, it's a worm rather than a virus. The main components of a worm are:

Penetration tool: Malcode that leverages vulnerabilities on the victim computer to gain access.

Installer: The penetration tool gets the computer worm past the initial defence mechanism. At that point, the installer takes over and transfers the main body of malcode to the victim.

Discovery tool: Once settled in, the worm uses several methods to discover other computers on the network, including e-mail addresses, Host lists, and DNS queries.

Scanner: The worm uses a scanner to determine if any of the newly found target computers are vulnerable to the exploits available in its penetration tool.

Payload: Malcode that resides on each victim's computer. This could be anything from a remote access application to a key logger used to capture user names and passwords.

This category of malware is unfortunately the most prolific, starting with the Morris worm in 1988 and continuing today with the Conficker worm. Most computer worms can be removed by using malware scanners, such as MBAM or GMER.