It was a cold November night just as you would expect for that time of the year in the northern part of Romania. The office that is otherwise full with reverse engineers and malware analysts is now occupied by a handful of people working the night shift, answering support tickets and monitoring the infrastructure.
Suddenly, the real time threat monitoring system in the nearly empty Bitdefender office starts blinking red as reports of a new epidemic keep coming from all parts of the world. The malware analysts on site go into alert mode and summon all available staff for intervention. Half an hour late, the office is humming with chatter as reverse engineers start digging into the threat that is wreaking havoc across the Internet. It was the “birthnight” of the Conficker worm – a cyber-threat that compromised nearly 15 million computers in less than four months.
What is a computer worm?
What started out as an innocent university project has now become a malicious, self-replicating malware that immediately spreads itself throughout your entire network, without any interference from you or another program.
Introducing the computer worm. Worms spread from one computer to another by exploiting vulnerabilities in the operating system. They can include “payloads” which steal personal data, create backdoors for hackers to control the system remotely, or delete files. Criminals then use the compromised computer to send spam campaigns or attack institutions, including government organizations.
It’s not difficult for users to get infected because modern worms are more evolved than their 80s counterparts. Because they automatically propagate across the wires, the user rarely has any part in the spreading process other than leaving their systems unpatched or previewing an e-mail message. Other worms spread from infected USB to clean computers by leveraging the operating system’s Autorun function – a feature that allows the operating system to automatically execute an application when a removable drive is plugged in. This feature was so frequently abused over time that it has been discontinued after Windows XP.
Worms offer many opportunities to create damage worth millions. The notorious Stuxnet, Duqu and Flame have wormable components created by governments to infiltrate foreign networks to spy and steal confidential information.
How to keep safe from worms
Worms are invisible, which makes them very difficult to detect. Some hints could be that your computer is very slow and unresponsive, that it is missing files or sending out spam to your contacts, but it’s better to be safe than sorry. If you’ve been infected with a computer worm, disconnect from the internet so that it doesn’t use your network to spread to other computers. Run a scan and remove the malware. If you’re dealing with a sophisticated worm and you’re not very techy, call a specialist to help you out.
There are some simple steps to keep a clean infrastructure and avoid dealing with worms. First of all, install security software on all your devices and regularly update it. Never open emails and attachments from people you don’t know and don’t click on suspicious links. To detect vulnerabilities and potential infected files, run scans frequently.
The security software solution alone can’t do all the work so it’s also your job to pay close attention to what you download or click on. Just as you wouldn’t let a stranger into your home, don’t download files from unknown sources.