Welcome to the Computer Security Wiki! You can help us by expanding stubs, create new articles and improve current articles.
You can also help us by logging-in or creating an account!


From Malware Wiki
Jump to: navigation, search
ILoveYou is one of the most well known worms. Image source

A worm is a malicious program that duplicates itself from one directory, drive, computer or network to another. Most worms send themselves through e-mail and many have mass-mailing functions, which allow them to mail themselves to every address in a particular mailbox. Another popular method of transmission for worms is through Local Area Networks. A few can even come through instant messengers.

Unlike a virus, a worm is a self-contained program and does not need to attach itself to an executable file, though some worms have a viral component that infects files. As they are executable programs, they can become infected with viruses and all "descendants" of that copy of the worm maybe infected with the virus and have the ability to infect files on other computers that they spread to when they are run.


As with viruses and other malware, worms come in many types. The most common method of categorization is how they spread. Some worms may have more than one method of spreading.

Email Worms

Email worms spread through email messages. Essentially, an email message with an attachment arrives in a mailbox and when the user downloads and executes that attachment, the worm creates a new email message with a copy of itself attached and mails itself to one or more other email addresses. Some email worms such as Nimda can run by themselves without any intervention from the user, and may even infect the computer from the preview pane. Details like the alleged sender, subject, message, attachment name and file type, payload (if any), and method of finding email addresses to send itself to can be radically different.

There is some speculation that Email Worms may become less of a threat in the future, as average users become more wise and follow safer email handling practices.

Examples: ILoveYou

Internet Worms

Internet worms spread directly over all of the Internet. The worm searches for open ports on the Internet and sends itself to other systems. Most of the major worms exploit known vulnerabilities to spread. Some consider these worms to be the only "true" worms, as they require absolutely no user intervention to spread. Morris, Slammer, CodeRed, Blaster,and Sasser are a few examples of prominent internet worms.

Network Worms

Network worms spread over network shares. Usually a network worm is also an email, Internet or other type of worm, as it would not spread very far if it were restricted to a local network. Network worms are designed to cause chaos on a local, regional or even national scale, and on large-scale networks can spread rapidly over the course of even a few minutes. An example of a network worm is Bumerang.

Other Types

IRC (Internet Relay Chat), IM (Instant Message), P2P (Peer-to-Peer file sharing) and other types of worms typically require that one have a client for the particular activity that allows the worm to spread through one's computer.

Multiple Vector Worms

Multiple vector worms have two or more ways of spreading to other computers. Nimda and Swen are examples of worms that use many different ways of infecting computers.


Glossary, Symantec.com

John Leyden. The Register, The strange death of the mass mailing virus. 2004.12.09

Kleinbard, David and Richtmyer, Richard. CNN Money, U.S. catches 'Love' virus. 2000.5.05