Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,510
- Points
- 113
Network worms are a type of malware that can spread over a local area network and the Internet, creating copies of itself. Unlike file viruses, network worms can use network protocols and devices to replicate.
The task of a malicious object of this kind is to get onto a computer, activate and send copies of itself to the machines of other users. By their form of existence, network worms can be regular and packet. Common ones, penetrating into the system via a flash drive or the Internet, reproduce themselves in large numbers, and then send these duplicates to the email addresses found on the computer, or distribute them to shared folders on the local network. Batch (or fileless) worms exist as a special network packet; Once embedded in a device, they seek to penetrate its RAM in order to collect personal data and other valuable information.
Classification and methods of distribution
The main difference between network worms is the way in which they spread to remote computers. There are two groups of such mechanisms.
The first group includes methods that exploit administrative errors and software vulnerabilities. Malicious agents automatically select target machines and attack them.
The second group of dissemination mechanisms is social engineering. As a result of psychological manipulation, the user himself launches a malicious object. Representatives of this group are:
Object of influence
The objects of influence of network worms are PCs, laptops, tablets of any users. Since the main purpose of such a malicious agent is to create copies of itself and then spread them to other devices over the network, the consequences of the worm's work can be as follows:
In 2003, the SQL Slammer worm, sending out many network packets, shut down tens of thousands of servers around the world. In 2017, this malicious object started working again. You can learn more about what kind of danger lies in wait for users in the article "Check Point: The SQL Slammer Network Worm has resumed its activity."
Source of threat
Attackers are the source of network worms. They create malware for various purposes - for example, to harm the computers of specific people or organizations, to be able to send spam from infected equipment, or to take control of a remote device. However, worms are also created for the sake of a joke or to demonstrate the possibilities of their existence: after all, their defining functionality is reproduction and self-propagation, not causing damage.
Risk analysis
As noted above, a worm can be relatively harmless only by placing additional strain on the computer and network. However, many worms also have truly malicious functions, such as destroying data or disabling security systems.
To protect against network worms, you must use:
The task of a malicious object of this kind is to get onto a computer, activate and send copies of itself to the machines of other users. By their form of existence, network worms can be regular and packet. Common ones, penetrating into the system via a flash drive or the Internet, reproduce themselves in large numbers, and then send these duplicates to the email addresses found on the computer, or distribute them to shared folders on the local network. Batch (or fileless) worms exist as a special network packet; Once embedded in a device, they seek to penetrate its RAM in order to collect personal data and other valuable information.
Classification and methods of distribution
The main difference between network worms is the way in which they spread to remote computers. There are two groups of such mechanisms.
The first group includes methods that exploit administrative errors and software vulnerabilities. Malicious agents automatically select target machines and attack them.
- Replication over the network. The worm finds remote PCs and reproduces itself in different directories where it can record. Directory searches are performed using functions of the operating system. Attempts to open shared network access to the disks of an infected computer are possible.
- Replication through operating system vulnerabilities, programs and applications. The worms look for machines with vulnerable software and send a request or a network packet to exploit the flaws, ensuring that arbitrary code gets into the victim's machine.
- Replication over shared resources. The worm enters the server, modifies files, and waits for the user to download them and launch them on their computer.
- Parasitizing on other malicious programs. For example, the worm finds a PC that is already infected with a backdoor and uses this hacking tool to spread itself.
The second group of dissemination mechanisms is social engineering. As a result of psychological manipulation, the user himself launches a malicious object. Representatives of this group are:
- Email-Worms are sent over the network as attachments to e-mail messages. This can be a copy of the worm itself or a link to a file hosted on a malicious web resource. To activate the received code, you need to open the received file or click on the link to go; however, in the history of cybercrime, there are cases when it was enough just to open a received letter. The addresses to which copies of the worm will be sent are taken from the mail client's address book, from the WAB database and other files on the disk.
- IM-Worms are malicious objects that use instant messaging services. They are in many ways similar to email worms, differing mainly in that they send files or links to the list of contacts in the messenger, and not to the database of mail addresses.
- IRC-worms - a type of worms that spread through chat channels.
- File-sharing worms (P2P-Worm) are malicious programs that spread through torrent trackers and other similar services. A copy of the worm injects itself into a file-sharing directory on a local device under the guise of popular content.
- Network worms (Network Worm or Net-Worm) is a general name for objects that penetrate the system through a local network.
Object of influence
The objects of influence of network worms are PCs, laptops, tablets of any users. Since the main purpose of such a malicious agent is to create copies of itself and then spread them to other devices over the network, the consequences of the worm's work can be as follows:
- slow computer performance,
- reduction of hard disk space and free RAM,
- the appearance of extraneous files,
- problems with the work of any program or application,
- appearance of errors, sudden shutdown of the machine, spontaneous reboot,
- data loss.
In 2003, the SQL Slammer worm, sending out many network packets, shut down tens of thousands of servers around the world. In 2017, this malicious object started working again. You can learn more about what kind of danger lies in wait for users in the article "Check Point: The SQL Slammer Network Worm has resumed its activity."
Source of threat
Attackers are the source of network worms. They create malware for various purposes - for example, to harm the computers of specific people or organizations, to be able to send spam from infected equipment, or to take control of a remote device. However, worms are also created for the sake of a joke or to demonstrate the possibilities of their existence: after all, their defining functionality is reproduction and self-propagation, not causing damage.
Risk analysis
As noted above, a worm can be relatively harmless only by placing additional strain on the computer and network. However, many worms also have truly malicious functions, such as destroying data or disabling security systems.
To protect against network worms, you must use:
- antivirus programs,
- firewalls,
- antispam solutions,
- updated and modern operating systems.