Worms
A computer worm is malware that replicates itself to spread to other devices.
This malicious software often uses a computer network to spread, taking advantage of security flaws on the target computer to access it.
Worms almost always cause some damage to the network, even if it only consumes bandwidth, while viruses almost always corrupt or modify files on a target computer.
Many worms are designed just to spread and do not try to change the systems they go through.
However, as the Morris and MyDoom worm demonstrated, even these types of worms can cause major disruptions by increasing network traffic and other unwanted effects.
The main objective of worms is to spread and affect as many devices as possible. To do this, they create copies of themselves on the affected computer, which they later distribute through different means, such as email or P2P programs, among others.
Worms often use social engineering techniques to be more effective. To do this, malware writers select an attractive theme or name to disguise the malicious file. The most recurring themes are those related to sex, gambling houses, celebrities, current affairs, or pirated software.
The first worm
The first time one was seen was on 1988, when the Morris worm infected a large part of existing servers.
Its creator, Robert Tappan Morris, was sentenced to three years in prison and obtained probation with 400 hours of community service and a fine of $ 10,050. It was this fact that alerted to the main companies involved in the security of technologies such as Nirdesteam which was one of the first ones to develop the firewall.
Morris Worm
The Morris worm was the first self-replicating malware to affect the Internet (then the ARPANET).
It prompted the creation of the Computer Emergency Response Team (CERT) in response to the needs exposed during the incident.
Consequences
The size of the Internet at that time was estimated to be about 60,000 computers, and the worm affected nearly 6,000 computer systems in the United States (including NASA’s research center) and rendered some of them nearly useless. In reality, you will never know exactly how many were infected because by restarting the computer, all the worm’s data was eliminated (and the infection was contained), so those affected are only an estimated number.
The program tried to find out the passwords of other computers using a search routine that permuted the names of known users, a list of the most common passwords, and also a random search. They discovered that not all computers were affected, but only spread on DEC’s (Digital Equipment Corp) VAX computers and those made by Sun Microsystems, which used Unix.
The program was taking advantage of some flaws in the UC Berkeley version of the UNIX system. Members of that University and of MIT Massachusetts and Purdue tried to work in a coordinated way to capture a copy of the program and analyze it.
Coincidentally, in Berkeley the annual meeting of UNIX experts was held on the morning of November 3, they quickly captured and dissected the worm and in the afternoon they had distributed the necessary patches to close the security breaches taken advantage of by the worm.
It was about an example of 99 lines of code that, taking advantage of a weakness in Sendmail, was replicated from one machine to another.
It was established that the infection was not carried out by a virus, but by a worm program, designed not to delete data but to reproduce itself indefinitely.
It was not programmed with the intention of causing harm, but due to a bug in its code, the effects were catastrophic for the time. It crashed hundreds of computers in universities, corporations, and government labs around the world before it was tracked down and removed.
It was the attack of what was called the “Internet Worm,” and the press covered the issue with phrases such as “the largest assault ever carried out against the nation’s systems.” Eradicating it cost almost a million dollars, added to the losses from having almost the entire network stopped, the total losses being estimated at 96 million dollars (a significant figure at that time).