Computer Worms and How to Prevent Them

Almost all computer users have heard of 'worms' in a technological context before. These pieces of malicious software are hard to catch, but they can be dangerous to your system if left to spread undetected. They steal data, crash computer operating systems, and destroy entire computer networks. In this article, learn how to identify, prevent, and get rid of computer worms in your system.

What is a computer worm?

A computer worm

Computer worms are a form of contagious malware. They replicate themselves independently across entire networks of computers. They exploit vulnerabilities in the network, specifically software vulnerabilities, in order to replicate and destroy.

The first worm was created by Robert Morris in 1988. Though he didn’t intend for it to be a malicious creation, the Morris worm infected its host machines many times over in a buffer overflow attack, resulting in computer shutdowns and nearly rendering the Internet unusable.

Since then, there have been several other notorious large-scale worm infections—such as the ILOVEYOU worm at the turn of the century in 2000 and the more recent 2017 WannaCry worm—but worm infections on smaller scales happen across the Internet all the time.

Computer worms are unfortunately difficult to catch and eliminate since they aren’t dependent on software or a specific program to spread. Some worms are specifically used to evade a computer’s security system, while others are meant to perform explicitly malicious tasks: deleting files, stealing personal data, or acting as ransomware.

How do computer worms spread?

Computer worms spread independently once they’re on a network, meaning they don’t rely on victims to facilitate their expansion. They travel from one device to another in a number of ways: through emails, text messages, or downloads. They can also spread across local area networks (LANs) to other devices on the same network. Similarly, the Internet of Things can also facilitate computer worm spread.

Types of computer worms

Internet worms

Internet worms attack popular websites with weak security. The worm self-replicates onto any device that visits the website. From there, the Internet worms distribute themselves to other computers connected via that Internet and local area network connections. They exploit vulnerabilities in legitimate software, which is problematic for users and platforms that employ the real, but infected, software.

Email worms

Like phishing emails with compromised links, email worm distribution occurs via compromised email attachments or links. The attachments appear as media files. However, in reality, they are malicious programs that infect the victim’s contact list as soon as they click on the attachment.

The emails can also take the victim to an infected website, which will also start downloading malicious software onto the user’s laptop or computer.

Instant messaging (IM) worms

These worms, also known as social media worms, disguise themselves as links or attachments accompanied by a short message. Users often receive them from messaging apps such as Messenger or WhatsApp. Instant messaging worms are also commonly sent through direct messages on social media sites like Instagram or X, formerly known as Twitter.

The messages appear to be from a friend. Furthermore, the message is typically rather friendly and inviting, like “Check out this picture of you!” or “This is hilarious!” Once the message is opened, the message gets replicated. It is sent out to their contacts, continuing the cycle and spreading the virus.

File-sharing worm

File-sharing worms, as the name implies, take residence in shared files on a network. Once there, they distribute via a peer-to-peer network disguised as a standard harmless file or folder. These are particularly harmful to businesses or larger networks, as they distribute across the network to take control of devices and important files.

Cryptoworms

Typically used in ransomware attacks, cryptoworms use cryptography techniques to encrypt data on a victim’s device or network. Once the worm has taken root and encrypted the data, hackers can then demand a ransom from the victim to decrypt the files or provide the decryption key. However, the hacker often won’t follow through on their promises even after the victim pays the ransom, and the worm will continue to proliferate.

How to tell if you have a computer worm

Worms are difficult to detect on a computer. However, locating them and eliminating them is not impossible. If you’re dealing with computer worms, there will likely be a few subtle signs of a computer worm that you’ll be able to notice.

  • Your computer starts to slow down abnormally. Some worms overtake computers’ resources by design. This decreases the device’s speed and performance because there isn’t enough processing power to properly run normal functions. If you notice that your computer isn’t moving as quickly or your programs are frequently crashing, it could indicate that you have a worm.
  • You notice files are missing from your desktop or folders. Worms can delete files from your device. If you realize that you’re missing files off your computer that you didn’t delete yourself—or you see them replaced with strange new files—it could indicate that a worm is at work.
  • Your computer runs out of storage faster than expected. Worms repeatedly replicate themselves. That means that the copies they make need to be stored on your device. This eats up your hard drive space, so if it seems that your storage is lower than it should be, investigate it.
  • You discover messages sent to your contacts that you didn’t send yourself. Instant messaging or social media worms will send out strange messages to people you know without your awareness or permission. If you discover these messages in your ‘Sent’ folder, or if a friend reaches out to ask you about the weird message they got from you, it’s likely a computer worm causing the problem.

If your device is experiencing these problems and you think you may have a computer worm, run a virus scan as soon as possible to check for sure.

How to prevent computer worms

As with most other types of malware, preventing worms in computing is easier than eliminating them after the fact. To prevent this malicious software from spreading across your own network:

  • Invest in quality antivirus software. These programs help prevent threats, and if you choose a good one, it will protect against viruses, ransomware, spyware, and all other kinds of malware.
  • Keep your system and software up to date. Make sure your devices are up to date on all security and system updates. Keep your antivirus software updated as well.
  • Encrypt important files. If a worm or virus does infect your device, these files may be more secure if they’re encrypted.
  • Don’t open suspicious emails or messages. These are often vehicles for worms or other types of malware. Delete them rather than opening them and exploring their contents.
  • Back up your data regularly. Infected files shouldn’t be backed up once they’re compromised, as they can spread the infection. However, backing up your files regularly minimizes damages in case of an attack.

If you find that you do have an infection and are wondering how to get rid of a computer worm, your best course of action is to use an antivirus program or scanner to clear your device. Microsoft provides a guide for dealing with all types of malware on infected systems, including worms, Trojan horses, and spyware. But, as always, the best defense is good offense; keep your computer software up-to-date to protect against malware and always practice good Internet safety.

Frequently asked questions

What’s the difference between a worm and a virus?

The difference is that worms don’t require a host file, which sets them apart from computer viruses. The primary goal of a worm is to replicate itself as much as possible, ultimately overwhelming the network and slowing down the infected computers on it.

Viruses cannot self-replicate and require host action: someone has to send it to another computer or network, download the infected file, or perform an action in some respect. Worms, however, need no user action to cause serious harm.

What happens when you get a computer worm?

When you get a computer worm, it will continue to self-duplicate to other devices or files until stopped. Most users don’t realize they have a worm until their devices start malfunctioning, but once you detect the malware, you can use antivirus software and other measures to eliminate it.

Can you get rid of computer worms?

Yes, you can get rid of computer worms. Though they’re hard to detect and eliminate, it’s possible to get rid of a worm with the right antivirus software.

What is the most devastating computer worm?

The most devastating computer worm incident was Mydoom, which caused more than $34 billion in damages in 2004. The worm stole email addresses from infected devices and used the information to mail itself to those addresses, which spread the infection even further.