Computer Worm Malware: How It Works

Computer worms originated back in the 1980s and are still prevalent today with the recent Conficker worm. There are many types of worm malware that are created to perform specific malicious acts. Computer worm malware can be more complicated and damaging than a computer virus depending upon the type of worm.

Worms are capable of copying themselves from computer to computer, a process which occupies a considerable amount of network bandwidth and computer time. A worm functions with several main elements that make up the malware.

How a Worm Works

The initial element of a worm is malcode which acts as a penetration tool that locates vulnerabilities on a PC so it can exploit them. Once it locates the vulnerability the malcode transfers the worm through the vulnerability. This is where the installer takes command by transmitting the malcode to your PC.

Once the malcode has infected the PC, the worm will use a tool that is designed to discover other computers that are connected to the network. From there it scans the other computers on the network to locate vulnerabilities and then uses the penetration tool to access those computers. This is known as a payload and is malware that is capable of operating remote access applications, keylogging, spying, as well as any other types of malicious behaviors.

The payload can also disguise itself in the form of an email attachment. It will trick the user into opening it by making the user believe it has come from a trusted source. This is accomplished by sending the email from a known person's address without the knowledge of that user. The payload uses the email account and address book to copy itself and then spread to other email recipients.


What makes a worm so destructive is its capability to replicate itself as many as 250,000 times over a several hour period. Not only can it scan for computers that are on the network, it will also scan for unsecured servers and then replicate itself to each server. Depending upon the type of worm, it can be programmed to replicate itself on specific days of the month for the purpose of making targeted attacks on certain events.

Computer worm malware generally replicates itself through an email program by searching for email addresses that it can mail itself to. Once it has located a list of email addresses, it will mail itself in the form of an attachment to each recipient.

The process a worm uses to replicate itself causes the Internet to slow to a crawl due to the massive amount of traffic it creates. It can also gain unauthorized access to a website to launch an attack by sending thousands of information requests to the site in an attempt to crash the site.

Although email is the most common way a worm will replicate itself, it will also attack other applications such as Microsoft Word and Excel by inserting malcode into those applications and then using them as an attachment.

Log in or sign up to comment.

Post a comment

Log in or sign up to comment.

With the advent of wireless Internet, more and more computer users are entering the world of cyber space.

Yet, while these users are well aware of the importance of the protection of their computer when hooked up to regular internet providers, they are often oblivious to the fact that the same cyber dangers, and in fact even more, exist in the world of WiFi.

What you may not know is that same Internet connection that makes it possible to check your email from the comfort of your bed also makes it easier for hackers to access your personal information.

It is for this reason, the sharing of the wireless Internet connection, that protecting your computer when wireless is even more important than ever before.