The IT Law Wiki


A worm is

an independent computer program that reproduces by copying itself from one system to another across a network.[1]
[a] self-propagating malicious code that can automatically distribute itself from one computer to another through network connections. A worm can take harmful action, such as consuming network or local system resources, possibly causing a denial-of-service attack.[2]
a program, originally developed by systems programmers, which allows the user to tap unused network resources to run large computer programs. The worm would search the network for idle computing resources and use them to execute a program in small segments. Built-in mechanisms would be responsible for maintaining the worm, the worm, finding free machines, and replicating the program. Worms can tie up all the computing resources on a network and essentially shut it down. A worm is normally activated every time the system is booted up.[3]

A brief history of worms[]

The term "worm" was first used in the science-fiction novel, "The Shockwave Rider" by John Brunner, which described a program running loose through a computer network.

Worms date back to the early days of computers when they were created to perform maintenance on computer systems. In 1988, the Morris worm received significant media attention and affected over 6,000 computers. In the mid to late 1990s, the landscape began to change with the growth of the Internet and personal computer use, the rise of networking, and the adoption of electronic mail systems.

The so-called “big impact worms” began to reach the public in novel ways. The increased use of e-mail brought high-profile, mass-mailer worms such as Melissa (1999), "ILOVEYOU" (2000), Anna Kournikova (2001), SoBig (2003) and Mydoom (2004) that made headlines and entered the public consciousness. These types of worms doubled their number of victims every one-to-two hours, rapidly reaching peak activity within 12-to-18 hours of being released. This marked the parallel rise in organised, sometimes co-ordinated attacks.

The explosive growth of online financial transactions resulted in increased security incidents and in the appearance of new types of malicious software and attacks. Today, mass worms and virus outbreaks are becoming ever scarcer while stealthy malware such as trojan horses and backdoors are on the rise.

How worms work[]

Worms also are self-propagating; unlike viruses, they can create fully functional copies and execute themselves without user intervention. This has made worms increasingly popular with attackers, because a worm has the potential to infect many more systems in a short period of time than a virus can.[4]

Worms take advantage of known vulnerabilities and configuration weaknesses, such as unsecured Windows shares. Although some worms are intended mainly to waste system and network resources, many worms damage systems by installing backdoors, perform distributed denial of service (DDoS) attacks against other hosts, or perform other malicious acts.

The two primary categories of worms are network service worms and mass mailing worms.

Defensive reactions[]

The spread of a new Internet worm results in several tiers of reaction: 1) knowledgeable network operators try to block the worm by configuring switches, routers, and firewalls; 2) an updated signature is created to stop the worm via antivirus and intrusion prevention systems; and 3) a patch is created to fix the underlying vulnerability.


  1. Information Security: Agencies Face Challenges in Implementing Effective Software Patch Management Processes, at 3.
  2. Privacy and Civil Liberties Policy Development Guide and Implementation Templates, App. E, Glossary.
  3. Glossary of Security Terms, Definitions, and Acronyms, at 264.
  4. A worm differs from a virus in that the latter requires user action to set in motion of set of potential harmful activities whereas a worm is self-executable and will burrow its way through an operating system until it reaches its intended target. Cybersecurity Issues for the Bulk Power System, at 5 n.18).

See also[]

External resource[]