Worms, viruses attack

WITH the Welchia computer worm wreaking havoc at Perth hospitals and making headlines last week, business is once again reminded of the vigilance required to reduce vulnerability to computer worm or virus attacks.

Whatever the motives of their creators, understanding the difference between computer worms and viruses and how they work is useful to establishing ways of stopping them attacking computer systems.

The difference between a worm and a virus is that a worm is self-replicating (requiring no inter-action by a user) and can therefore spread on its own, whereas a virus typically attaches itself to an executable file and requires some form of human interaction to be executed and spread – often being disseminated via email as an attachment.

Gartner research director Steve Bittinger said worms were gen-erally stand-alone programs that thrived on distributed systems where as viruses were programs written and embedded in other programs, such as email attach-ments.

Once an infected program is executed the virus code is activated and can attach copies of itself to other programs in the system with the infected programs continuing to copy the virus to other programs.

Computer worm attacks have become more prevalent in recent years and can be more damaging to a business as they are able to bring down an entire network by soaking up network resources and preventing users from logging on.

Viruses, on the other hand, are designed to infect files and when activated can perform malicious activities, such as readicating system files from a computer’s hard drive.

More concerning is that recent worms such as the Welchia, MS Blaster and SoBig.F. were not proliferated through email, instead attacking computers through security holes in Microsoft 2000 and XP operating systems.

This also means that the MS Blaster, Welchia and SoBig.F. worms only affect recent versions of Windows but not Macintosh and Linux operating systems.

Also called Lovsan.a, the MS Blaster worm takes advantage of a weakness in some Microsoft operating systems proliferating itself throughout a network and bringing down system availability. 

It also leaves a “back door”’ open that could leave a computer system open to further attacks.

The Welchia, also called the Nachia worm, functions as a patch to the MS Blaster worm, shutting the security holes opened by it, before taking its place in infected computers.

Also spreading was the SoBig.F. worm, which can run a “Trojan” file that enables outsiders to steal confidential information and files on infected computers.

SoBig.F. is version 6 of an ever-evolving worm that has prolif-erated so rapidly it is estimated to be the most widely distributed worm to date.

According to the Symantec web site, the SoBig.F. worm is a mass-mailing, network-aware worm that sends itself to all the e-mail addresses it finds in the files that have the certain file extensions.