Pin Me

How To Protect Against Computer Worms

written by: Lee Clemmer•edited by: Bill Bunter•updated: 5/5/2010

Computer worms are some of the most aggressive and disruptive manifestations of malware in existence. This article examines how worms spread and how to protect against them. Protection is best when several different methods work together.

  • slide 1 of 4

    How Would I Catch a Network Worm?

    Computer worms propagate on their own. They search for other computers, probing the networks they are on either randomly or with some plan or design, such as computer names or addresses they find on a computer they have infected. When they find a computer, they attempt to make a network connection to it and take over; trying to find one or more vulnerabilities they can use to do so.

    Worms really are often masterful, elegant, and expert examples of programming. They tie together the automation of services, daemons, or memory-resident viruses often with a level of strategy that almost suggests artificial intelligence. AI isn't beyond possible for worms of the future, either. They also require the programmer's understanding and use of vulnerabilities and exploits. The worms need a weakness in target computers out on the network in order to spread.

    Part of what makes the Internet such a fertile ground for the spread of worms is the sheer volume of computers present, and the vast numbers of uneducated, inexperienced, or unconcerned users and computer owners or operators. Unfortunately, even one or a few vulnerable computers permitting a worm infection can paralyze a network. The worm can flood network segments, WAN circuits, and Internet connections with attempts to seek new victims and spread. For some historic worms this was the majority of the damage done--the worms didn't damage local computer programs or data, they simply clogged the network pipes wherever they went.

    The main means of catching a worm is failure to have your anti-virus software signatures up-to-date. Most often anti-virus software that is kept up to date can stop a worm. Other weaknesses allowing you to catch a worm involve having no network firewall to block access by the worm to your computer network, and having no host-based firewall blocking access to each PC. Any one of these weaknesses could lead to worm infection. It's best practice to keep all of these means of protection in place and up to date. Let's look at protection in detail.

  • slide 2 of 4

    How Can I Stop Computer Worms?

    Here are ways to keep your systems and networks as safe as possible from worms:

    Keep Your Computers Patched - Worms most often rely on unpatched computers to spread. They use vulnerable network services to infect and gain access to the computer's resources. Patches fix the vulnerabilities.

    Host-based Firewalls - A software firewall on your computer should be able to block many if not all worms from accessing your computer, and from using your computer to search on the network and Internet if you do become infected.

    Network Perimeter Firewalls - Your network firewall can block worms from ever reaching your computers. A tightly configured firewall can also block worms from making outbound connections to the Internet and trying to spread. This also keeps them from saturating your Internet connection and blocking traffic.

    Filtering on Routers and Wi-Fi Equipment - In larger networks and commercial networks traffic can be filtered. Often access to the Internet can be configured to require authentication as well.

    Anti-Virus Software - This is the last and most fundamental line of defense against any infection of your PC. Frequently and automatically updated AV software should be able to identify worms, block them, disable them if they do connect, and alert you. Remember this especially if your computer is a laptop and is on untrusted networks frequently.

  • slide 3 of 4

    Future Protection

    If your anti-virus software isn't kept updated, the worm might possibly infect your system, and that's where host-based firewall software can block the worm. These two security components work together; if one fails, the other can still stop the attack. In the future, as software and systems become more complex, we can expect worm and virus developers to become craftier and more difficult to stop.

    Future worms will leverage even more techniques to avoid detection, including mutating themselves, masquerading as valid connections, somewhat like a trojan, and by bypassing firewalls with new network communication protocols and novel use of those protocols. I'm sure we'll see truly artificial intelligence in worms as well.

  • slide 4 of 4

    More Information

    Check out my articles on the different kinds of computer viruses, how computer viruses are made, what computer worms are, and the differences between worms and viruses.