State of Alaska, Department of Administration, Enterprise Technology Services

Departments >  Administration > ETS > Security > Security Awareness > Awareness Bulletin - Worms

Cyber Awareness Bulletin

The following cyber awareness bulletin was issued by the State of Alaska. The information may or may not be applicable to the general public and accordingly, the State does not warrant its use for any specific purposes.

Worms

Worms are parasitic computer programs that self-replicate and spread, but unlike viruses, do not infect host program files.  They are independent pieces of code that exploit known system vulnerabilities and often run malicious payloads - without the need for a user to activate them.  A worm can be programmed to replicate itself multiple times on the same computer, or can send itself to other computers via the Internet.  Worms often spread via IRC.

Worms differ from viruses in that they do not require user action in order to activate.  A worm will self-replicate and spread without a user clicking on an infected file, visiting a malicious "drive-by" web site, or anything else.  Consequently, they are often able to spread faster than viruses.  The SQL Slammer worm, released on January 25, 2003, was able to spread across the world in 11 minutes.

Worms often use parts of an operating system that are automatic and usually invisible to the user.  It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks.  Frequently the malicious payload of a worm will only be activated when certain conditions are met - like a specific date or time.  The MSBlaster worm, for example, was designed so that infected computers would launch a Distributed Denial of Service attack against Microsoft on August 16, 2003.

Worm Detection and Prevention Tips

Get protected.

If you don't already have virus protection software on your machine, you should.  Anti-virus software will detect and remove malicious worm infections.  If you're a home or individual user, you should install the latest anti-virus software for your personal computer. If you're on a network, check with your network administrator first.

Scan your system regularly.

If you're loading anti-virus software for the first time, it's a good idea to let it scan your entire system.  Often the anti-virus program can be set to scan each time the computer is rebooted or on a periodic schedule. Some will scan in the background ("real time") while you are connected to the Internet. Make it a regular habit to scan for viruses and worms.

Keep your system patched.

In order for worms to spread, they must exploit existing software vulnerabilities.  Often times, vendors release patches for these vulnerabilities months before a worm is created that exploits them.  The patch that would have protected users against SQL Slammer was released six months before the worm was unleased to the Internet.

Stay informed.

There are new malware and security alerts almost every day.  Keep up-to-date on breaking worms and solutions.  Furthermore, you can go to the State of Alaska Security Advisory web pages for up-to-date cyber alerts within Alaska State government.

Update your anti-virus software.

Now that you have virus protection software installed, make sure it's up to date. Most anti-virus programs have a feature that will automatically link to the Internet and add new virus detection definitions whenever the software vendor discovers a new threat.

Click here for information on how to install and use anti-virus programs.