Computer Worms: What they are and how to get rid of them

Computer Worms: What they are and how to get rid of them

What is a computer worm?

 It is a malicious program that self-replicates (copying itself) and spreads most of the time through the network. This worm spreads from system to system by exploiting computer vulnerabilities (zero-day attack) or simply human flaws (social engineering).
A worm will try to spread on a maximum of computers, and although many of them are just spreading, some contain payloads, that is to say other malicious programs that go run on infected systems. These malicious programs can steal data, encrypt files, allow remote access (backdoor) ... etc.
How do they work?
We have seen that there are two main types of computer worms: those that spread through a flaw in the system, and those that spread by relying on the credulity of infected users.
The former will typically execute code exploiting a specific flaw in a system to introduce and spread. The fault is very specific to the targeted system.
The latter will rely on the credulity of users to click, download and run the worm on their computer, to infect other users in turn.
Examples of some computer worms

The Samy worm, an XSS worm
We will start with the most popular worm. This is the Samy worm created in 2005 by Samy Kamkar, a computer security researcher, who infected more than a million users on MySpace in 20 hours. The worm showed "but most of all, samy is my hero"  on the profile of the victims and each person visiting an infected profile was infected in turn. This is an XSS (Cross-Site Scripting) worm that used a flaw in the user profile pages.

The Stuxnet worm
Stuxnet is a computer worm discovered in 2010 and designed to attack the centrifuges of Iran's Natanz power station. It disrupted their operation, resulting in the destruction of several hundred of them.
It spreads on Windows systems using infected USB sticks and attacks systems with three zero day vulnerabilities. 45,000 computer systems, including 30,000 in Iran, have been infected.

The Autorun worm
It is a worm that spreads via infected USB keys, exploiting the so-called Autorun: a configuration file to automatically launch a program as soon as the key is plugged into a computer.

How do I know if I am infected?

More generally, a computer worm is a malicious program like many others and is removed in the same way (either via an anti-malware, or via an anti-virus, or having spotted it ourselves) .
In the case where the worm infects an account (Facebook, Skype ... etc), simply changing the password is not enough, but we must remove the worm. Because the worm does not necessarily know the password, it can very well take advantage of the authenticated session (typically when you are logged in) to chat for you.

How to protect yourself?

To protect yourself from worms exploiting computer vulnerabilities: you have to update your system and programs regularly.
To protect yourself from worms exploiting the credulity of people, one must remain suspicious and try to detect these attacks as far as possible.
For this, it is particularly important to know if the statement coming from an infected person could be real or not. Typically, on Facebook, knowing who visits your profile is not possible.
And finally, the shortened links to hide another link (and / or list the clicks) are also suspect in this context (goo.gl, bit.ly ... etc).