Worms

A computer worm is a self-contained program (or set of programs) that is able to spread functional copies of itself or its segments to other computer systems (usually via network connections). Unlike viruses, worms do not need to attach themselves to a host program.

There are two types of worms - host computer worms and network worms.

Host computer worms are entirely contained in the computer they run on and use network connections only to copy themselves to other computers. Host computer worms where he original terminates itself after launching a copy on another host (so there is only one copy of the worm running somewhere on the network at a given moment) are also called "rabbits".

Network worms consist of multiple parts (called "segments"), each running on different machines (and possibly performing different actions) and using the network for several communication purposes. Propagating a segment from one machine to another is only one of those purposes. Network worms that have one main segment, which coordinates the work of the other segments are sometimes called "octopuses."

History of Worms

Despite, debatably, being the most famous, the Internet worm of 1988 was, assuredly, not the first or the last to have affected any network. The term "worm" was used for the first time by science fiction author John Brunner in his book called "The Shockwave Rider". In his book Brunner described a totalitarian form of Government, which would keep a control over their citizens by the use of a powerful computer network. A freedom fighter, in the story, introduced into this computer network system a contaminant, which was called a "tapeworm". This tapeworm infested the system and forced the government to shut down the network and their main base of power was lost.

Surprisingly, the first worms in history were actually designed to good rather than harm to networks. The first ever programme that could be called a worm, as per definition, was developed for the assistance of air traffic controllers by Bob Thomas in 1971. This worm" programme would notify air traffic controllers when the controls of a plane moved from one computer to another. In fact, this worm named "creeper" would travel from one computer screen to the other on the network showing the message, "I'm reeper! Catch me if you can!" The difference from most worms was that this creeper did not reproduce itself. Even later, although the idea of developing worms slowly faded away, a few people did try to experiment with these. These included John Shock and Jon Hepps of Xerox's Palo Alto Research Center, who in the early 1980s began working on worm programmes. This was also the first time that this type of programme was called a worm.

Both of them developed a total of 5 worms, each specially designed to perform a particular function. They were programmed to do certain tasks around the network. The simplest of these worms was a "town crier" worm. Its job was only to post announcements on all the computers of the network. Then there were the more complicated worms, like the one, which would remain completely dormant during the day and would activate only in the night. Once all the employees had left for the day, this worm would harness the extra computing power of the idle computers to do tasks which required more computing power. In the morning, before the arrival of the employees it would save all the work done during the night and become dormant till the next evening.

Although these programmes were apparently helpful around the network, their developers were given a rude glimpse of their inherent destructive possibilities when one morning the employees returned to find that all the computers had crashed. When they tried to restart the computers, they crashed again. It was found that one of the worms had malfunctioned and had created havoc in the network. A "vaccine" had to be created so as to deactivate the worm before the computers on the network could become functional again.

World Famous Worms

The Internet Worm - 1988

On November the 22nd, 1988, Robert Morris, a Cornell University science graduate accidentally released his worm on a very large network in the area. This network was named Arpanet, which later went on to become the Internet. The worm managed to infect approximately three thousand computers during eight hours of activity. The Internet worm as it came to be known, disabled all those machines by making copies of itself and thus clogging them. Apart from clogging all the security loopholes, many machines had to be completely taken off the network till all copies of the worm could be totally removed. Although the entire process took the scientists almost two to three days, no data was lost on any of the infected computers and no permanent damage was done to any of the computers.

The SPAN network worm - 1989

On the 16th of October 1989, a worm named WANK infected many VAX and VMS computers on the SPAN network. This worm, if it found that it had system privileges, would then change the system announcement message to "Worms against Nuclear Killers!" The message was then graphically displayed as the first letters of each word and the last three letters of the last word.

The Christmas tree Worm - 1987

The Christmas tree worm, which was a combination of a Trojan Horse (a programme which does something more than what is entered in its specifications) and a chain letter. This was a mainframe worm and managed to paralyze the IBM network on Christmas day 1987. The worm was written in a language called Exec. It asked the user to type the word "Christmas" on the screen. Then it drew a Christmas tree and sent itself to all the names of people stored in the user files "Names" and "Netlog" and in this way propagating itself.