Crime Branch Advisory
The Nigerian Scam
computer worm is a self-contained program (or set of programs) that
is able to spread functional copies of itself or its segments to
other computer systems (usually via network connections). Unlike
viruses, worms do not need to attach themselves to a host program.
There are two types of worms - host
computer worms and network worms.
Host computer worms are entirely
contained in the computer they run on and use network connections
only to copy themselves to other computers. Host computer worms
where he original terminates itself after launching a copy on another
host (so there is only one copy of the worm running somewhere on
the network at a given moment) are also called "rabbits".
Network worms consist of multiple
parts (called "segments"), each running on different machines
(and possibly performing different actions) and using the network
for several communication purposes. Propagating a segment from one
machine to another is only one of those purposes. Network worms
that have one main segment, which coordinates the work of the other
segments are sometimes called "octopuses."
History of Worms
Despite, debatably, being the most
famous, the Internet worm of 1988 was, assuredly, not the first
or the last to have affected any network. The term "worm"
was used for the first time by science fiction author John Brunner
in his book called "The Shockwave Rider". In his book
Brunner described a totalitarian form of Government, which would
keep a control over their citizens by the use of a powerful computer
network. A freedom fighter, in the story, introduced into this computer
network system a contaminant, which was called a "tapeworm".
This tapeworm infested the system and forced the government to shut
down the network and their main base of power was lost.
Surprisingly, the first worms in
history were actually designed to good rather than harm to networks.
The first ever programme that could be called a worm, as per definition,
was developed for the assistance of air traffic controllers by Bob
Thomas in 1971. This worm" programme would notify air traffic
controllers when the controls of a plane moved from one computer
to another. In fact, this worm named "creeper" would travel
from one computer screen to the other on the network showing the
message, "I'm reeper! Catch me if you can!" The difference
from most worms was that this creeper did not reproduce itself.
Even later, although the idea of developing worms slowly faded away,
a few people did try to experiment with these. These included John
Shock and Jon Hepps of Xerox's Palo Alto Research Center, who in
the early 1980s began working on worm programmes. This was also
the first time that this type of programme was called a worm.
Both of them developed a total of
5 worms, each specially designed to perform a particular function.
They were programmed to do certain tasks around the network. The
simplest of these worms was a "town crier" worm. Its job
was only to post announcements on all the computers of the network.
Then there were the more complicated worms, like the one, which
would remain completely dormant during the day and would activate
only in the night. Once all the employees had left for the day,
this worm would harness the extra computing power of the idle computers
to do tasks which required more computing power. In the morning,
before the arrival of the employees it would save all the work done
during the night and become dormant till the next evening.
Although these programmes were apparently
helpful around the network, their developers were given a rude glimpse
of their inherent destructive possibilities when one morning the
employees returned to find that all the computers had crashed. When
they tried to restart the computers, they crashed again. It was
found that one of the worms had malfunctioned and had created havoc
in the network. A "vaccine" had to be created so as to
deactivate the worm before the computers on the network could become
World Famous Worms
The Internet Worm - 1988
On November the 22nd, 1988, Robert
Morris, a Cornell University science graduate accidentally released
his worm on a very large network in the area. This network was named
Arpanet, which later went on to become the Internet. The worm managed
to infect approximately three thousand computers during eight hours
of activity. The Internet worm as it came to be known, disabled
all those machines by making copies of itself and thus clogging
them. Apart from clogging all the security loopholes, many machines
had to be completely taken off the network till all copies of the
worm could be totally removed. Although the entire process took
the scientists almost two to three days, no data was lost on any
of the infected computers and no permanent damage was done to any
of the computers.
The SPAN network worm - 1989
On the 16th of October 1989, a worm
named WANK infected many VAX and VMS computers on the SPAN network.
This worm, if it found that it had system privileges, would then
change the system announcement message to "Worms against Nuclear
Killers!" The message was then graphically displayed as the
first letters of each word and the last three letters of the last
The Christmas tree Worm -
The Christmas tree worm, which was
a combination of a Trojan Horse (a programme which does something
more than what is entered in its specifications) and a chain letter.
This was a mainframe worm and managed to paralyze the IBM network
on Christmas day 1987. The worm was written in a language called
Exec. It asked the user to type the word "Christmas" on
the screen. Then it drew a Christmas tree and sent itself to all
the names of people stored in the user files "Names" and
"Netlog" and in this way propagating itself.