The Problem: After checking your email earlier in the day, you found that your computer was running considerably slower than it had been before- not necessarily unstable, just very sluggish. After running a virus scan, you discovered that there was a malicious program running in the background, which was eliminated by the anti-virus program. Immediately afterwards, you noticed a performance boost but then a short while later it was slowed again. You performed another virus scan, and it was again picked up and eliminated. This cycle repeated over and over throughout the day, until finally you started to hear that the rest of the facility was experiencing the same basic issue.
“Worms” want to propagate -to spread- more than anything else. Despite the fact that they do not always cause immediate harm like virus or Trojans would, they always cause unwanted effects such as slowing down performance of systems, servers and networks. Worms also are used as platforms to install methods to remotely control the system for use in a botnet and to turn the system into a zombie under the command of a central structure.
The Solution: Fortunately, because worms spread so rapidly and as a result are easily picked up if you are looking for them, most worms can be dealt with with standard removal methods.
Solution the First: Dedicated Removal Tools
For a decade now, Microsoft has regularly released its “Malicious Software Removal Tool” as part of Windows Update and has specifically dealt with worm outbreaks as part of its package. There are many such tools available from a wide variety of vendors and open-source resources, designed to take care of very specific situations. Please note that this is not a substitute for a standard anti-virus application, but rather it is meant to deal with issues that require advanced tools.
Solution the Second: Anti-virus/Anti-Malware Software
Both Avast and Spybot provide invaluable services for those working on a budget at home, or professional-grade software for use in a more formal setting. They regularly deal with worms, and in Spybot’s case is capable of cutting of many of the more popular worms from communicating out to the command and control servers of the worm’s author.
Solution the Third: Firewall Solutions
CheckPoint is one of a handful of high profile Firewall developers, and their ZoneAlarm product has both a free home use version as well as professional products as well. If you need something more substantial, many vendors also provide dedicated hardware appliances with Firewalls embedded in them to take care of larger threats.
Honorable Mention: Network Intrusion Detection Systems such as Snort
Worms can sometimes be seen as benign -researchers have often tried to use them as a vector to spread patches and fixes instead of malicious software, but this solution never gains a lot of ground. At this time, worms still need to be treated as malware and dealt with as such.
Kurt Ellzey has been involved in Information Security and Technology for the better part of the past 15 years. During that time, he has been published as part of the compilation Security 3.0, the writer for the Ramp with 5 Levels, and a contributor at LIFARS with the Weird Security Term of the Week series. More information about Kurt can be found on LinkedIn or on Twitter.