A computer worm is an independent malicious program that propagates itself across a network by exploiting security or policy flaws in widely-used services. Worms are different from traditional viruses in the way that they are able to propagate across a network with manual intervention. Upon arrival, the worm may be activated to replicate itself or perform unwanted functions.
Traditional viruses are generally defined as malicious programs that require a host program for execution. Viruses have the capability of reproducing and incorporating themselves into computer networks and/or files and other executable objects. Self-replicating malicious code has been an issue in computer security for many years, dating back at least to Ken Thompson’s self replicating code. In the past few years, with the widespread adoption of the internet, worms and viruses have become serious pests: spreading around the world in a matter of hours with the capability of carrying highly damaging payloads. This not only affects the end users, but also has a serious economic impact. Such malicious code is growing more sophisticated, as the authors of new worms learn from the successes and mistakes of the past. This project surveys and analyzes source codes to understand the life cycle of worms in an attempt to establish a common pattern in worm behavior. It will help to find feasible solutions to the problem. Almost all dangerous worms known to date are very similar in their behavior and utilize some well known system vulnerabilities. However, their intrusions are detected long after the beginning of epidemics. Often, such worms use random scanning techniques to find vulnerable Internet hosts. In order to understand the worm threat, it is necessary to classify types of worms, payloads and phases of their attacks. Section 2 of this paper classifies types of worms. Section 3 presents common phases of a worm life cycle. Section 4 provides several worm examples. Section 4 summarizes the paper and future work.
Download the entire document here.