Jon Thompson goes behind the headlines to expose the life cycle of a computer worm
Computer worm writers are often seen as a breed apart: über-hacker loners with a hatred of society bent on pushing their own twisted agenda. But the truth is that it might not be maliciously inclined whizz kids who are creating today’s worms. In fact, worms are easier to write than the simplest Windows application.
At its most basic, a computer worm is just a self-contained lump of code whose function is to spread between computers by replicating itself. There’s no complex user interface to design, build or test. There are usually no complex file or database sub-routines to consider, either.
In contrast to commercial programs, worms do not have to observe programming standards, so the source code can contain the proverbial and unmaintainable ‘spaghetti’ programming. In fact, worm code need never be maintained at all, so there are no support issues to worry about either. If a worm crashes due to unforeseen circumstances or bad programming, it simply crashes. Depending on the writer’s intent, if it takes Windows down with it, that may be a bonus.
With worm writing becoming easier, it’s no surprise there are already several hundred species roaming the internet, looking for computers to infect.
Dissecting the worm problem Unlike viruses, which attach themselves to host programs and only become infectious when that host runs, worms are independent applications, capable of traversing the internet on their own and as email attachments. Those caught in the wild have ranged from as little as 30 bytes in length to several megabytes, depending on their capabilities and intent. Their numbers are rising, but one anti-virus researcher says it’s a mistake to think the problem is out of control.
“The number of new viruses is not increasing exponentially, as is often claimed,” says IBM virus researcher David M Chess.
The Wildlist anti-virus website (www.wildlist.org) agrees: “The rate of appearance of new viruses in the collections of anti-virus workers has been increasing gradually for several years, at roughly a linear rate.” Wildlist carries a monthly round-up of the worms and viruses known to be active. In September 2008, the total stood at 762, with 43 declared extinct over the previous months.
