A worm is a self-replicating, self-contained software program
that does not need to be part of another program to propagate. A virus, in contrast, attaches itself to
and becomes part of another executable program. Worms as well as viruses
typically contain some kind of malicious payload besides the propagation and
infection mechanism.
On February 3, 2005, Sophos, Inc., a company providing virus
detection and other security tools, warned that a version of the Bobax-H worm,
hidden within Saddam Hussein photos showing him deceased, invaded computers and
carried message warnings such as “Saddam Hussein: Attempted Escape. Shot Dead.”
Other versions of the worm had pictures of an allegedly captured Osama Bin
Laden. If activated, the payload had the same effect as the Sasser worm.
Security experts worldwide have been exploring various ways
of stopping worms in their tracks. In April 2005, Professor Shigang Chen and
Professor Sanjay Ranka at the University of Florida said they designed an Internet worm early-warning system to
detect the initial sign of a malware
attack. Professors Chen and Ranka
said that their suggested early-warning system monitors a “used” address space
and relies on RESET packets to
find the scan sources. Their research paper focuses on TCP-focused worms and
details a means of avoiding so-called “false
positives” by viewing reply traffic from targets instead of monitoring
the SYN packets to track
half-open connections.
See Also:
Attack; False Positives; Internet; Malware; Packet; Synchronize Packet (SYN);
Virus.
Inquirer. Saddam Hussein “Death” Virus on Loose. [Online, February 3, 2005.]
Breakthrough Publishing Ltd. Website http://www.theinquirer.net/?article=21080;
Naraine, R. Researchers Propose Early Warning System for Worms. [Online, April
20, 2005.] Ziff Davis Media Website.
http://www.eweek.com/article2/0,1759,1788294,00.asp.
