|Worms generally exploit a technology called RPC (Remote Procedural Call). RPC is used for programs to interact that are on different computers.
There are many types of worms e.g. Email worms, File Sharing worms to name a couple. But worms need more explaining than say Trojans or Rootkits because of the nature of how they come to be.
|Take a look below at the general life cycle of a typical worm to get an understanding of what they are. Just imagine a worm being developed by somebody somewhere. They then unleash it via the Internet from some computer. This is only an example of a worm there are many types.
The Worm Life Cycle:
- The worm is created or programmed.
- The worm scans for a victim. (Using IP scanning see below)
- The worm finds a victim. (An IP it can exploit)
- Send exploit code. (Because it can gain access)
- Root the exploit code in the victims machine.
- Get copy of the original worm into the victims machine.
- From the victims machine, worm scans for another victim. (repeat steps)
This particular life cycle only explains use of bandwidth (broadband use etc.) But the latest worms now drop off payloads. This means that it can now drop off Spyware and Viruses or open your system to let them in. This would happen in the exploit area of the life cycle.
|What is IP scanning?:
Technically each computer on the internet uses an IP (Internet Protocol) address e.g. 192.168.0.1 to uniquely identify it on the internet. Nerds will explain to you about non-routable addresses etc. so for now just remember each computer needs one of these IP addresses to exists on the internet.
A worm designer when creating their code must use some sort of IP scanning technology in their design. This will be some sort of function or method used in what ever programming language they are using. They then execute their program on a machine and this then heads out on the internet or local networks and scans for an IP address hoping to exploit its access technologies.
They can use different types of IP scans to deal with different targets. E.g.
Scan randomly using random generator.
Scan using some Global accessed addresses.
Scan all IP addresses that are out there.
Scan local networks (usually non-routable addresses)
There are more complicated scanning techniques and evolving as each day passes.
Manual Steps To Help Remove VIRUS/SPYWARE>>>