Worm propagation in protected networks
Malicious code, also referred to by common terms such as viruses, worms, and trojans, are a significant component of the scope of attacks that a modern IT organization must be prepared to defend against if they are operating with any Internet connectivity at all. The general term of malicious code, an umbrella term, is used to describe any code that performs unsolicited activity without the authorization of the user, and the more common and specific terms are often seen in technical write-ups of specific instances, or in the press due to their wide spread recognition.
Worms, a specific case of malicious code, are sometimes called blended threats and differ from traditional viruses primarily because they are able to propagate across a network with no intervention from the user. Whereas traditional viruses generally are defined as requiring some interaction with the user, possibly running a program, or perhaps clicking on a link to download some component via a Web site; worms have the capability to spread with no user interaction at all; most often this involves searching out hosts that are running vulnerable services and exploiting these vulnerabilities. Worms are especially dangerous because they require no action from a user; therefore if there is an outbreak, they are able to spread far quicker, and the spread is not confined to business hours in the affected region of the globe.
[ Read more ]