There has been a great deal of discussion as to whether or not the name "worm" is appropriate. Many still refer to the program which paralyzed the internet in late 1988 as a virus. However, there is a major difference between the average viral program, and the program in question, and for this reason, we will use the term "worm" to describe programs of the type in question, capitalizing when describing the specific Internet Worm launched in November of 1988.
The primary difference between worms and other illicit computer programs (often referred to as viruses) is the method of operation the programs use in order to reproduce and spread. When a standard computer virus enters a computer (almost always via an infected disk) it alters a system file, or some other convenient file which is likely to be used sometime in the near future. The alteration to this file usually is the addition of commands that will activate the virus wherever it is on the computer. The virus will then perform its nefarious deeds. The first major distinction here, at least in comparison with worms, is that, until the user (inadvertently) activates the virus, the virus is dormant on the computer. Moreover, until the altered file is called, the virus is unable to do any activity. The second distinction here is that a virus needs to be carried from one computer to another via shared diskettes. If the owner of a computer is careful to use only disks that they know are safe, the chance of viral infection is virtually nil.
A worm, on the other hand, is far more powerful. When a worm gains access to a computer (usually by breaking into it over the internet) it launches a program which searches for other internet locations, infecting them if it can. At no time does the worm need user assistance (accidental or not) in order to operate its programming. Moreover, the worm travels over the internet, so all machines attached to an infected machine are at risk of attack. Considering the connectivity of the internet on the whole, this includes a huge number computers whose only defense is the sealing of the security gaps which the worm uses to enter. Secondly, worms can spread with no assistance (as opposed to viruses which must literally be carried from one machine to another). Once the worm discovers an internet connection, all that it must do is download a copy of itself to that location, and continue running as normal.
Now it has been 7 years since the Worm was defeated, but it is still worth looking at what happened, both in terms of how the program operated, and as to what conditions allowed it to do what it did. With that in mind, there are a number of subtopics of interest.
If you have any questions or comments, feel free to send e-mail to:
email@example.com, or Thomas.M.Darby@syntegra.com