What type of virus is this? You check your client’s “Sent Emails” folder and notice your client recently sent the same email to everyone on their contacts list. The emails have the same subject line as the malicious email they received. It almost seems like the email replicated itself…
Aha! Rather than a virus, which needs to be attached to a file or application to spread, you may have found a worm.
A worm is self-replicating code that copies itself from computer to computer without user intervention. This worm could be just as dangerous as a virus.
The worm could also replicate so much that it overloads your client’s system. By doing this, the worm could bring down the system and violate availability.
Your Suggestion
- Follow the previous suggestions for adware and viruses.
- Monitor the computer for any unexpected changes! Is it slower than usual? Is there less hard drive space than expected? Have files mysteriously appeared or disappeared? These could all be signs of worms.
Instructions
How does a worm work? While worms don’t attach themselves to files, we’ll use files to simulate their duplicative nature!
First, let’s look at some innocent files that our “worm” will infect.
Press “Run” to run dont_infect_me.py.
Press the “x” next to the filename to close the file.
Let’s look at another innocent file.
Make sure you’ve closed the dont_infect_me.py file. You should now see the infect_me.txt file in the workspace.
Press “Run” to run infect_me.txt. (Nothing will happen because it’s a text file!)
Press the “x” next to the filename to close the file.
Let’s look at our last innocent file.
Make sure you’ve closed the infect_me.txt file. You should now see the why_infect_me.py file in the workspace.
Press “Run” to run why_infect_me.py.
Press the “x” next to the filename to close the file.
Finally! We’ve reached the worm file.
What this file will do is search for any python file with “infect_me” in its name. You don’t need to understand this code, all you need to do is run it!
Press the “Run” button.
Now, click the folder button in the workspace to look at the files.
Open the dont_infect_me.py, infect_me.txt, and why_infect_me.py files.
The “worm” should have copied itself into the files with the .py
extension.
If you didn’t close those files, you will need to close and reopen them to see your worm in action!