1 00:00:00,910 --> 00:00:03,140 What is a computer worm? 2 00:00:03,140 --> 00:00:05,680 Well, a worm is a piece of malicious software, 3 00:00:05,680 --> 00:00:07,060 much like a virus. 4 00:00:07,060 --> 00:00:08,630 But it has a key difference. 5 00:00:08,630 --> 00:00:12,330 A worm can replicate itself without any user interaction. 6 00:00:12,330 --> 00:00:14,520 If you remember when I talked about viruses, 7 00:00:14,520 --> 00:00:16,980 I said that a user has to install a program, 8 00:00:16,980 --> 00:00:19,010 or open a file, for that virus to be able 9 00:00:19,010 --> 00:00:20,250 to take its action. 10 00:00:20,250 --> 00:00:23,000 But with worms, that's simply not the case. 11 00:00:23,000 --> 00:00:25,340 Worms are able to self-replicate and spread 12 00:00:25,340 --> 00:00:27,800 throughout your network, without a user's consent, 13 00:00:27,800 --> 00:00:29,190 or their action. 14 00:00:29,190 --> 00:00:31,210 This occurs because worms take advantage 15 00:00:31,210 --> 00:00:35,010 of security holes in operating systems and applications. 16 00:00:35,010 --> 00:00:37,270 So, if a worm knows that there's somebody out there 17 00:00:37,270 --> 00:00:39,220 who hasn't installed a security patch, 18 00:00:39,220 --> 00:00:41,560 they can take advantage of that, and use that to spread 19 00:00:41,560 --> 00:00:43,920 from victim to victim, across the network, 20 00:00:43,920 --> 00:00:45,530 and across the world. 21 00:00:45,530 --> 00:00:47,750 Because of this, worms can cause disruption 22 00:00:47,750 --> 00:00:51,000 to your normal network traffic, and computing activities. 23 00:00:51,000 --> 00:00:53,470 This is because they're spreading and replicating 24 00:00:53,470 --> 00:00:54,540 really fast. 25 00:00:54,540 --> 00:00:56,510 And when they do this from your victim machine, 26 00:00:56,510 --> 00:00:58,320 They're using up computing power. 27 00:00:58,320 --> 00:01:00,380 Its processing power, its memory, 28 00:01:00,380 --> 00:01:02,300 and its network traffic capability. 29 00:01:02,300 --> 00:01:05,320 And all of that is going to start slowing down your system. 30 00:01:05,320 --> 00:01:09,030 In some cases, this can even cause your system to crash. 31 00:01:09,030 --> 00:01:11,500 Worms are known for spreading far and wide 32 00:01:11,500 --> 00:01:14,470 over the Internet, in a very short amount of time. 33 00:01:14,470 --> 00:01:17,530 Back in 2001, there was a worm named Nimda, 34 00:01:17,530 --> 00:01:19,610 which is admin spelled backwards. 35 00:01:19,610 --> 00:01:22,270 It was able to propagate across the entire Internet 36 00:01:22,270 --> 00:01:24,360 in just 22 minutes. 37 00:01:24,360 --> 00:01:28,090 Then, in 2009, there was another worm, called Conficker. 38 00:01:28,090 --> 00:01:29,870 This is probably one of the largest worms 39 00:01:29,870 --> 00:01:31,160 that we've seen to date. 40 00:01:31,160 --> 00:01:35,120 It was able to infect between nine and 15 million machines. 41 00:01:35,120 --> 00:01:37,840 This worm was going through and infecting as many machines 42 00:01:37,840 --> 00:01:40,690 as it could, and any machines it found that was missing 43 00:01:40,690 --> 00:01:42,750 a Microsoft operating system patch, 44 00:01:42,750 --> 00:01:47,750 specifically the Microsoft 08-067 patch, they would infect. 45 00:01:47,910 --> 00:01:49,940 This patch was solving a software bug 46 00:01:49,940 --> 00:01:53,200 inside the way Windows was doing file and printer sharing. 47 00:01:53,200 --> 00:01:55,460 Conficker sought out these victim machines, 48 00:01:55,460 --> 00:01:57,800 installed a piece of code, and they all became part 49 00:01:57,800 --> 00:01:59,090 of its botnet. 50 00:01:59,090 --> 00:02:01,400 Ultimately, this botnet was able to be shut down 51 00:02:01,400 --> 00:02:04,310 before it was used for a negative or a nefarious purpose, 52 00:02:04,310 --> 00:02:06,560 but it does show the true power of these worms, 53 00:02:06,560 --> 00:02:11,310 and how far and wide they can spread across the Internet.