Avast Academy Security Malware What Is a Computer Worm?

What Is a Computer Worm?

A computer worm is an insidious type of malware designed to spread across multiple devices while remaining active on each. Learn where worms come from, how to recognize them, and how to defend against and remove computer worms with our leading anti-malware solution.

Editors' choice
Top Rated
Written by Ivan Belcic
Published on July 22, 2020

The key difference between a computer worm and a virus is how a worm can spread copies of itself to uninfected machines completely on its own. For a workable computer worm definition, think of worms as self-sufficient malware able to execute and proliferate without user interaction. You don’t need to even be using your computer in order for a worm to activate, replicate, and spread. Once a worm lands on your computer, it can start spreading immediately.

Hamburguer menu icon

This Article Contains :

    Whereas viruses need to borrow your computer’s programming or code in order to execute and replicate themselves, worms are self-contained. That’s why there’s no such thing as a “worm virus” — they’re two completely different, though similar, types of malware.

    How do computer worms work?

    Computer worms are dangerous because of how capable they are. As soon as a worm gains a foothold in a host machine, it’s able to spread throughout a network without any external aid or actions. As self-contained malware, worms don’t need to fool you into activating them, like Trojans do.

    Worms get the job done by exploiting hidden vulnerabilities in your computer’s operating system (OS). Hackers create worms in such a way that they can burrow into the target OS and do their dirty work without your knowledge. Below, we’ll show you how to tell if your computer has a worm so you can take steps to remove it right away.

    For many years, worm malware relied on physical means to gain entry into a network. A hacker would put their worm onto a floppy disc or other media drive and then wait for an unassuming victim to insert it into their computer. Even now, this tactic is still viable — many acts of corporate espionage and sabotage are initiated with a seemingly-innocuous USB flash drive.

    But today, it’s much more common to encounter worms that rely on purely electronic means of dispersal, such as email, instant messaging services, and file-sharing networks.

    What types of computer worms are there?

    By looking at how computer worms spread, we can sort them into distinct categories. Each category of worm uses a signature attack vector to propagate from machine to machine.

    Email worms

    As you’ve likely guessed, an email worm’s infection vector of choice is email. Email worms borrow your computer’s email client and send emails to everyone in your contact list. The catch? Those messages will spread the worm to your contacts, and then onto their contacts, and so on, potentially letting the worm spread exponentially. 

    Some of these emails will include attachments that, when downloaded, execute and install the worm on the recipient’s computer. Others embed shortened links in the body of the email to lead readers to malicious websites that then automatically download the worm. The most successful email worms make clever use of various social engineering techniques to trick victims into either downloading the attachments or clicking the desired links.

    Instant messaging worms

    Rather than hijacking your computer’s email client to conduct their misdeeds, IM worms prefer a more spontaneous approach. They burrow into a chosen messaging platform, such as Skype, Messenger, or WhatsApp, and then shoot a message out to all your contacts.

    The message, written with clickbait-esque language (LOL/OMG you’ve gotta see this!), tries to convince your contacts that you’ve just sent them a link to a hilarious bit of viral content. But instead of enjoying a hearty chuckle, when your friend clicks through, they’re taken to an infected website. In the meantime, the worm passes the message on to everyone on your friend’s contact list, also allowing for rapid spread.

    File-sharing worms

    You can’t take three steps today without bumping into a new streaming platform. Even as streaming takes over as the dominant mode of media consumption, many people still prefer to source their music, movies, and TV shows from other people via peer-to-peer file-sharing networks. (By the way, if you do too, you should definitely use a VPN.)

    Because these file-sharing networks operate in a less-than-legal area, they’re largely unregulated, and so it’s easy for hackers to embed worms into high-demand files. When you download the infected files, the worm copies itself onto your computer and continues its work. Be careful the next time you’re looking to avoid paying for that hot new movie or album.

    Internet worms (or network worms)

    In contrast to the above worm types, which all spread by exploiting some sort of human behavior, internet worms don’t interact with their victims at all. Instead, hackers use internet worms, or network worms, to target specific vulnerabilities in a given OS. Other worms may target different services or security flaws, such as weak passwords.

    From its perch in an infected computer, the network worm scans the internet or a local area network (LAN) for other computers with the same security weakness, then spreads to those machines. For example, the Mirai worm targets and infects Internet of Things (IoT) devices with default login credentials.

    Because many internet worms use software exploits, you can stay one step ahead by always updating your OS, programs, and apps to the latest versions as soon as they’re available.

    What can computer worms do?

    When worms first appeared, they had no goals other than to proliferate as widely as possible. Early hackers created these worms for their own amusement, to showcase their skills, or to demonstrate holes and vulnerabilities in then-current operating systems.

    Though they weren’t explicitly designed to do so, these “pure worms” would often cause harm or disruption as a side effect of their intended processes. A resource-hungry worm might slow down or even crash its host computer by using too much processing power, while other worms clogged up networks with bandwidth demands as they spread.

    Eventually, and unfortunately for the rest of us, hackers soon realized that worms could be used as delivery mechanisms for additional malware. In these cases, the extra code borne by the worm is known as its “payload.” One common strategy equips worms with a payload that opens a “backdoor” onto infected machines, allowing a cybercriminal to return later to take control of the system. Other payloads can harvest sensitive personal data, install ransomware, or turn target machines into “zombies” for use in botnet attacks.

    Avast One will detect and block computer worms — and other malware as well — before they have a chance to infect your machine. Keep your PC safe from sneaky threats like worms with a top-tier cybersecurity solution that’s 100% free.

    Computer worm history

    Some of the most destructive malware strains have been computer worms. Let’s take a look at several of the most infamous computer worm examples:

    The Morris worm

    Graduate student Robert Tappan Morris kick-started the era of the computer worm by launching his creation on November 2, 1988. Morris didn’t intend for his worm to cause any actual damage, but due to the way it was written, the worm was able to infect many of its host machines multiple times.

    Morris’s critical oversight resulted in massive swathes of computer shutdowns, rendering significant portions of the then-nascent internet unusable until the worm could be removed from the infected machines. As a result of the damage caused by his worm — estimates range from hundreds of thousands to millions of dollars — Morris went on to become the first person convicted under the 1986 US Computer Fraud and Abuse Act.


    Named for the email message by which it spread, the ILOVEYOU worm emerged in the Philippines in early 2000 before quickly spreading across the world. In contrast to the Morris worm, ILOVEYOU was a malicious worm designed to randomly overwrite files on its victims’ computers.

    After savaging its host machine, ILOVEYOU emailed copies of itself via Microsoft Outlook to all the contacts in the victim’s Windows Address Book. Ultimately, ILOVEYOU went on to inflict billions of dollars in damages worldwide, making it one of the most notorious computer worms ever seen.

    SQL Slammer

    2003’s SQL Slammer was a brute-force internet worm that spread at lightning speed to infect roughly 75,000 victims in only 10 minutes. Eschewing the email tactics of ILOVEYOU and its big-name email cousins Storm Worm and Nimda, SQL Slammer spread through targeting a vulnerability in Microsoft’s SQL Server for Windows 2000.

    SQL Slammer generated IP addresses at random, then sent copies of itself to the computers at those addresses. If the receiving computer happened to be running an unpatched version of SQL Server that still had the security vulnerability, SQL Slammer would waltz right in and get to work. It turned infected computers into botnets, which were then used to launch multiple DDoS attacks.

    Though the relevant security patch has been available since 2002, even before the initial wave of attacks, SQL Slammer nevertheless experienced a resurgence in 2016 and 2017.


    WannaCry is a more recent illustration of how devastating worms can be, even with modern cybersecurity tools. The 2017 WannaCry worm is also an example of ransomware, as it encrypted victims’ files and demanded ransom payments in order to return access. In just one day, WannaCry wormed its way into 230,000 PCs in 150 countries, including high profile targets such as Britain’s National Health Service and many other government branches, universities, and private firms.

    WannaCry used the EternalBlue exploit to target a security vulnerability in Windows versions older than Windows 8. When the worm found a vulnerable computer, it installed a copy of itself, began encrypting the victim’s files, and then displayed a ransom note when the process was complete.

    How to recognize computer worms

    There are a handful of telltale signs that indicate the presence of a computer worm on your device. Though worms mostly operate behind the scenes, their activities can result in noticeable effects for the victim, even if the worm isn’t intentionally doing anything malicious. Find out how you can tell if your computer has a worm with the following symptoms:

    • Your computer slows down or fails: Some worms, like our classic Morris Worm discussed above, can consume so much of a computer’s resources that there are hardly any left for normal functions. If your computer suddenly becomes sluggish or unresponsive, or even begins to crash, it might be because of a computer worm.

    • You’re running low on storage: As a worm replicates, it has to store all those copies of itself somewhere. If your computer’s available storage space seems a lot smaller than it should be, dig into what’s taking up all that space — it could be a worm.

    • Your computer behaves strangely: Since many worms spread themselves by taking advantage of direct communications, look for any sent emails or messages that you didn’t send yourself. Unusual alerts, unexplained changes, or new or missing files may also indicate the activity of a worm.

    • Your contacts ask you what’s going on: You might miss the above signs, and that’s OK. We all overlook things. But if you’ve caught an email or IM worm, some of your contacts may reach out to ask you about the strange message they received from you. It’s never too late to fix a worm infestation, even if it’s already begun to spread.

    How to prevent computer worms

    If a worm manages to get access to your device, the consequences can be hefty. The good news is that computer worm prevention boils down to a few sensible and smart habits that you can apply to malware in general. If you’re not already doing so, make the following tips an integral part of your digital lifestyle:

    • Never open strange email attachments: If this isn’t a hard-and-fast rule for you by now, make it one. Rarely has anything good ever come from opening an unfamiliar or unexpected email attachment, even if it’s from someone you know. And if it is, reach out to them and confirm that they actually meant to send it to you.

    • Don’t click weird links: Same as above — just don’t. Some cybercriminals are sophisticated enough to conceal their malicious links to the point where even hovering over them won’t work. No viral video is funny enough to warrant risking a malware infection. Ignore the link and move on.

    • Don’t use P2P programs: You can’t be 100% sure that you’re downloading the files you’re expecting when it comes to file-sharing networks. Free media is a tempting proposition, and if you must pirate, please thoroughly vet your sources (and use a VPN).

    • Don’t click on sketchy ads: Some worms can infect websites and spread to your computer when you click on contaminated ads. You can eliminate these and most other ads by using ad-blocking software — or better yet, try Avast Secure Browser. Not only is it free, but It’s got a full range of security- and privacy-enhancing features, including an ad blocker, for a safer browsing experience.

    • Use current software: Worms rely on outdated software to access your computer. Counter them by updating your OS and other programs as soon as security patches and general updates become available. You won’t gain anything by waiting, except possibly a computer worm.

    • Use antivirus software: A free antivirus tool is the most reliable way to defend against malware — not only worms, but ransomware, spyware, and all other types of malware as well.

    • Use strong, unique passwords: Some worms use default factory login credentials to infect various devices. Protect your phone, computer, and any other device by creating strong passwords that are hard to guess, and don’t use the same password multiple times.

    Prevent and remove computer worms with a strong antivirus

    Your best ally in the fight against computer worms and other malware is a comprehensive security tool from a reputable and reliable provider. With Avast One, you’re protected 24/7 against malware, including computer worms. And if you do happen to find yourself with a computer worm on your machine, it’s not too late to act. 

    Download Avast One for free computer worm removal and protection, and get a full suite of other security and privacy features as well.

    Get powerful online security for your Android with Avast One

    Free install

    Get powerful online security for your iPhone with Avast One

    Free install
    Ivan Belcic