A worm is a self-replicating, self-contained software program that does not need to be part of another program to propagate. A virus, in contrast, attaches itself to and becomes part of another executable program. Worms as well as viruses typically contain some kind of malicious payload besides the propagation and infection mechanism.

On February 3, 2005, Sophos, Inc., a company providing virus detection and other security tools, warned that a version of the Bobax-H worm, hidden within Saddam Hussein photos showing him deceased, invaded computers and carried message warnings such as “Saddam Hussein: Attempted Escape. Shot Dead.” Other versions of the worm had pictures of an allegedly captured Osama Bin Laden. If activated, the payload had the same effect as the Sasser worm.

Security experts worldwide have been exploring various ways of stopping worms in their tracks. In April 2005, Professor Shigang Chen and Professor Sanjay Ranka at the University of Florida said they designed an Internet worm early-warning system to detect the initial sign of a malware attack. Professors Chen and Ranka said that their suggested early-warning system monitors a “used” address space and relies on RESET packets to find the scan sources. Their research paper focuses on TCP-focused worms and details a means of avoiding so-called “false positives” by viewing reply traffic from targets instead of monitoring the SYN packets to track half-open connections.

See Also: Attack; False Positives; Internet; Malware; Packet; Synchronize Packet (SYN); Virus.