What is a Worm?

A computer Worm is a standalone program that spreads itself across a network. To spread, worms typically exploit a vulnerability on a computer's operating system or computer software.


Worms spread through email attachments, network vulnerabilities, P2P networks, and from malicious websites.

A common way for a worm to spread is through email spam. Worms in the past could hide within an email, but for the most part this vulnerability no longer exists. Currently email attachments are the main way worms are spread by email. What may appear to be PDF, Microsoft Word document, or photo can be hiding malicious code within it, waiting for you to fall victim to the worm attachment when you download or open the file. Once the device has been infected with the worm, typically the worm spreads itself by emailing copies of itself everyone in your address book or inbox.

Another source of worm infection is from using P2P networks, such as the BitTorrent network, or from downloading files from LimeWire, Kazaa, BearShare, or eMule. A worm will disguise itself as a legitimate file such as an mp3 or a video file. You can get infected by downloading the disguised file. Once your computer is infected, the worm will further spread itself on the P2P network to infect others.

Malicious or infected websites will look for vulnerabilities in your web browser to perform a "drive-by" download onto your device, such as running malicious JavaScript, or in some cases a hacker might replace a legitimate download with one infected with a worm.

How to avoid infection

Make sure you have an update anti-virus or anti-spyware application installed with real-time protection enabled to block worms from entering your system or at least scan and remove the worm if you are infected by one.

Remember to keep your Windows operating system current using a supported version of Windows and having the latest updates installed.

Do not open emails and attachments from unknown senders; you are better safe than sorry!

If you can, disable JavaScript within your web browser. This will ensure rogue scripts on websites pose no threat to you, but will stop some legitimate sites from working properly.

Return to the Malware Glossary page.