Federal Internet Law & Policy
An Educational Project
Worms, Viruses, & Bots (oh my!) Dont be a FOOL; The Law is Not DIY

Derived From: Viruses and other Infections, Dept of Energy

"A virus is a small, self-contained piece of computer code hidden within another computer program. Like a real virus, it can reproduce, infect other computers, and then lie dormant for months or years before it strikes. A virus is only one of several types of "malicious logic" that can harm your computer or your entire network.

"Worms, logic bombs, and Trojan Horses are similar "infections" commonly grouped with computer viruses. A computer worm spreads like a virus but is an independent program rather than hidden inside another program. A logic bomb is a program normally hidden deep in the main computer and set to activate at some point in the future, destroying data. A Trojan Horse masquerades as a legitimate software program. It waits until triggered by some pre-set event or date and then delivers a payload that may include destroying files or disks.

"Some viruses are high-tech pranks not intended to cause damage. For example, a virus may be designed to conceal itself until a predetermined date, then flash a message on all network computers. Even pranks, however, are not benign. They steal computer memory, storage, and processing time.

"Of greatest concern, of course, are viruses and other devices that are deliberately malicious. They are intended to cause serious damage such as deleting files, provide access for an outsider to copy your files, or disrupting the operation of an entire computer network or organization.

"From an information security point of view, one of the more dangerous types of malicious logic is a Trojan Horse that allows a remote user to access and control your computer without your knowledge whenever you are on the Internet. One of these Trojan Horses was originally developed as a means of playing pranks on friends. When installed on another person's computer, you can control that computer via the Internet. For example, you can make the CD-ROM tray on that person's computer pop out repeatedly for no discoverable reason, or reverse the functions of the left and right buttons on the person's mouse. However, you can also read, change, or copy all the person's files without his or her knowledge. This Trojan Horse can be snuck onto someone's computer by burying it in a game program or other executable script sent by e-mail. Happily, known versions of the program will be caught by a good virus checker.

"The virus threat is increasing for several reasons:

Federal Activity




OECD: "What is malware? Malware is a general term for a piece of software inserted into an information system to cause harm to that system or other systems, or to subvert them for use other than that intended by their owners. Malware can gain remote access to an information system, record and send data from that system to a third party without the user's permission or knowledge, conceal that the information system has been compromised, disable security measures, damage the information system, or otherwise affect the data and system integrity. Different types of malware are commonly described as viruses, worms, trojan horses, backdoors, keystroke loggers, rootkits or spyware. These terms correspond to the functionality and behavior of the malware (e.g. a virus is self propagating, a worm is self replicating).7 Experts usually group malware into two categories: family and variant. "Family" refers to the distinct or original piece of malware; "variant" refers to a different version of the original malicious code, or family, with minor changes." - OECD Malicious Software (MALWARE): A Security Threat to the Internet Economy, Ministerial Background Report Final, p. 10 (June 17-18 2008)




Conflicker Worm




On Saturday, January 25, 2003, the Slammer worm infected more than 90 percent of vulnerable computers worldwide within 10 minutes of its release on the Internet by exploiting a known vulnerability for which a patch had been available since July 2002. Slammer caused network outages, canceled airline flights, and automated teller machine failures. In addition, the Nuclear Regulatory Commission confirmed that the Slammer worm had infected a private computer network at a nuclear power plant, disabling a safety monitoring system for nearly 5 hours and causing the plant’s process computer to fail. The worm reportedly also affected communications on the control networks of at least five utilities by propagating so quickly that control system traffic was blocked. In addition, on Monday, January 27, the worm infected more networks when U.S. and European business hours started. Cost estimates on the impact of the worm range from $1.05 billion to $1.25 billion.

Slammer resulted in temporary loss of Internet access to some users and increased network traffic worldwide. Postincident studies noted that if the worm had been malicious or had exploited more widespread vulnerabilities, it would have caused a significant disruption to Internet traffic.

Responses to Slammer were quick. Within 1 hour, Web site operators were able to filter the worm. The disruption was partly resolved by network operators blocking the main communication channel that the worm was using, which helped control the spread of the worm. Security experts advised network operators to use firewalls to block the channel and to apply the patch before reconnecting services. In addition, private-sector network operators used the North American Network Operators Group mailing list to collaborate with each other in restoring infected networks. The federal government coordinated with security companies and Internet service providers and released an advisory recommending that federal departments and agencies patch and block access to the affected channel. However, most of these activities occurred after the worm had stopped spreading because it had propagated so quickly.

- GAO 06-672 Internet Infrastructure: DHS Faces Challenges in Developing a Joint Public/Private Recovery Plan, GAO Report, p. 22 (June 2006)

SNMP Vulnerability





NIMDA Worm - Post Sept 11, 2001 Events


Code Red

White House dodges 'Code Red' virus, USAToday 7/20/01

Melissa Virus