What is an Email Worm?

Anti-Virus Vendors have identified nearly 13,000 distinct worms currently running rampant, eager to infect. Why would any one spend time and effort to create something entirely unproductive and essentially destructive to society? For many of the Email Worm Creators it is the product of enthusiasm, hobby, curiosity, pride, and personal vendettas.

What do Email Worms do?

Email Worms pose a serious threat to the infrastructure and stability of the Internet. Severe outbreaks spreading at staggering rates, consume precious resources as the worm bodies flood through networks worldwide. Overloaded network equipment, strained by Email Worm generated traffic is susceptible to failure, which typically leads to network outages and severe network delay. Legitimate network traffic, unable to compete for these limited resources can be halted to a complete standstill. As a result, any organization relying on time sensitive data or network will be severely crippled.

Besides generating enormous volume of network traffic, many Email Worms leave computers they infect barely functional. Unsuspected computer users notice severe slowdowns, as some worm use infected hosts to replicate themselves then transmits to other victims, all done silently in the background.

Frequently infection turn host computers into armies of "zombies", ready to be called upon to execute any malicious instructions from their masters. In recent years it has become trendy for Email Worms to turn infected machines into a specific type of zombie called "spamming zombies." In this approach infected computers become the relay access point for spammers to rout their unsolicited bulk email as they spam the Internet.

Other Email Worms are capable of establishing a "Backdoor," a hidden passageway into your computer, which can be used to compromise your privacy. There is great diversity in what a worm can do once it infects a computer; it may range from something innocent as displaying a funny message all the way to the complete obliteration of your files.

How do Email Worms spread?

In another widespread technique called "Email Spoofing" the "From" address of email messages are forged. Person "X" may have actually sent email messages that appear to have been sent by person "A." This implies that an email message that looks as if a person you know sent it might actually be counterfeit and infected with an Email Worm. Email Spoofing can be normally exposed by simply examining the headers of the email message, but the majority of individuals fail to do so, consequently getting infected.

You may be wondering how Email Worms find your email address or what would posses them to target you. Usually when an Email Worm makes a new infection, it will thoroughly search the infected computer for email address stored in address books, email programs, and documents. These harvested email addresses become targets for potential infections when the worm tires to replicate and transmit itself. Other times worms will make an attempt to transmit themselves to millions of random email addresses or IP Addresses hoping that few of them will end up being active.

A great deal of contribution to the successful proliferation of Email Worms comes from exploitation of operating system vulnerabilities. Many Email Worms take advantage of weaknesses discovered in operating systems before operating system manufacturers are able to deliver fixes for them. Even as fixes become available, seldom do computer users download them immediately, leaving their personal computers in clear danger.

How are Email Worms different from Viruses?

The rate of infections and propagation can also help distinguish between the two. Email Worms are known for multiplying and contaminating at incredible rates as they flood networks, whereas Viruses have a tendency to spread on a slower and individual basis. Viruses and Worms can be further set apart by examining their intentions. While worms are usually designed to disturb network flow, spam the Internet with messages, and create "backdoors," Viruses generally target personal computers and files.

How do I protect myself from Email Worms?

2. Unexpected emails from friends, family members, or co-workers urging you to download something should be treated with skepticism. Check the headers to insure the message has not been "Spoofed" and make sure your Anti-Virus Software is active if you decide to download the attachment.

3. Keep your operating system up-to-date by downloading the most current system patches. Operating system manufacturers frequently release fixes for newly discovered vulnerabilities, which are critical in preventing infections. Most Windows operating systems are equipped with the "Automatic Update" feature; we advise you to keep it on.

4. Make sure your computer is protected by a Firewall. If you connect to the Internet through a Router, you may already have a built-in Router Firewall. Check with the router manufacturer for specifications. Machines running Windows XP Service Pack II have a Firewall Feature; please make sure it is turned on. If you do not have a Firewall installed on your machine there are a number of free Firewalls available to you. The Simplicato Team recommends the following free Firewall Products.
    a. Sygate
    b. ZoneAlarm
    c. Outpost

5. Use Ant-Virus Software and make sure its Virus Definitions are current. If you are unable to obtain a personal copy of Ant-Virus Software, there are number of free antivirus scanners available to you. The Simplicato Team recommends the following free antivirus products.
    a. ClamWin (Anti-Virus Software)
    b. Trend Micro (Web-Based Anti-Virus)
    c. Panda (Web-Based Anti-Virus)
    d. AGV (Anti-Virus Software)
    e. McAfee AVERT Stinger (Virus Removal Tool)
    f. Kaspersky (Virus Removal Tools)

6. Avoid giving away or posting your "real" email address anywhere on the web. If you have to provide an email address, the Simplicato Team advises you to create a "temporary" email address that can be easily disposed of, if you ever you need to do so. This will help reduce the chances of being a target for the Email Worm's Transmission and in addition diminish the chances of being added to Spam Lists.

7. Monitor your computer's general health and performance to immediately spot any sort of irregularity.

Legitimate applications frequently use system "auto-run" entries to make sure they are started automatically (loaded into memory) on each computer boot-up. Email Worms, Viruses, and Spyware desire precisely the same thing. It is strongly recommended to monitor your "auto-run" entries for unknown or suspicious looking references that may suddenly appear. The Simplicato Team recommends a free tool called "Autoruns" by Sysinternals to examine your system "auto-run" entries. Pay close attention to entries that point to NONE-Microsoft files and even closer attention to those with unrecognized or missing publishers. You should use this program with extreme care since deleting entries that are essential for normal system functioning will result in adverse effects. Before removing any entries that appear to be malicious we advise you to research them online to confirm your suspicion.

Current running system processes should be probed from time to time. Another free tool by Sysinternals called "Process Explorer" shows all currently running process with detailed information about them. You can find out processes specific CPU usage, their manufacturer, and their directory location. "Process Explorer" also comes with a nifty feature that lets you automatically "Google" a process to obtain further information about it. This allows you to make an educated decision on the legitimacy of each running process. Once untrustworthy processes are found, they can be terminated or suspended. Regularly monitoring running process can help you identify and eradicate problems when they first appear.

Since Email Worms are notorious for being network oriented, it is worthwhile to analyze all (established and waiting) connections on your personal computer. Yet another tool from Sysinternals called "TCPView" can be used for such analysis. This tool will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP Connections. Applications that are accessing the Internet without your authorization can be easily spotted in this.

8. Make sure your Email Hosting Provider uses precise Virus and Spam Filtering to analyze each incoming and outgoing email. Emails found to be contaminated should be automatically isolated and never delivered to or from customers. Having this type of safeguarding allows Email Worms and Viruses to be detected and eradicated at their onset, preventing their propagation.

I think an Email Worm has infected my computer. What do I do now?

If your Windows machine is unbootable, try to boot it into "Windows Safe Mode." To enter get into "Windows Safe Mode" hit "F8" as your computer is booting. When prompted for a choice, select "Windows Safe Mode". The "Windows Safe Mode" is a diagnostic environment, which invokes Windows with just the bare necessities. Hopefully you will be able to access and backup your critical files from here on.

As one of your last resorts, accessing your unbootable computer can be done with a "Windows Emulation" utility. Before using a "Windows Emulation" utility, we advise you take a little bit of time to research and understand how it works. There are few emulation utilities available to you:
    a. BartPe
    b. WinPe
    c. ERD Commander
    d. NTFS Dos

2. Run your Anti-Virus Application to eliminate the infection. If the specific Anti-Virus Application you are using fails to detect and remove the worm, try installing different vendor's Anti-Virus Software. If you tried numerous Anti-Virus Applications and you are still not able to detect or remove the infection, it is possible that your problem is not Email Worm/Virus related, but instead Spyware or Malware. You can find resources on treatment and prevention of Spyware related problems by visiting Spywareinfo.com.

3. If you have been able to identify the Email Worm or Virus by its name or filename, try to research the Internet for information and removal instructions. It is more then likely that others have been afflicted with identical situation and can help you with removal advice. It is also possible that some vendor released an antidote or a treatment specifically for this type of infection.

4. If you have tried everything in your power to eliminate the Virus and the infection is persistent, you may have no choice but to format your computer's hard drive.

Stay protected!

The Simplicato Team wants to remind you to:

"Stay Protected by Being Proactive!"