Everything begins when an evil computer programmer writes worm.

"A Worm is software just like any other program you use in your computer. But we can safely assume that a worm is “bad” or nefarious software."

Once a worm is released a few things happen:

• It infects unprotected computers
• It runs all the time automatically, in the background as a service without the computer owner's knowledge
• It has a scanning mechanism. To look for other computers to infect on the Internet or your local network
• It modifies computer settings so that it will survive a computer system reboot or shutdown. In other words, it will auto load when Windows is starting up
• It runs with administrative privileges. Meaning that it can have total control over an infected system
• It provides a backdoor entry through which the original worm designer or any other individual in the know may access your system
• It has an infection mechanism to contaminate other vulnerable systems.
• It may have “call back” or “phone home” functions to alert worm programmer about each and every system infected

Even though your computer is “calling back” it is very unlikely that it is making any direct contact with worm makers. Instead it may be:

• Sending information to another computer which has also been compromised or broken into by worm programmer. This computer can be in a different country or another continent from which the programmer lives. Just remember, that the Internet has a global reach
• Sending information to a free email account to which a programmer has access. Yahoo.com and Hotmail.com are two examples of companies who provide free email accounts to anyone
• Contacting programmer via chat or IRC channels, which is also another form of chat
• There are many other ways in which your computer may contact programmers, but the ones just mentioned are the most common ones

One thing that should be clear by now is that any worm with “call back” capability does it in a way where worm programmers knows where your computer is at, but you have no way in general of knowing where the attacker is located. They do their best to cover their tracks for two main reasons: so they will be undetected for as long as possible and because they know what they’re doing is illegal and it may carry fines and prison time.

What sort of information could be sent to an intruder without your knowledge, well just about anything

• Pictures
• Spreadsheets
• Documents
• Databases
• Personal and business E-mails
• Medical records
• Bank and financial data, etc.

Now, even though a “call back” mechanism makes things simpler for an intruder, it is not really necessary. Some worm makers really don’t bother with this. What they do instead, they design a full feature scan program, which scans for computers infected by worms. When one is found, a record is made in some kind of database for later use. Once an intruder has control of your computer, they own your computer. In fact, they use phrases like “I have 300 computers ‘owned’” and they’re not bragging, it is a fact, even if you like it or not they become a “hidden” owner of your system. There have been reports of hackers or -to use the more appropriate term- crackers owning 10,000 computers or more. An ‘owned’ computer is also known as a ‘bot’ (contraction for robot) and a network of ‘owned’ computers is described as a ‘net bot’.

In case you’re wondering if a worm maker does this all for fun or to cause mayhem and chaos for no particular reason at all. Well, while it is true that a few of them may do it just to see if they can, or to have ‘bragging rights’ there is a simpler reason. Now, they do it for the money.

"Owned" computers can be used

• In email phishing schemes where the goal is to steal your log-in information [Username and Password] for your bank account, paypal, e-bay, etc.
• To send spam
• To attack other systems
• In DOS or Denial Of Service attacks where the goal is usually to bring a website down
• To store ‘warez’ or pirated software
• To store pirated movies
• To store child pornography
• In about any scheme where data stored in a computer may be used

Updated on November 25, 2008