deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-14 18:03:37 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
Files
ff3abe12b75a1fc51f06bf61d4f53130b967f784
windows-itpro-docs/windows/security/intelligence/worms-malware.md
Beth Levin 92bee2676b Updating date
2018-08-03 14:44:14 -07:00

46 lines
3.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: Worms
description: Learn about worms, how they infect devices and what you can do to protect yourself.
keywords: security, malware
ms.prod: w10
ms.mktglfcycl: secure
ms.sitesec: library
ms.localizationpriority: medium
ms.author: dansimp
author: dansimp
ms.date: 08/01/2018
---
# Worms
A worm is a type of malware that spreads to other PCs. Worms can copy themselves and often spread through a PC network by exploiting security vulnerabilities. They can spread through email attachments, instant messaging programs, file-sharing programs, social networking sites, network shares, removable drives, and software vulnerabilities.
## How worms work
Worms represent a large category of malware. Different worms use different methods to infect devices. Depending on the variant, they can steal sensitive information, change PC security settings, send information to malicious hackers, stop users from accessing files, and other malicious acts.
Jenxcus (also known as Dunihi), Gamarue (also known as Androm), and Bondat have consistently remained at the top of the list of malware that infect users running Microsoft security software. Although these worms share some commonalities, it is interesting to note that they also have distinct characteristics.
* **Jenxcus** has capabilities of not only infecting removable drives but can also act as a backdoor that connects back to its server. This threat typically gets into a PC from a drive-by download attack, meaning it's installed when users just visit a compromised webpage.
* **Gamarue** typically arrives through spam campaigns, exploits, downloaders, social networking sites, and removable drives. When Gamarue infects a PC, it becomes a distribution channel for other malware. Weve seen it distribute other malware such as infostealers, spammers, clickers, downloaders, and rogues.
* **Bondat** typically arrives through fictitious Nullsoft Sciptable Install System (NSIS) Java installers and removable drives. When Bondat infects a system, it gathers information about the machine such as PC name, Globally Unique Identifier (GUID), and OS build. It then sends that information to a remote server.
Both Bondat and Gamarue have clever ways of obscuring themselves to evade detection. By hiding what they are doing on your PC they try to avoid detection by your security software.
This image shows how a worm can quickly spread through a shared USB drive.
![Worm example](./images/WormUSB_flight.png)
### *Figure worm spreading from a shared USB drive*
## How to protect against worms
Enable [Windows Defender AV](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) in Windows 10. It provides real-time protection against threats and detects and removes known unwanted software.
Download [Microsoft Security Essentials](https://www.microsoft.com/download/details.aspx?id=5201) for real-time protection in Windows 7 or Windows Vista.
In case threat removal is unsuccessful, read about [troubleshooting malware detection and removal problems](https://www.microsoft.com/wdsi/help/troubleshooting-infection).
For more general tips, see [prevent malware infection](prevent-malware-infection.md).
Reference in New Issue View Git Blame Copy Permalink