What Is a Computer Worm? (And How To Remove and Prevent Worms)

A computer worm is a dangerous type of malware that can cause massive damage to a vast number of systems in little time. But it’s also often mischaracterized. People often use the term “worm” when referring to computer viruses, Trojans, or malware in general.

While computer worms are malware, they’re a specific type and distinguish themselves from all others by their ability to spread like wildfire — seemingly all on their own. You may try your best to avoid worms by just being careful, but the only way to stay completely safe from them is by using a combination of best practices and the best antivirus software.

What is a computer worm?

A computer worm is a type of malware that replicates itself and spreads among devices — including computers, mobile devices, and tablets — on a connected network. To get a worm into circulation initially, hackers bait victims with phishing emails or direct messages that contain malicious links or attachments. If a victim opens the link or attachment, the worm infects the system. Once the worm is in the system, it acts like a standalone program with its own directives, namely, to replicate itself and spread to other systems.

Depending on the type of worm, it may spread by sending emails containing replicas of itself to everyone on the infected user’s contact list, for example. There are many types of worms with different goals and means of spreading themselves. Some inject additional malware onto each system they encounter, while others create backdoors for hackers to gain remote access into every infected system.

What’s the difference between a worm, a computer virus, and a Trojan?

After they are initially put into circulation (which usually requires someone to open an attachment or click a link in an email), worms no longer require any additional human interaction to spread. They look for backdoors in a network to move into unprotected systems, self-replicate, and spread over and over again.

Viruses, on the other hand, must be anchored to a host program or file. Someone must open or run that file for the virus to do damage. Once opened, the virus then spreads and infects other files, but those files don’t go anywhere unless you share them.

A Trojan is malware that masquerades as something harmless, like a real software program or application (à la the Trojan horse in the ancient Greek poem The Iliad). Trojans do not replicate themselves, nor can they move freely like worms, but they can create backdoors to grant hackers remote access to your system.

Types of computer worms

There are many different types of worms, each with distinct objectives and methods of spreading.

• Email worms: Also known as mass-mailer worms, email worms infect users via an email attachment or a link to an infected file on a hacker-owned website. Email worms employ phishing tactics to trick users into opening the email attachment or clicking the infected link, usually by posing as a legitimate service or official website. Once installed, the worm creates and sends outgoing messages to the addresses in the infected user’s contact list.
• File-sharing worms: File-sharing worms are usually disguised in shareable media files that are spread on peer-to-peer (P2P) file-sharing networks. When an unsuspecting user downloads one of these malicious files, their system becomes infected, and the file-sharing worm copies itself into other shared folders to spread further on the P2P network.
• Cryptoworms: Once installed onto a system, cryptoworms encrypt data and render it inaccessible to the victim of the attack. A hacker will then demand a ransom payment in exchange for a decryption key.
• IRC worms: These worms infect a machine and install a malicious script in the machine’s Internet Relay Chat (IRC) client directory. When the infected machine connects to an IRC server and joins a channel, the script uses the IRC client to send copies of the worm to other users in the same channel.
• P2P worms: P2P worms exploit the complex mechanisms of P2P networks in order to spread. By imitating the network protocol of a file-sharing system, the worm comes up as a positive result in search queries and is unknowingly downloaded and then shared.
• Ethical worms: Ethical worms leverage the self-propagating technology of computer worms for helpful tasks such as distributing patches or detecting security vulnerabilities on a computer network. While ethical worms are designed to be beneficial in nature, they can still pose some risks because of the unintended consequences of their automation.
• Instant messaging worms: Instant messaging (IM) worms hide in links and attachments that are included in direct messages on social media platforms and text messages. Hackers employing these worms fool victims into clicking these links or attachments by imitating a legitimate service. Once an IM worm successfully infects a device, it finds the victim’s address book and attempts to send more copies of itself to the victim’s contacts.
• Bot worms: Once installed, bot worms transform systems into bots to create a network of infected systems called botnets. Hackers can then use these botnets in coordinated distributed denial-of-service (DDoS) attacks or for mining cryptocurrency.
• Virus-worm hybrids: A virus-worm hybrid has the hallmarks of a worm — the ability to self-propagate and spread — with the added capability of modifying itself like a virus. Some virus-worm hybrids carry what is called a “payload,” which is additional malware like a Trojan or spyware. In this scenario, the worm replicates and spreads while simultaneously dropping its payload on all infected systems.

The most notorious worms

The first computer worm, called Creeper, was created in 1971. Although this worm was not designed to be malicious, it did help create a framework for the malicious worms we still see today.

Here’s a list of some of the most infamous computer worms throughout internet history.

Signs you have a computer worm infection

Detecting a computer worm comes down to awareness and vigilance. Some symptoms are easy to overlook, while others are much more obvious. Here are some telltale signs that your system has been infected by a computer worm.

• You receive alerts from your operating system (OS) or antivirus program. If you receive error messages and/or warnings from your OS or antivirus, pay attention.
• Your OS freezes or crashes unexpectedly. It’s not normal for your system to ever freeze or crash suddenly. If your computer begins to crash or freeze regularly, it may be infected with a worm.
• Your computer is performing worse over time. Gradual decreases in speed and performance could be symptoms of a computer worm eating up central processing unit (CPU) resources through its constant replication.
• Your hard drive space is unexpectedly full. When a computer worm replicates, it takes up more and more space on your hard drive over time. If you notice your hard drive filling up for no apparent reason, that could be a sign of a worm infection.
• Programs run/terminate automatically. Worms can take control of some processes on your computer, so be on the lookout for programs that are behaving strangely, especially without your input.
• Mysterious activity on your email/social media accounts. Many worms hijack your messaging services and send messages to your contacts in an attempt to spread to more systems. Keep an eye on your outgoing emails, texts, and social media direct messages for any messages you’ve never sent.
• New, mysterious files appear, or others go missing. Worms are capable of altering and deleting files on your computer, so be on the lookout for mysterious new files or disappearing old ones.

How to remove a computer worm

Worms can be difficult to remove. In some cases, it may be more effective to just completely reformat your system. However, if you’d rather not reformat, try these steps first.

1. Quarantine the system

The first thing you want to do is disconnect the system from the internet and any wired/wireless networks before you attempt to remove the worm. This step is mainly to reduce the damage the worm can cause to other systems on the internet and in your network.

2. Update your antivirus

In order to have any hope of removing the worm, you must use a high-quality, updated antivirus solution from a reputable company. To update your antivirus safely (while your infected computer is currently quarantined), use a known, safe computer to download any required updates or programs to an external storage device. Use the external storage device to install the updates or programs to the infected system.

3. Disable System Restore on Windows

The System Restore function on Windows can actually hinder your effort to remove malicious code because it might automatically create backups of already infected code. Disable this function to ensure that Windows doesn’t keep backup files that may contain copies of the worm. Remember to enable System Restore after you’ve successfully removed the worm.

4. Fully scan the infected system and remove the worm

Run a full antivirus scan, and when the scan is complete, your antivirus should identify and offer to remove the worm(s) from your computer. Remove any additional malicious code and confirm that your OS and other applications are all patched and up to date. Restart your system and run one more full scan to ensure the worm is completely gone.

5. If your antivirus did not remove the worm

Your antivirus may identify the worm but not give you the option to remove it. If this is the case, write down the name of the worm and use a search engine of your choice on your safe computer for the proper tool to remove it. Download the tool to an external storage device and use this device to install the tool on your infected computer. Follow the tool’s instructions carefully, and note that you may need to temporarily turn off your antivirus while using the worm removal tool.

How to prevent computer worms

Here are some best practices to follow in order to prevent computer worm infection.

1. Install OS updates and software patches. OS updates and software patches will often include security updates that are integral for keeping your system safe from many new forms of malware, including worms. Get into the habit of updating your OS and other applications as soon as updates are available.

2. Use firewalls. A firewall is like a watchful guard for your system. It surveys all incoming and outgoing network traffic and acts as a barrier to malicious code and cyber attacks.

3. Never click on unfamiliar attachments or links. Phishing emails that contain infected links and/or attachments are one of the most common ways computer worms spread. Avoid clicking links or attachments in emails unless you’re certain they’re from a trusted source.

4. Use encryption to protect sensitive data. Encryption scrambles your data and renders it useless to cybercriminals, especially those who try to infect your system with cryptoworms in ransomware attacks.

5. Use antivirus software. Without antivirus protection, it’s impossible to avoid the myriad of cyberthreats online. If you want to prevent worms — among the many other threats that exist online — use a good antivirus.

Best antivirus software to protect against computer worms

The best antivirus solutions should protect you from worms, trojans, viruses, ransomware, keyloggers, and the vast array of other cyberthreats regularly created by cybercriminals. If you’re unsure which antivirus is the right one for you, take a look at our three tested antivirus recommendations.

• Bitdefender: Bitdefender is an all-around effective antivirus that comes with a powerful firewall and multi-layered ransomware protection to keep out the worst crytpoworms. It also includes useful alerts for security patches you may have missed, which help keep your entire system airtight from malware and other threats.

  Get Bitdefender | Read Our Bitdefender Review

  

  4.8

  AllAboutCookies writers and editors score products based on a number of objective features as well as our expert editorial assessment. Our partners do not influence how we rate products.

  Editorial Rating

  Learn More

  On Bitdefender's website

  Bitdefender

  • Antivirus software offering reliable security
  • Simple yet powerful interface tools
  • Perfect protection score in third-party tests
  • Premium features incur additional subscription fees

• McAfee: McAfee is a solid antivirus option for users who need to protect many devices because even its individual plans support unlimited device coverage. McAfee includes a firewall, ransomware protection, and a virtual private network (VPN). We especially like its useful, color-coded web protection feature that alerts you before you click on malicious website links, which can protect you from entering a worm-infested website.

  Get McAfee | Read Our McAfee Review

  Online Protection With VPN Access and Identity Monitoring

  

  5.0

  AllAboutCookies writers and editors score products based on a number of objective features as well as our expert editorial assessment. Our partners do not influence how we rate products.

  Editorial Rating

  Learn More

  On McAfee's website

  All-In-One

  McAfee

  Save $90 on a 2-year plan

  • Inclusive antivirus, scam, and web protection with the added privacy of a VPN, identity monitoring, and secure password manager
  • Get a real-time Protection Score that measures your online safety and offers guidance to improve security
  • Added peace of mind with 24/7 expert online support and McAfee’s Virus Protection Pledge
  • Multiple pop-ups for text notifications can be annoying

• Avira: Avira’s paid plans are competitively priced for their feature-richness, and its free version is also filled with a surprising number of extra features, like an automated software updater and a free (but limited) VPN. It comes with a firewall and protects against malware, Trojans, ransomware, and phishing.

  Read Our Avira Review

FAQs

Bottom line: Birds without antivirus (early or otherwise) catch the worms

Computer worms share similarities to viruses and Trojans, but they are different and particularly dangerous because they self-replicate and move through networks without needing anchorage to any host program.

There are many different kinds of worms. Some you can avoid through cybersecurity best practices, while others require a good antivirus to keep at bay. If you want to stay completely safe from worms and other cyberthreats, be sure to look at our list of the best antivirus software.

Online Protection With VPN Access and Identity Monitoring

5.0

AllAboutCookies writers and editors score products based on a number of objective features as well as our expert editorial assessment. Our partners do not influence how we rate products.

Editorial Rating

Learn More

On McAfee's website

All-In-One

McAfee

Save $90 on a 2-year plan

• Inclusive antivirus, scam, and web protection with the added privacy of a VPN, identity monitoring, and secure password manager
• Get a real-time Protection Score that measures your online safety and offers guidance to improve security
• Added peace of mind with 24/7 expert online support and McAfee’s Virus Protection Pledge
• Multiple pop-ups for text notifications can be annoying

Author Details

Juliana Kenny

About the Author

Juliana Kenny is a seasoned writer with over 14 years of experience writing for cybersecurity topics. Holding a B.A. in both English and French, her work explores the convergence of security and technology. She specializes in endpoint security, cloud security, and networking technologies like secure access service edge (SASE).