What Is a Computer Worm? (And How To Remove and Prevent Worms)

Learn how to remove computer worms — an invasive type of malware that self-replicates — and the best ways to prevent worms from ruining your devices.
We receive compensation from the products and services mentioned in this story, but the opinions are the author's own. Compensation may impact where offers appear. We have not included all available products or offers. Learn more about how we make money and our editorial policies.

A computer worm is a dangerous type of malware that can cause massive damage to a vast number of systems in little time. But it’s also often mischaracterized. People often use the term “worm” when referring to computer viruses, Trojans, or malware in general.

While computer worms are malware, they’re a specific type and distinguish themselves from all others by their ability to spread like wildfire — seemingly all on their own. You may try your best to avoid worms by just being careful, but the only way to stay completely safe from them is by using a combination of best practices and the best antivirus software.

In this article
What is a computer worm?
Types of computer worms
Signs you have a computer worm infection
How to remove a computer worm
How to prevent computer worms
FAQs
Bottom line: Birds without antivirus (early or otherwise) catch the worms

What is a computer worm?

A computer worm is a type of malware that replicates itself and spreads among devices — including computers, mobile devices, and tablets — on a connected network. To get a worm into circulation initially, hackers bait victims with phishing emails or direct messages that contain malicious links or attachments. If a victim opens the link or attachment, the worm infects the system. Once the worm is in the system, it acts like a standalone program with its own directives, namely, to replicate itself and spread to other systems.

Depending on the type of worm, it may spread by sending emails containing replicas of itself to everyone on the infected user’s contact list, for example. There are many types of worms with different goals and means of spreading themselves. Some inject additional malware onto each system they encounter, while others create backdoors for hackers to gain remote access into every infected system.

What’s the difference between a worm, a computer virus, and a Trojan?

After they are initially put into circulation (which usually requires someone to open an attachment or click a link in an email), worms no longer require any additional human interaction to spread. They look for backdoors in a network to move into unprotected systems, self-replicate, and spread over and over again.

Viruses, on the other hand, must be anchored to a host program or file. Someone must open or run that file for the virus to do damage. Once opened, the virus then spreads and infects other files, but those files don’t go anywhere unless you share them.

A Trojan is malware that masquerades as something harmless, like a real software program or application (à la the Trojan horse in the ancient Greek poem The Iliad). Trojans do not replicate themselves, nor can they move freely like worms, but they can create backdoors to grant hackers remote access to your system.

Types of computer worms

There are many different types of worms, each with distinct objectives and methods of spreading.

  • Email worms: Also known as mass-mailer worms, email worms infect users via an email attachment or a link to an infected file on a hacker-owned website. Email worms employ phishing tactics to trick users into opening the email attachment or clicking the infected link, usually by posing as a legitimate service or official website. Once installed, the worm creates and sends outgoing messages to the addresses in the infected user’s contact list.
  • File-sharing worms: File-sharing worms are usually disguised in shareable media files that are spread on peer-to-peer (P2P) file-sharing networks. When an unsuspecting user downloads one of these malicious files, their system becomes infected, and the file-sharing worm copies itself into other shared folders to spread further on the P2P network.
  • Cryptoworms: Once installed onto a system, cryptoworms encrypt data and render it inaccessible to the victim of the attack. A hacker will then demand a ransom payment in exchange for a decryption key.
  • IRC worms: These worms infect a machine and install a malicious script in the machine’s Internet Relay Chat (IRC) client directory. When the infected machine connects to an IRC server and joins a channel, the script uses the IRC client to send copies of the worm to other users in the same channel.
  • P2P worms: P2P worms exploit the complex mechanisms of P2P networks in order to spread. By imitating the network protocol of a file-sharing system, the worm comes up as a positive result in search queries and is unknowingly downloaded and then shared.
  • Ethical worms: Ethical worms leverage the self-propagating technology of computer worms for helpful tasks such as distributing patches or detecting security vulnerabilities on a computer network. While ethical worms are designed to be beneficial in nature, they can still pose some risks because of the unintended consequences of their automation.
  • Instant messaging worms: Instant messaging (IM) worms hide in links and attachments that are included in direct messages on social media platforms and text messages. Hackers employing these worms fool victims into clicking these links or attachments by imitating a legitimate service. Once an IM worm successfully infects a device, it finds the victim’s address book and attempts to send more copies of itself to the victim’s contacts.
  • Bot worms: Once installed, bot worms transform systems into bots to create a network of infected systems called botnets. Hackers can then use these botnets in coordinated distributed denial-of-service (DDoS) attacks or for mining cryptocurrency.
  • Virus-worm hybrids: A virus-worm hybrid has the hallmarks of a worm — the ability to self-propagate and spread — with the added capability of modifying itself like a virus. Some virus-worm hybrids carry what is called a “payload,” which is additional malware like a Trojan or spyware. In this scenario, the worm replicates and spreads while simultaneously dropping its payload on all infected systems.

The most notorious worms

The first computer worm, called Creeper, was created in 1971. Although this worm was not designed to be malicious, it did help create a framework for the malicious worms we still see today.

Here’s a list of some of the most infamous computer worms throughout internet history.

Worm Worm description Worm launch
The Morris worm Created and distributed by MIT graduate student Robert Morris, this worm was actually not intended to be malicious, but it caused over 6,000 UNIX machines across the United States to crash. The Morris worm resulted in the first felony conviction under the 1986 Computer Fraud and Abuse Act. 1988
The ILOVEYOU worm The ILOVEYOU worm infected around 45 million users through email attachments, scripts run in instant messaging chat sessions, and executables disguised as common system files. It caused billions of dollars in damages. 2000
SQL Slammer This worm was responsible for slowing down internet traffic and crashing routers globally with DDoS attacks on certain internet hosts. The SQL Slammer worm was able to infect most of the 75,000 victims within 10 minutes. 2003
Mydoom The Mydoom worm was one of the fastest-spreading email worms in history and is still around. It caused $38 billion in damages in 2004 and accounts for 1% of all malicious emails today. 2004
Storm Worm The Storm Worm baited users with a sensational fake news headline in emails describing a grim weather disaster, infecting millions of machines. 2007
Conficker Also referred to as Downup, Downadup, and Kido, the Conficker worm targeted flaws in the Windows operating system and infected millions of computers — including government and business systems — across 190 countries. 2008
Stuxnet Some experts believe this worm was developed by U.S. and Israeli intelligence agencies to interfere with Iranian nuclear weapons production. It exploited Windows operating system flaws and led to the malfunction of nuclear centrifuges. 2010
Duqu The same people who created the Stuxnet worm are suspected to have created the Duqu worm. This worm was designed to gather information through keylogging and steal digital certificates and their corresponding keys. It appeared to target specific victims, as it was discovered on fewer than 50 systems globally. 2011
WannaCry WannaCry is a cryptoworm that infected high-profile targets like FedEx, banks, and hospitals. It encrypted files on their hard drives to hold them for ransom. 2017

Signs you have a computer worm infection

Detecting a computer worm comes down to awareness and vigilance. Some symptoms are easy to overlook, while others are much more obvious. Here are some telltale signs that your system has been infected by a computer worm.

  • You receive alerts from your operating system (OS) or antivirus program. If you receive error messages and/or warnings from your OS or antivirus, pay attention.
  • Your OS freezes or crashes unexpectedly. It’s not normal for your system to ever freeze or crash suddenly. If your computer begins to crash or freeze regularly, it may be infected with a worm.
  • Your computer is performing worse over time. Gradual decreases in speed and performance could be symptoms of a computer worm eating up central processing unit (CPU) resources through its constant replication.
  • Your hard drive space is unexpectedly full. When a computer worm replicates, it takes up more and more space on your hard drive over time. If you notice your hard drive filling up for no apparent reason, that could be a sign of a worm infection.
  • Programs run/terminate automatically. Worms can take control of some processes on your computer, so be on the lookout for programs that are behaving strangely, especially without your input.
  • Mysterious activity on your email/social media accounts. Many worms hijack your messaging services and send messages to your contacts in an attempt to spread to more systems. Keep an eye on your outgoing emails, texts, and social media direct messages for any messages you’ve never sent.
  • New, mysterious files appear, or others go missing. Worms are capable of altering and deleting files on your computer, so be on the lookout for mysterious new files or disappearing old ones.

How to remove a computer worm

Worms can be difficult to remove. In some cases, it may be more effective to just completely reformat your system. However, if you’d rather not reformat, try these steps first.

1. Quarantine the system

The first thing you want to do is disconnect the system from the internet and any wired/wireless networks before you attempt to remove the worm. This step is mainly to reduce the damage the worm can cause to other systems on the internet and in your network.

2. Update your antivirus

In order to have any hope of removing the worm, you must use a high-quality, updated antivirus solution from a reputable company. To update your antivirus safely (while your infected computer is currently quarantined), use a known, safe computer to download any required updates or programs to an external storage device. Use the external storage device to install the updates or programs to the infected system.

3. Disable System Restore on Windows

The System Restore function on Windows can actually hinder your effort to remove malicious code because it might automatically create backups of already infected code. Disable this function to ensure that Windows doesn’t keep backup files that may contain copies of the worm. Remember to enable System Restore after you’ve successfully removed the worm.

4. Fully scan the infected system and remove the worm

Run a full antivirus scan, and when the scan is complete, your antivirus should identify and offer to remove the worm(s) from your computer. Remove any additional malicious code and confirm that your OS and other applications are all patched and up to date. Restart your system and run one more full scan to ensure the worm is completely gone.

5. If your antivirus did not remove the worm

Your antivirus may identify the worm but not give you the option to remove it. If this is the case, write down the name of the worm and use a search engine of your choice on your safe computer for the proper tool to remove it. Download the tool to an external storage device and use this device to install the tool on your infected computer. Follow the tool’s instructions carefully, and note that you may need to temporarily turn off your antivirus while using the worm removal tool.

How to prevent computer worms

Here are some best practices to follow in order to prevent computer worm infection.

1. Install OS updates and software patches. OS updates and software patches will often include security updates that are integral for keeping your system safe from many new forms of malware, including worms. Get into the habit of updating your OS and other applications as soon as updates are available.

2. Use firewalls. A firewall is like a watchful guard for your system. It surveys all incoming and outgoing network traffic and acts as a barrier to malicious code and cyber attacks.

3. Never click on unfamiliar attachments or links. Phishing emails that contain infected links and/or attachments are one of the most common ways computer worms spread. Avoid clicking links or attachments in emails unless you’re certain they’re from a trusted source.

4. Use encryption to protect sensitive data. Encryption scrambles your data and renders it useless to cybercriminals, especially those who try to infect your system with cryptoworms in ransomware attacks.

5. Use antivirus software. Without antivirus protection, it’s impossible to avoid the myriad of cyberthreats online. If you want to prevent worms — among the many other threats that exist online — use a good antivirus.

Best antivirus software to protect against computer worms

The best antivirus solutions should protect you from worms, trojans, viruses, ransomware, keyloggers, and the vast array of other cyberthreats regularly created by cybercriminals. If you’re unsure which antivirus is the right one for you, take a look at our three tested antivirus recommendations.

  • Bitdefender: Bitdefender is an all-around effective antivirus that comes with a powerful firewall and multi-layered ransomware protection to keep out the worst crytpoworms. It also includes useful alerts for security patches you may have missed, which help keep your entire system airtight from malware and other threats.

    Get Bitdefender | Read Our Bitdefender Review

    4.8
    Editorial Rating
    Learn More
    On Bitdefender's website
    Bitdefender
    • Antivirus software offering reliable security
    • Simple yet powerful interface tools
    • Perfect protection score in third-party tests
    • Premium features incur additional subscription fees

  • McAfee: McAfee is a solid antivirus option for users who need to protect many devices because even its individual plans support unlimited device coverage. McAfee includes a firewall, ransomware protection, and a virtual private network (VPN). We especially like its useful, color-coded web protection feature that alerts you before you click on malicious website links, which can protect you from entering a worm-infested website.

    Get McAfee | Read Our McAfee Review

    Online Protection With VPN Access and Identity Monitoring
    5.0
    Editorial Rating
    Learn More
    On McAfee's website
    All-In-One
    McAfee
    Save $90 on a 2-year plan
    • Inclusive antivirus, scam, and web protection with the added privacy of a VPN, identity monitoring, and secure password manager
    • Get a real-time Protection Score that measures your online safety and offers guidance to improve security
    • Added peace of mind with 24/7 expert online support and McAfee’s Virus Protection Pledge
    • Multiple pop-ups for text notifications can be annoying

  • Avira: Avira’s paid plans are competitively priced for their feature-richness, and its free version is also filled with a surprising number of extra features, like an automated software updater and a free (but limited) VPN. It comes with a firewall and protects against malware, Trojans, ransomware, and phishing.

    Read Our Avira Review

FAQs


+

What is a computer worm?

A computer worm is a type of malware that replicates itself and spreads among devices on a connected network. Computer worms act as independent programs and are able to move among systems all on their own — in contrast to other malware that requires an attachment to an executable file, for instance.


+

How is a computer worm harmful?

Computer worms are harmful because they can rapidly self-replicate and spread across a network, infecting each unprotected computer connected to that network. They carry payloads containing additional malware that the worm drops into each system as it spreads. Worms can also overwhelm a system’s processing resources with their ability to self-propagate rapidly.


+

Are computer worms easy to get rid of?

Computer worms can be difficult to remove. Most worms require a good antivirus solution for removal, whereas others may require special security tools. In the most extreme case, fully reformatting your system is a surefire way to get rid of a worm infestation.


+

What’s the difference between a computer virus and a computer worm?

Computer viruses must be attached to a host program or executable file, and the victim needs to run those files. Otherwise, the virus will not do any damage. Computer worms, on the other hand, act as standalone software. Once they are in circulation, they move from computer to computer through networks without the need for file attachment.


+

What are five examples of computer worms?

Email worms, cryptoworms, IM worms (instant messaging worms), file-sharing worms, and bot worms are just five examples of computer worms.


+

Are computer worms still around?

Yes. Computer worms still exist and pose a threat to unprotected systems. In fact, one of the fastest-spreading email worms, Mydoom, was created back in 2004 and still accounts for about 1% of malicious emails today.

Bottom line: Birds without antivirus (early or otherwise) catch the worms

Computer worms share similarities to viruses and Trojans, but they are different and particularly dangerous because they self-replicate and move through networks without needing anchorage to any host program.

There are many different kinds of worms. Some you can avoid through cybersecurity best practices, while others require a good antivirus to keep at bay. If you want to stay completely safe from worms and other cyberthreats, be sure to look at our list of the best antivirus software.

Online Protection With VPN Access and Identity Monitoring
5.0
Editorial Rating
Learn More
On McAfee's website
All-In-One
McAfee
Save $90 on a 2-year plan
  • Inclusive antivirus, scam, and web protection with the added privacy of a VPN, identity monitoring, and secure password manager
  • Get a real-time Protection Score that measures your online safety and offers guidance to improve security
  • Added peace of mind with 24/7 expert online support and McAfee’s Virus Protection Pledge
  • Multiple pop-ups for text notifications can be annoying

Author Details
Juliana Kenny is a seasoned writer with over a decade of experience in cybersecurity topics. She holds a B.A. in English with a concentration in Irish Literature, a B.A. in French, and a minor in Art History. Since 2010, she has explored the dynamic intersection of technology and security, specializing in endpoint security, cloud security, and networking technologies like secure access service edge (SASE).