® 
Worm (computer worm)
Definition
A computer worm is malware that automatically spreads across networks without user interaction. Unlike a virus, a worm does not need a host file.
A computer worm is malware that automatically spreads across networks without user interaction. Unlike a virus, a worm needs no host file: it copies itself independently. The WannaCry worm struck over 200,000 systems in 150 countries in 2017, causing billions in damage.
How does a worm work?
A worm spreads by actively searching for vulnerable systems on the network. It scans IP addresses for open ports and known vulnerabilities, automatically exploits them and copies itself to the compromised system. This process repeats exponentially, allowing a worm to spread across thousands of systems in minutes. Worms abuse network vulnerabilities (like EternalBlue), email systems, shared network drives or weak passwords as propagation mechanisms.
Notable worm incidents
WannaCry (2017) combined the EternalBlue SMB exploit with ransomware, spreading rapidly across unpatched Windows systems worldwide. NotPetya (2017) spread via compromised Ukrainian accounting software and caused over $10 billion in damage, becoming the costliest cyberattack in history. Code Red (2001) infected over 350,000 systems in 14 hours. Slammer (2003) infected 75,000 systems in 10 minutes.
Impact on organisations
The speed at which worms spread makes them particularly dangerous. A single vulnerable machine can be the starting point for an organisation-wide infection within minutes. Worms are often used as carriers for ransomware, backdoors or other malware. NIS2 requires adequate patch management and network segmentation.
Protection
Timely patching is the primary defence against worms: most exploit known vulnerabilities with available patches. Network segmentation limits spread. IDS/IPS detects worm-like scanning activity. Firewall rules block unnecessary connections. EDR detects worm behaviour on endpoints.
How DEFION helps
DEFION provides Continuous Vulnerability Management identifying vulnerabilities worms could exploit. Network segmentation assessments evaluate architecture resilience against worm propagation. The 24/7 DFIR team is available during worm outbreaks.