|How Worms Spread via Email (and How to Avoid That)|
|Part 1: Worms use the Internet and email to spread. Find out how they do that and what you can do to avoid spreading a worm.|
Here and there, and everywhere. That's a worm's mission (not only the mission of your favorite pet peeve -- although you might think they are worms too). It tries to replicate and spread itself. From one computer infected with the worm its aim is to travel to the next, to the next again and so on.
What better and easier way can there be to travel from computer to computer than the Internet? What better and easier way to use the Internet for traveling can there be than to hop on an email?
This is why worm usually come as attachments to email messages. But how do they go as attachments to email messages? They need to find a way to be sent on.
When I'm a worm, one apparent strategy to be sent on is to make the recipient send me to their friends. To achieve this, I need to be attractive. There needs to be something in me for the recipient, the best choice probably being fun. Thus I am quickly becoming a Trojan horse -- a malicious program inside a harmless-looking piece of software.
People would open the attachment to have a look, find it amusing and send it on to their friends. This is how a worm can spread and travel with minimal programming effort.
Of course, such a trojan horse does not spread very fast and probably not very far. It depends on both people opening the attachment and finding it attractive enough to send it to their friends or colleagues. Life as a worm would be much easier if at least the second step could be automated.
Fortunately, the first step -- opening the attachment -- is very difficult to automate. This is an important fact and we'll get back to it later.
In order for programs to be able to interact, the often offer a so-called API (Application Program Interface). Via such an interface, any program can make a certain software do something. For example, you can make Word open a text document, or a Web browser go to a specific URL, or make an email program send a message -- make an email program send a message? Isn't that exactly what we need?
You bet it is. Via the MAPI (Mail Application Program Interface) -- a Microsoft development -- it is possible to have an email program perform a number of tasks. The most important for us worms are the possibility to access the address book, to create email messages with attachments and to be able to send them immediately.
As a worm we'd choose Microsoft Outlook to perform these tasks. Outlook is usually used in a corporate environment, and bringing corporation's computer down and rendering a company's computing infrastructure -- and thus often the company (showing how dangerously dependent we have become on computers and networks is what we are really after) -- useless is the most fun.