Editing Computer worm (section)

==Harm==
Any code designed to do more than spread the worm is typically referred to as the "[[Payload (software)|payload]]". Typical malicious payloads might delete files on a host system (e.g., the [[ExploreZip]] worm), encrypt files in a [[ransomware]] attack, or [[Data theft|exfiltrate data]] such as confidential documents or passwords.<ref>{{Cite web |title=What is a malicious payload? |url=https://www.cloudflare.com/en-gb/learning/security/glossary/malicious-payload/ |access-date=2025-01-02 |website=www.cloudflare.com |language=en-gb}}</ref>

Some worms may install a [[Backdoor (computing)|backdoor]]. This allows the computer to be remotely controlled by the worm author as a "[[zombie computers|zombie]]". Networks of such machines are often referred to as [[botnets]] and are very commonly used for a range of malicious purposes, including sending [[e-mail spam|spam]] or performing [[Denial-of-service attack|DoS]] attacks.<ref>{{Cite news |url=http://seattletimes.nwsource.com/html/businesstechnology/2001859752_spamdoubles18.html |newspaper=The Seattle Times |title=Business & Technology: E-mail viruses blamed as spam rises sharply |date=February 18, 2004 |first=Tiernan |last=Ray |access-date=May 18, 2007 |archive-url=https://web.archive.org/web/20120826193746/http://seattletimes.nwsource.com/html/businesstechnology/2001859752_spamdoubles18.html |archive-date=August 26, 2012 |url-status=dead }}</ref><ref>{{Cite news |url=https://www.wired.com/news/business/0,1367,60747,00.html |title=Cloaking Device Made for Spammers |newspaper=Wired |date=October 9, 2003 |first=Brian |last=McWilliams }}</ref><ref>{{Cite news |url= http://news.bbc.co.uk/1/hi/technology/3513849.stm |work=BBC News |title= Hacker threats to bookies probed |date= February 23, 2004 }}</ref>

Some special worms attack industrial systems in a targeted manner. [[Stuxnet]] was primarily transmitted through LANs and infected thumb-drives, as its targets were never connected to untrusted networks, like the internet.  This virus can destroy the core production control computer software used by chemical, power generation and power transmission companies in various countries around the world - in Stuxnet's case, Iran, Indonesia and India were hardest hit - it was used to "issue orders" to other equipment in the factory, and to hide those commands from being detected.  Stuxnet used multiple vulnerabilities and four different zero-day exploits (e.g.: [http://www.microsoft.com/technet/security/advisory/2286198.mspx]) in [[Windows|Windows systems]] and Siemens [[SIMATIC WinCC|SIMATICWinCC]] systems to attack the embedded programmable logic controllers of industrial machines.  Although these systems operate independently from the network, if the operator inserts a virus-infected drive into the system's USB interface, the virus will be able to gain control of the system without any other operational requirements or prompts.<ref>{{Cite journal|last1=Bronk|first1=Christopher|last2=Tikk-Ringas|first2=Eneken|date=May 2013|title=The Cyber Attack on Saudi Aramco|journal=Survival|language=en|volume=55|issue=2|pages=81–96|doi=10.1080/00396338.2013.784468|s2cid=154754335|issn=0039-6338}}</ref><ref>{{Cite journal|last=Lindsay|first=Jon R.|date=July 2013|title=Stuxnet and the Limits of Cyber Warfare|journal=Security Studies|volume=22|issue=3|pages=365–404|doi=10.1080/09636412.2013.816122|s2cid=154019562|issn=0963-6412}}</ref><ref>{{Cite book|last1=Wang|first1=Guangwei|last2=Pan|first2=Hong|last3=Fan|first3=Mingyu|title=Proceedings of the 3rd International Conference on Computer Science and Service System |chapter=Dynamic Analysis of a Suspected Stuxnet Malicious Code |date=2014|volume=109|location=Paris, France|publisher=Atlantis Press|doi=10.2991/csss-14.2014.86|isbn=978-94-6252-012-7|doi-access=free}}</ref>