Editing Computer worm (section)

==Countermeasures==
Worms spread by exploiting vulnerabilities in operating systems.<!-- NOTE: this statement is erroneous. a Trojan horse is a category similar to a [[master status]]. Any program can be a Trojan horse~> If user interaction is required for the malware to spread, it is called a [[Trojan horse (computing)|Trojan horse]].
-->
Vendors with security problems supply regular security updates<ref>{{cite web|url=http://www.ubuntu.com/usn |title=USN list |publisher=Ubuntu |access-date=2012-06-10}}</ref> (see "[[Patch Tuesday]]"), and if these are installed to a machine, then the majority of worms are unable to spread to it. If a vulnerability is disclosed before the security patch released by the vendor, a [[zero-day attack]] is possible.

Users need to be wary of opening unexpected emails,<ref>{{Cite web |url=https://www.f-secure.com/v-descs/iworm.shtml |title=Threat Description Email-Worm |access-date=2018-12-25 |archive-url=https://web.archive.org/web/20180116193554/https://www.f-secure.com/v-descs/iworm.shtml |archive-date=2018-01-16 |url-status=dead }}</ref><ref>{{Cite web|url=https://www.f-secure.com/v-descs/love.shtml|title=Email-Worm:VBS/LoveLetter Description &#124; F-Secure Labs|website=www.f-secure.com}}</ref> and should not run attached files or programs, or visit web sites that are linked to such emails. However, as with the [[ILOVEYOU]] worm, and with the increased growth and efficiency of [[phishing]] attacks, it remains possible to trick the end-user into running malicious code.

[[Antivirus software|Anti-virus]] and [[antispyware|anti-spyware]] software are helpful, but must be kept up-to-date with new pattern files at least every few days. The use of a [[Firewall (computing)|firewall]] is also recommended.

Users can minimize the threat posed by worms by keeping their computers' operating system and other software up to date, avoiding opening unrecognized or unexpected emails and running [[Firewall (computing)|firewall]] and antivirus software.<ref>{{cite web |url=http://www.veracode.com/security/computer-worm |title=Computer Worm Information and Removal Steps |publisher=Veracode |access-date=2015-04-04 |date=2014-02-02 }}</ref>

Mitigation techniques include:

* [[Access Control List#Networking ACLs|ACL]]s in [[router (computing)|routers]] and [[network switch|switches]]
* [[Firewall (networking)|Packet-filters]]
* [[TCP Wrapper]]/[[ACL (software)|ACL]] enabled network service [[daemon (computing)|daemon]]s
* [[Endpoint protection|EPP]]/[[Endpoint detection and response|EDR]] software
* [[Nullroute]]

Infections can sometimes be detected by their behavior - typically scanning the Internet randomly, looking for vulnerable hosts to infect.<ref>{{Cite journal|last1=Sellke |first1=S. H. |last2=Shroff |first2=N. B. |last3=Bagchi |first3=S. |year=2008 |title=Modeling and Automated Containment of Worms |journal=IEEE Transactions on Dependable and Secure Computing |volume=5 |issue=2 |pages=71–86 |doi=10.1109/tdsc.2007.70230 }}</ref><ref>{{Cite news |url=http://newswise.com/articles/view/541456/ |work=Newswise |title=A New Way to Protect Computer Networks from Internet Worms |access-date=July 5, 2011}}</ref> In addition, machine learning techniques can be used to detect new worms, by analyzing the behavior of the suspected computer.<ref>{{cite journal|doi=10.1016/j.csda.2008.01.028|title=Detection of unknown computer worms based on behavioral classification of the host|journal=Computational Statistics & Data Analysis|volume=52|issue=9|pages=4544–4566|year=2008|last1=Moskovitch|first1=Robert|last2=Elovici|first2=Yuval|last3=Rokach|first3=Lior|s2cid=1097834 }}</ref>