How Worms & Other Malware Spread Laterally Across A Network


Cybersecurity is an important part of anyone’s online presence. Unwarranted attacks can make most individuals and organisations prone to many negative repercussions, which is why there are a number of initiatives taken to actively educate people about malicious software and their effects.

While these measures often help individuals identify potential threats and take a few necessary precautions, most people still wonder how a malware attack on their system could compromise the entire network. Understanding this would help users pay close attention and prevent such attacks from happening, thereby reducing the number of security breaches.

What is Malware?

Malware is generally used to describe any software that is distributed with malicious intent. This could damage your systems, steal data and cause a general environment of chaos. Some types of malware include viruses, Trojans, spyware, worms and so on.

What are Worms?

Worms are a form of malware that take advantage of existing security vulnerabilities in your system. Thus, they act almost like their real-world counterparts and make your system vulnerable to further attacks. They try to reach as many hosts as possible. Their aim is not to inflict serious damage; the most they will do is slow down your system or the network. This is usually done by using up hardware resources or bandwidth.

Worms nowadays also carry a payload, which is malicious code. These can directly attack your system and create vulnerabilities for other attacks. For example, in 2004, a Mydoom worm contained a payload that let hackers gain remote access to systems. This was then used to perform a DDOS attack on the website of SCO Group.

How Do They Spread?

Many malware types like viruses require you to click on a link or download an infected software or attachment before they do any harm. But there are certain types of malware that can spread laterally across a network. An example of this kind of malware is worms.

There is a huge variation in the makeup of worms and other malware, but there are similarities in how these spread. Keeping this in mind, let us take a look at how these malware spread laterally between networks.

Once malware like a worm attacks a system, it uses this machine’s network connection and seeks out machines connected to the same network. It might mask as network packets or can even spread through P2P or network-based filesharing or network servers.

It then uses network-based vulnerabilities on the machine to spread from one system to the next. This is quite possible, especially with old and unattended machines. It is also true for machines that are not updated or secured using anti-malware software. They create something generally referred to as “internet background noise”. This is because such malware is constantly scoping out other machines connected to the vulnerable networks and spreading to them using network vulnerabilities.

How Can You Prevent This Lateral Spread of Malware?

You can protect your system and the entire network through your router. A router is a firewall that helps stop these attacks. This means that machines cannot connect inwards to your system. If the only kind of connection is an outbound one from your system, it is improbable that such an attack occurs.

You can be protected from local machines by simply using the Windows Firewall, which helps reject unsolicited requests from other machines, even if you are on the same local network.

You can also prevent this by using multiple routers and a separate guest access router that minimise your risk. It also pays to be careful about the files you share and attachments you download.