What is it? A small, self-replicating application— most often created by a vandal rather than a corporate spy—that infects a host computer and then copies itself to every other computer attached to the host. Most network worms can saturate a network in hours or days because they grow logarithmically—every infected computer represents not one but an array of other possible victims, so that 10 infections become 100, which become 1,000, which become 10,000, and so on.
Isn't this just a regular worm? Yes, but there is more than one meaning for "regular."E-mail worms and viruses are designed to spread by using the e-mail system itself as a carrier. A network worm is more insidious. It might arrive via e-mail, but could also slip in attached to files in a portable hard drive, a flash-memory stick, a PDA or, increasingly, a cell phone.
Why the distinction? Because it's possible to screen out most, if not all, e-mail worms and viruses using virus scanners at the firewall or on the e-mail servers. But network worms can come in via pathways that become more numerous with every advance in mobile computing, wireless networks and smart phones. Many companies aren't sufficiently aggressive about virus screening inside the firewall. So network worms not only have more ways to get into a corporate network, but once they're in, they're more likely to be free to operate uninterrupted.
How does a network worm attack? Most simply copy themselves to every computer with which the host computer can share data. Most Windows networks allow machines within defined subgroups to exchange data freely, making it easier for a worm to propagate itself. Some worms can also lodge in the startup folder of a networked computer, launch when that computer is restarted and reinfect a network that may have already been cleaned out. A worm that lodges in a server can infect every user who logs on to that server.
Full Article here: