How to Detect Worm with a Network Analyzer?
The most potent threats to Network and Computer Security are worms as they have the unique ability to mimic biological like viruses. Worms can infect a host (biological or logical electronic systems like computers, phones, servers and network devices like routers, servers , controllers and switches). Once the worn has infected the device they then choose a medium to propagate to other neighboring hosts – digital devices. Most worms are malicious and generally, their intent is usually malicious, however some worms (not many) do not have malicious intent (anti-worms or helpful worms) as are designed to help find and destroy Bad or Malicious worms. An example of an Anti-worm is Welchia (Nachia worm, around 2003) which infected compromised computers and automatically began downloading the correct Microsoft security updates without the users consent. It automatically rebooted the computers, installing the security patches to fix the current exploit worm like Code Red, Blaster and Santy. Other examples of helpful anti-worms are Den_Zuko, Cheeze, CodeGreen and Mellenium and many others. However, the list of Malicious worms is very long - https://en.wikipedia.org/wiki/Timeline_of_computer_viruses_and_worms and here is a list of malicious file extensions - http://www.file-extensions.org/filetype/extension/name/dangerous-malicious-files .
General procedures for the visualization of the propagation of a worm: