Computer networks are almost constantly under the risk of computer worm (also referred to as worm) attacks. A worm is a self-replicating computer program (code) which can use the network to send copies of itself to other hosts in the networks, doing it without any human intervention. The spread of a worm usually involves exploiting a vulnerability that exists on the target node.
A vulnerability is a weakness of a computer or another device caused, for example, by software bugs or mis-configurations.
The exploitation of vulnerabilities can enable the worm to remotely achieve some level of control on the target node, a control which is used by the worm for infecting the target node with a copy of itself.
Worms might also combine in their propagation methods, other methods which require human intervention such as mass-mailing and infection through a malicious web site. In that way desktops and laptops that were infected by a worm (for example, via email) might be the source for a self propagation of the worm within the network of an organization. The Internet and connections of the computer network of an organization to other networks might be also the source for a worm attack on the network of the organization.
Worms might affect the network and its nodes by consuming bandwidth, installing their code and the code of backdoors on network nodes, performing DDoS attacks, removing files, encrypting files, sending documents found on a network node using e-mail, sending spam, etc.
Security personnel and network administrators try to secure their networks, by using various counter measures such as patching services known to include vulnerabilities, limiting access using firewalls and access rules within routers, installing intrusion prevention systems (IPS), and other protection mechanisms.
Security personnel and network administrators however, have very limited information on how vulnerable is their network to worms—the worm which has just been released and reported in the world in the last hours, or the worms that might be released in the next weeks or months.
They also have very partial tools to understand what current weaknesses in their network are more important to be resolved to effectively reduce the risk of potential worms.
There is a growing need to provide efficient methods, system and computer program products for evaluating consequences and risks of potential work attacks.