A computer worm is a piece of malicious software that copies itself from machine to machine across a network without being attached to a host program and without a user having to run it. That property is what distinguishes a worm from a classic virus, which needs to ride inside another program or be opened by a person. A worm finds vulnerable systems, exploits a flaw to gain entry, and then uses each newly infected host as a launch point to reach more.
The term entered the technical record with the 1988 Internet worm. The appellate opinion in United States v. Morris describes “a computer program known as a ‘worm’” that, once released, “spread and multiplied, eventually causing computers at various educational institutions and military sites to ‘crash’ or cease functioning.” It did so by exploiting flaws in network services on BSD-derived UNIX systems, as documented in the Software Engineering Institute’s 1988 advisories.
Because a worm propagates automatically, its growth can be explosive. The same self-replicating logic that lets it spread widely also lets a small bug in its code, as happened with the Morris Worm, multiply load and take down the very network it travels on. Later worms such as Code Red, SQL Slammer, and Conficker showed how quickly automated propagation could saturate the global Internet.
Worms also became delivery vehicles for targeted attacks. Stuxnet, discovered in 2010, spread like a worm through Windows systems but carried a payload aimed at specific industrial controllers - a reminder that the same spreading mechanism can serve mass disruption or precise sabotage.