A computer worm is a computer program which is categorised as malware: by it's nature, a worm is destructive. A computer worm is similar to a virus: in that, it replicates itself to spread itself to additional computer systems. Therefore, a computer worm is sometimes categorised as a dangerous type of virus. What differentiates a worm from a virus is that a computer worm is a standalone computer program that infects computers by exploiting vulnerabilities, whereas a virus attaches itself to a healthy file (body cell) and uses stealth to enter a computer system..
A computer worm is categorised as malware because it transfers itself to a host computer without the consent of the owner. Because a computer worm does not hide itself by attaching itself to a legitimate file - like a virus does - a computer worm, therefore, does not spread itself through the use of stealth or subterfuge. Computer worms are spread on computer networks, like the Internet, and do so by exploiting security holes in operating systems. While worms are included in software downloads and email attachments, the likelihood is that worms will scan the Internet for vulnerable computers.
While some computer worms are fairly benign, and only tried to spread themselves - these worms are most likely created out of intellectual curiosity - without harming the host computer, these worms can still use considerable resources whilst spreading themselves and can still unwittingly cause harm to computer systems. Many worms are not benign but are instead destructive: worms can be used as a vehicle to deliver trojan horses, malware, spyware and adware.
One of the most destructive worms was released in 1988: the Morris worm, which shut down thousands of computers worldwide (estimated to be 1/10th of the computers connected to the Internet). The Morris worm was released by Robert T. Morris, a university student in the United States, and the estimated cost of the damage inflicted by the Morris worm ran into the millions of dollars. In 1986, the US Congress created the Computer Fraud and Abuse Act (CFAA); Morris was the first person to be convicted using this legislation. In the movie Hackers (1995), the central character was Dade, whose early computer proclivities were based upon the Morris story.
There have been attempts to create ethical worms, which spread themselves and attempt to fix vulnerabilities in computer systems. In 2008, Microsoft researchers at Cambridge (UK) were reported to have stated they planned to make software updates behave more like computer worms. Microsoft later claimed they had no plans for a "friendly worm", after they received a negative backlash to the claims. Bruce Schneier, a a board member of EFF, stated it was a stupid idea to develop benevolent worms that interfered with a host computer without the owners consent.