Payload is any action done by a program aside from the act of spreading in itself. The payload of a virus or worm can range from irreparably damaging the operating system or even the BIOS (as the CIH virus) or almost nothing (as the Badtrans worm) or even something benevolent like removing a malicious program (Sasser, YahaSux, Welchia). Sometimes a payload is a consciously coded part of the program, as with the Ramen worm, or it could be simply be a product of its existence and spreading, as with the Slammer worm.

Virus and worm creators who want to do deliberate damage to a large number of computers face the dilemma of destructiveness versus spreading ability. Code that destroys its host too quickly and too badly kills its chances to spread once the host is crippled or destroyed. In addition, they are noticed faster and potential victims are given warnings of what to look out for to protect against it. Something that does no damage not only has a healthy host to send more copies of itself from, but it also may go undetected longer.

A few examples of this theory in action include the spreading of Magistr versus Netsky, Navidad versus Sober or DBase versus Vienna. The first of each pair destroys files, the operating system or even the whole computer. The second either does nothing but spread or even something benevolent. Netsky.P deletes registry keys that cause the Beagle, Mydoom, Deadhat and Welchia worms to spread and it was one of the most common worms for years


Alison Diana. E-Commerce Times, Does the Killer Worm Really Exist? 2003.09.11

Trend Micro Antivirus, WORM_NETSKY.P. 2004.03.21

Mary Landesman. Antivirus, Magistr..

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License