I came up to the idea of writing this worm when I realized that many sites on the Internet have vulnerabilities that can be exploited, so to speak, unattended. That is, a script can exploit them automatically based on an algorithm for searching for vulnerabilities and exploiting them.
Error messages indicating vulnerabilities on a particular site are often stored in the databases of search systems. So, a script or a worm can send a series of requests to the well-known search systems to find new targets for attacks.
When describing such a worm, my primary goal is to demonstrate that sometimes the exploitation of a vulnerability is so simple that a computer program can cope with this task.
Be aware that this worm could carry potential dangers if additional functionality was implemented in it. It could create backdoors in the infected system that would allow a malicious person to enter the system later. It could behave like a Trojan horse intercepting vital information on the server. It could use the computational resources of the server to the benefit of the attacker.
For example, the attacker could create a worldwide network of infected computers and use them to solve complex mathematical problems such as computing a password from its hash. For another example, such a network could be used for sending spam.
Finally, this network could be used to launch a Distributed Denial of Service attack on a target server to make it inoperative (a so-called DDoS attack).
In any case, letting this worm out on to the Internet (and giving it functionality in addition to reproduction) would be dangerous because one person could quickly gain control over many vulnerable sites and servers worldwide.
If you don't take safety precautions when writing program code, your computer can eventually become a node in such a malicious network.
To avoid this, stick to the rules for writing code for Web applications described in the previous chapters.