What is the difference between Malware and a Virus?

1 Comment / Endpoint Security, Endpoint Security Basics / By

A common question that comes up when first learning cybersecurity is “What is the difference between Malware and a Virus?” Many times – you might even here that there is no difference between these two terms, but that isn’t exactly true! Malware is a general term for any software that attempts to cause harm to a computer or device. How this malicious software goes about this (or for what purpose) defines the malware and gives it a name.

For example: A virus is a type of malware that spreads from file to file (generally). Much like a cold virus, it will find a way to infect a computer and then hide to prolong its damage. This means that ALL viruses are malware, but not all malware is a virus.

Because of this malware can take many names:

  • Virus – a malicious program that “infects” files or systems
  • Spyware – a program that monitors your activity and sends it back to a central location
  • Phishing – Fake applications, services, or sites that attempt to trick you into willingly providing it sensitive information (like passwords, personal data, or your money)
  • Worms – Like viruses, they “infect” a computer but will attempt to move from device to device instead of just file to file.
  • Ransomware – an attack that attempts to encrypt your data and charge you for the possibility of getting it back
  • PUP/Adware – PUP stands for “Potentially Unwanted Program” and generally means that this software may not cause damage but may be a nuisance.

Some of these descriptions have been boiled down to help those just getting started in Security – but help to show the point. Malware is a general term to describe software with an intent to harm. How malware harms a device further categorizes it into a “Family” or “Category” such as a Virus, or Spyware, or Ransomware. So what is the difference between Malware and a Virus? All viruses are malware but not all malware is a virus.

Below are some better explanations of common malware and examples:

Virus

Viruses were the first type of malware be introduced to the world and this is a big part of the reason that the term is used so widely to describe all things bad. Much like a cold virus that spreads from person to person but cannot live on its own, the original computer viruses would hide themselves in pre-existing files and applications to be able to live and spread.

The original computer viruses spread via floppy disk – a long gone storage method for computers. As the floppy disk was accessed and its program ran – the virus would look for files to infect on the the computer itself and lie in wait until a later time to activate.

Once the virus was triggered, it would start its malicious activity – commonly called a “payload”. This could be a number of things, such as slowing a computer down, deleting or damaging files, or in some cases just make a message appear to the user of the computer.

Today the term virus is widely misused. The most prevalent types of malware over the past few years have been Trojans or Worms. In today’s world the focus is largely to obtain and maintain unauthorized access to a system. Most modern viruses are focused on a particular malicious activity such as stealing your personal information, spamming your contacts, or obtaining your credit card information. To be called a virus – it must be considered a self-replicating program that modifies or injects itself into another program without the knowledge or consent of the user.

Spyware

Spyware is a type of malware that secretly monitors and steals your personal information. Many times, spyware poses as a legitimate application that provides some purpose or function and then in the background steals your personal information.

For example – some coupon applications will tell you that they can monitor the sites you shop on for additional promotions, but as part of this monitoring they will also collect information on what sites you visit, potentially monitor your usernames and passwords, or worst case – even collect and steal your credit card information.

Keyloggers are another well known example of spyware. These applications will monitor your key strokes and have the ability to save your usernames and passwords, credit card information, or anything else that you type out on your device.

The defining characteristic of spyware is its main focus to gather information for financial or personal gain.

Phishing

Phishing is an attack where a person is tricked into thinking they are working with a legitimate company or service. The goal of the attacker is to either gather information or place malware on a system. Today, the bulk of phishing attacks focus on gaining access to systems or services. If the attacker can trick you into providing your password for one site – they will try to see where else they can gain access.

For example – here is a recent phishing attack that claims to be Netflix:

Here the attacker uses the Netflix log and sends an email claiming there is an issue with your account. While the link appears to go to Netflix, clicking the link will take you to the attacker’s site. Here they will prompt you for your user name and password which they will store for future use. Many times, these fake login screens will actually log you into your real account for two reasons:

  • First – to make you think you actually visited Netflix to check on your account.
  • Second – to make sure that the username/password you provided are accurate.

In the workplace, phishing attacks will generally lead to malware being installed on a computer. This allows the attacker to not only gain your username/password, but also to maintain access. From here, attackers will try to move to other systems using valid credentials. As they are able to expand their footprint – they will look for information they can steal or use for their benefit.

Worm

Computer “worms” are one of the most common issues people can face. Previously the intent of a worm was simply to do harm, as most malware does. Today the focus of most worms is for profit via Ransomware. Unlike a virus, which moves via vulnerable programs, a worm is its own program and has the ability to spread on its own. Worms present the most danger for a few reasons:

  • They can be “polymorphic” – meaning they can change on their own to avoid detection.
  • They will “self propagate” or spread on their own
  • They make use of several tactics at once to gain and keep access

Depending on the purpose of the worm – they can spread worldwide in a matter or minutes or go undetected for years. In the early 2000’s a common worm was called ILOVEYOU and spread via email. The email had an attachment claiming to be a love letter from somebody you knew. Opening the love letter allowed the worm to install itself and it would automatically email a copy of itself to all of your contacts. Because of this, the worm spread rapidly over the summer of 2000. It is estimated to have caused $10 billion in damages.

Ransomware

Ransomware is a type of malware that encrypts a device and locks out its owner. Once the device is encrypted, it often asks for payment to unlock the device. In other words – it holds the device ransom. Attackers generally request to be paid in BitCoin or similar cryptocurrencies for decryption keys.

Ransomware is typically combined with other malware to be delivered. Most commonly ransomware is paired with a worm to spread infection. The worm gets access to the system, finds new targets, and delivers the ransomware as it moves on. This can have a devastating impact on both enterprise and home systems.

The most popular (or infamous) ransomware to date was called WannaCry. It was a ransomware with worm capabilities that spread worldwide in 2017 in minutes. In many cases, even if the ransom was paid – the systems were completely lost. Sadly, the initial WannaCry attack was entirely preventable. The attack focused on a known vulnerability that had a patch available. To date, WannaCry is estimated to have caused over $4 billion in damages.

PUP/Adware

PUP stands for Potentially Unwanted Program. Most commonly, people get these as “free” software bundled with another program. For example: If you have ever installed Adobe Reader, it typically has free software it will offer to install at the same time. In some cases, this additional software is legitimate but potentially unwanted. In other cases, the bundled software is adware.

Adware and Spyware are often used interchangeably, but like Virus and Malware – this isn’t always true. Adware focuses on bringing you unwanted advertisements and hides itself along side legitimate software. Attackers and companies can profit from this by simple ad revenue. In some cases, the service the adware is selling is an ad blocker. While it sounds silly – the best way to sell a fix for a problem is to create one. Spyware differs from adware in that it typically attempts to stay hidden and that its profits are generated by stealing and selling data such as browser and purchase history.

Related Posts

What is Endpoint Security?

What is Endpoint Security?

Endpoint Security focuses on protecting a device from potential threats - such as viruses, ransomware, or other malicious activities. The term "endpoint" is...

What is a “Risk”?

What is a “Risk”?

What is a risk? To put it simply - a risk is the potential for a problem. It seems too simple doesn't it? Luckily, this…

1 thought on “What is the difference between Malware and a Virus?”

  1. Pingback: What is Endpoint Security? - Understanding Security

Leave a Comment

Your email address will not be published. Required fields are marked *

Subscribe
Subscribe
Scroll to Top