Security
Brought to you by

What’s The Difference Between Viruses, Trojans, Worms And Other Malware?

Lifehacker’s tech-savvy readers are the first people on speed-dial when it’s time to heal an infected PC, but how much do you really know about viruses, spyware, scareware, trojans and worms? Here’s a helpful guide to understanding all the different types of malware.

The point of today’s lesson, of course, is to help you teach your friends and family more about the different types of malware and debunk a few of the common myths about viruses. Who knows, maybe you’ll learn a thing or two as well.

What is Malware?

The word Malware is short for malicious software, and is a general term used to describe all of the viruses, worms, spyware and pretty much anything that is specifically designed to cause harm to your PC or steal your information.

Viruses Wreak Havoc On Your Files

The term computer virus is often used interchangeably with malware, though the two don’t actually have the same meaning. In the strictest sense, a virus is a program that copies itself and infects a PC, spreading from one file to another, and then from one PC to another when the files are copied or shared. Image by Joffley

Most viruses attach themselves to executable files, but some can target a master boot record, autorun scripts, MS Office macros, or even in some cases, arbitrary files. Many of these viruses, like CIH, are designed to render your PC completely inoperable, while others simply delete or corrupt your files — the general point is that a virus is designed to cause havoc and break stuff.

You can protect yourself from viruses by making certain your antivirus application is always updated with the latest definitions and avoiding suspicious looking files coming through email or otherwise. Pay special attention to the filename — if the file is supposed to be an MP3, and the name ends in .mp3.exe, you’re dealing with a virus.

Spyware Steals Your Information

Spyware is any software installed on your PC that collects your information without your knowledge, and sends that information back to the creator so they can use your personal information in some nefarious way. This could include keylogging to learn your passwords, watching your searching habits, changing out your browser home and search pages, adding obnoxious browser toolbars or just stealing your passwords and credit card numbers.

Since spyware is primarily meant to make money at your expense, it doesn’t usually kill your PC — in fact, many people have spyware running without even realising it, but generally those that have one spyware application installed also have a dozen more. Once you’ve got that many pieces of software spying on you, your PC is going to become slow.

What many people don’t realise about spyware is that not every antivirus software is designed to catch spyware. You should check with the vendor to make sure the application you are using to protect you from malware is actually checking for spyware as well. If you come across a PC that is already heavily infected, run a combination of MalwareBytes and SuperAntiSpyware to clean it thoroughly.

Scareware Holds Your PC for Ransom

Scareware is a relatively new type of attack, where a user is tricked into downloading what appears to be an antivirus application, which then proceeds to tell you that your PC is infected with hundreds of viruses and can only be cleaned if you pay for a full licence. Of course, these scareware applications are nothing more than malware that hold your PC hostage until you pay the ransom — in most cases, you can’t uninstall them or even use the PC.

If you manage to come across a PC infected with one of these, your best bet is to Google the name of the virus and find specific instructions on how to remove it, but the steps are usually the same — run a combination of MalwareBytes, SuperAntiSpyware and maybe ComboFix if you need to.

For more on scareware, including a full walk-through of how a PC actually gets infected in the first place, check out the guide I wrote on removing Internet Security 2010 and other fake antivirus malware.

Trojan Horses Install a Backdoor

Trojan horses are application that look like they are doing something innocuous, but secretly have malicious code that does something else. In many cases, trojans will create a backdoor that allows your PC to be remotely controlled, either directly or as part of a botnet — a network of computers also infected with a trojan or other malicious software. The major difference between a virus and a trojan is that trojans don’t replicate themselves — they must be installed by an unwitting user. Image by otzberg

Once your PC has been infected with the trojan, it can be used for any number of nefarious purposes, like a denial of service (DoS) attack against a website, a proxy server for concealing attacks or even worse — for sending out buckets of spam. Protection against trojans works the same way as viruses — make sure that your antivirus application is up to date, don’t open suspicious attachments, and think long and hard before you try and use a downloaded crack for Photoshop — that’s one of malware authors’ favourite spots to hide a trojan.

Worms Infect Through the Network

Computer worms use the network to send copies of themselves to other PCs, usually utilising a security hole to travel from one host to the next, often automatically without user intervention. Because they can spread so rapidly across a network, infecting every PC in their path, they tend to be the most well-known type of malware, although many users still mistakenly refer to them as viruses. Image by me and the sysop

Some of the most famous worms include the ILOVEYOU worm, transmitted as an email attachment, which cost businesses upwards of 5.5 billion dollars in damage. The Code Red worm defaced 359,000 websites, SQL Slammer slowed down the entire internet for a brief period of time, and the Blaster worm would force your PC to reboot repeatedly.

Because worms often exploit a network vulnerability, they are the one type of malware that can be partially prevented by making sure your firewall is enabled and locked down — you’ll still need an updated antivirus software, of course.

Glad to finally put a name to the annoyingly threatening scareware? Does it irritate you when somebody calls spyware a virus? Be sure to send this article to them, and share your malware war stories in the comments.


Have you subscribed to Lifehacker Australia's email newsletter? You can also follow us on Facebook, Twitter and YouTube.