Pretty much everyone has heard the terms spyware, malware, virus, Trojan horse, computer worm, rootkit, etc., etc., but do you know the difference between each of them? I tried to explain the difference to someone and got a bit confused myself. Since there are so many types of threats, it is difficult to keep track of all the terms.
In this article, I’ll go over some of the main ones we hear all the time and tell you about the differences. However, before we get started, let’s first remove the other two terms: spyware and malware. What’s the difference between spyware and malware?
Spyware, in its original meaning, meant software that was installed on a system either without your permission or secretly bundled with legitimate software that collected personal information about you and then sent it to a remote computer. However, over time, spyware has moved beyond simple computer monitoring and the term “malware” has come to be used synonymously.
Malware is essentially any type of malware designed to harm your computer, collect information, gain access to confidential data, etc. Malicious software includes viruses, Trojans, rootkits, worms, keyloggers, spyware, adware. Software and much more. you can think of. Now let’s talk about the difference between a virus, trojan, worm, and rootkit.
Viruses
While viruses seem to be the most malware you can find these days, they really aren’t. The most common types of malware are Trojans and Worms. This statement is based on Microsoft’s list of top malware threats:
http: //www.microsoft.com/security/portal/threat/views.asps
So what exactly is a virus? Basically, it is a program that can be distributed (copied) from one computer to another. The same is true for a worm, but the difference is that a virus usually has to inject itself into an executable file to run. When an infected executable file is run, it can spread to other executable files. It usually requires some kind of user intervention to spread the virus.
If you’ve ever downloaded an attachment from your email and it ended up infecting your system, it would be considered a virus as it requires the user to actually open the file. There are many ways in which viruses can infiltrate executable files.
One type of virus, called a cavity virus, can insert itself into usable sections of an executable file, thereby not damaging the file or increasing its size.
Currently, the most common type of virus is the macro virus. Unfortunately, these are viruses that infiltrate Microsoft products such as Word, Excel, Powerpoint, Outlook, etc. Since Office is so popular and is also available on Mac, this is obviously the smartest way to spread a virus if you do. want to.
Trojans
A Trojan Horse is a piece of malware that does not try to copy itself, but instead installs itself on the user’s system, posing as legitimate software. The name obviously comes from Greek mythology, as the software appears to be harmless and thus trick the user into installing it on their computer.
Once a Trojan horse is installed on a user’s computer, it does not try to infiltrate a file like a virus, but instead allows a hacker to control the computer remotely. One of the most common ways to use a computer infected with a Trojan horse is to plug it into a botnet.
A botnet is essentially a collection of computers connected to the Internet that can then be used to send spam or perform specific tasks, such as denial of service attacks that destroy websites.
When I was in college in 1998, one hugely popular Trojan horse at the time was Netbus. In our dorms, we installed them on each other’s computers and pranked each other. Unfortunately, most Trojan horses crash computers, steal financial data, log keystrokes, watch your screen with your permissions, and much more.
Computer worm
A computer worm is similar to a virus, except that it can replicate itself. Not only can it replicate on its own without using the host file for deployment, but it usually uses the network to distribute itself. This means that a worm can cause serious damage to the network as a whole, whereas a virus usually infects files on an infected computer.
All worms come with or without payload. Without a payload, the worm will simply replicate itself over the network and eventually slow down the network due to the increased traffic caused by the worm.
The worm with the payload will replicate and try to perform another task, such as deleting files, sending emails, or installing a backdoor. A backdoor is simply a way to bypass authentication and gain remote access to a computer.
Worms spread primarily due to security vulnerabilities. This is why it is so important to install the latest security updates for your OS.
Rootkit
A rootkit is a malicious program that is extremely difficult to detect and actively tries to hide from the user, the OS and any antivirus / antivirus programs. The software can be installed in any number of ways, including exploiting a vulnerability in the OS or gaining administrator access to the computer.
After installing the program and as long as it has full administrator rights, the program will hide and modify the currently installed OS and software to prevent future detection. Rootkits are what you hear to turn off your antivirus or install it in the OS kernel, with the only option sometimes being to reinstall the entire operating system.
Rootkits can also contain useful data with which they hide other programs such as viruses and key loggers. To get rid of a rootkit without reinstalling the OS, users need to boot an alternate operating system first and then try to clean up the rootkit or at least copy important data.
Hopefully this quick overview will give you a better understanding of what the various terms mean and how they relate to each other. If you have anything to add that I missed, feel free to post it in the comments. Enjoy!
–