Malware / Viruses / Worms

Computer Infection

The primary difference between a virus and a worm is that the activation of their host must trigger viruses. In contrast, worms are stand-alone malicious programs that can self-replicate and propagate independently after they have breached the system. Worms do not require activation—or any human intervention—to execute or spread their code.

Viruses are often attached or concealed in shared or downloaded files, both executable files—a program that runs script—and non-executable files such as a Word document or an image file. When the host file is accepted or loaded by a target system, the virus remains dormant until the infected host file is activated. The virus can run only after the host file is activated, executing malicious code and replicating to infect other files on your system.

In contrast, worms don’t require the activation of their host file. Once a worm has entered your system, usually via a network connection or as a downloaded file, it can then run, self-replicate and propagate without a triggering event. A worm makes multiple copies of itself which then spread across the network or through an internet connection. These copies will infect any inadequately protected computers and servers that connect—via the network or internet—to the originally infected device. Because each subsequent copy of a worm repeats this process of self-replication, execution, and propagation, worm-based infections spread rapidly across computer networks and the internet at large.

How Do Computer Viruses and Worms Spread?

Viruses and worms are a subcategory of malicious programs, aka malware. Any program in this subcategory of malware can also have additional Trojan functions.

Viruses

Viruses can be classified according to their method to infect a computer.

Worms

Worms often exploit network configuration errors or security loopholes in the operating system (OS) or applications

Many worms use multiple methods to spread across networks, including the following:

  • Email: Carried inside files sent as email attachments
  • Internet: Via links to infected websites; generally hidden in the website’s HTML, so the infection is triggered when the page loads
  • Downloads & FTP Servers: This May initially start in downloaded files or individual FTP files, but if not detected, can spread to the server, and thus, all outbound FTP transmissions
  • Instant Messages (IM): Transmitted through mobile and desktop messaging apps, generally as external links, including native SMS apps, WhatsApp, Facebook messenger, or any other type of ICQ or IRC message
  • P2P/Filesharing: Spread via P2P file sharing networks, as well as any other shared drive or files, such as a USB stick or network server
  • Networks: Often hidden in network packets; though they can spread and self-propagate through shared access to any device, drive or file across the network

  • Chrome extensions with 1.4M installs covertly track visits and inject code
    If you’ve installed any of these extensions, manually remove them stat. Google has removed browser extensions with more than 1.4 million downloads from the Chrome Web Store after third-party researchers reported they were surreptitiously tracking users’ browsing history and inserting tracking code into specific eCommerce sites they visited. The five extensions flagged by McAfee purport to offer […]
  • Just Open It
    “Just open it, you don’t need a password.” What is phishing? Phishing attacks are counterfeit communications that appear to come from a trustworthy source but can compromise all types of data sources. Attacks can facilitate access to your online accounts and personal data, obtain permissions to modify and compromise connected systems–such as point of sale terminals […]
  • Multi-Factor Authentication: Who Has It and How to Set It Up
    Don’t let scammers get their hands on your sensitive information. Here’s how to secure your online accounts with multi-factor authentication (MFA), and two-factor authentication (2FA). The 2014 Heartbleed bug exposed millions of internet logins to scammers thanks to one itty-bitty piece of code. Our security nightmares have only gotten progressively worse in the years since. What’s the […]
  • Yanluowang Ransomware Operators hacked Cisco to Steal Internal Data
    Recent reports indicate that Cisco’s corporate network was infected with ransomware from the Yanluowang group in late May.  Under the threat of leaking stolen files to the online world, the threat actor attempted to intimidate the victims into making a financial sacrifice: ransom. An employee’s Box folder linked to a compromised account was only accessible […]
  • What is Remote Access Trojan (RAT)?
    Remote access trojans (RATs) are malware designed to allow an attacker to remotely control an infected computer. Once the RAT runs on a compromised system, the attacker can send commands to it and receive data back in response. 2022 Security ReportDemo Endpoint RAT Protection How Does a Remote Access Trojan Work? RATS can infect computers […]
  • What is Smishing and How to Defend Against it?
    Smishing meaning and definition Smishing is a phishing cybersecurity attack carried out over mobile text messaging, also known as SMS phishing. As a variant of phishing, victims are deceived into giving sensitive information to a disguised attacker. SMS phishing can be assisted by malware or fraud websites. It occurs on many mobile text messaging platforms, […]
  • Ongoing ‘Roaming Mantis’ Smishing Campaign Hits Over 70,000 Users in France
    A Chinese threat actor named Roaming Mantis has been targeting Android users in France with the MoqHao malware in a new smishing campaign, security researchers with Sekoia warn. The campaign uses phishing SMS messages containing an embedded malicious link to trick unsuspecting victims into downloading malware on their Android devices or accessing a phishing page […]
  • Brand-New HavanaCrypt Ransomware Poses as Google Software Update App, Uses Microsoft Hosting Service IP Address as C&C Server
    A new ransomware family dubbed ‘HavanaCrypt’ disguises itself as a Google software update app, using a Microsoft web hosting service IP address as its command and control server to circumvent detection. Detailed by security researchers at Trend Micro in a report, the ransomware is the latest in a series of malware that poses as a legitimate […]
  • Why is everyone getting hacked on Facebook?
    Social media scams are just one of the many ways cybercriminals are taking advantage of people online these days. If your social media networks are anything like mine, you’ve noticed an uptick in people getting “hacked” lately. Maybe you’ve got a weird Facebook message from someone you hadn’t spoken with in a while. Maybe your […]
  • Hacker Steals Database of Hundreds of Verizon Employees
    The database contains information that could be used in social engineering and SIM swapping attacks. A hacker has obtained a database including hundreds of Verizon employees’ full names, email addresses, corporate ID numbers, and phone numbers. It’s unclear if all the data is accurate or up to date. The motherboard confirmed that at least some […]
  • Russian Hackers Tried Attacking Ukraine’s Power Grid with Industroyer2 Malware
    On Tuesday, the Computer Emergency Response Team of Ukraine (CERT-UA) disclosed that it thwarted a cyberattack by Sandworm, a hacking group affiliated with Russia’s military intelligence, to sabotage the operations of an unnamed energy provider in the country. “The attackers attempted to take down several infrastructure components of their target, namely: Electrical substations, Windows-operated computing […]
  • Stuxnet
    Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built […]
  • Colonial Pipeline Company – Ransomware – Gasoline Shortage
    Why are people filling plastic bags and taking ill-thought-out plans with gasoline in the North-Eastern region of the United States of America? The VPN account, which has since been deactivated, didn’t use multifactor authentication, an essential cybersecurity tool, allowing the hackers to breach Colonial’s network using just a compromised username and password. It’s not known […]
  • FBI hacks vulnerable US computers to fix malicious malware
    US justice department says bureau hacked devices to remove malware from insecure software. The FBI has been hacking into the computers of US companies running insecure versions of Microsoft software in order to fix them, the US Department of Justice has announced. The operation, approved by a federal court, involved the FBI hacking into “hundreds” of vulnerable […]
  • Industroyer
    The 2016 attack on Ukraine’s power grid that deprived part of its capital, Kyiv, of power for an hour was caused by a cyberattack. ESET researchers have since analyzed samples of malware detected by ESET as Win32/Industroyer, capable of performing exactly that type of attack. Whether the same malware was really involved in what cybersecurity experts […]
  • Snowden Confirms Stuxnet Malware developed by NSA and Israel Together.
    In an interview with Germany’s Der Spiegel Magazine, American whistleblower Edward Snowden has Confirmed that Stuxnet Malware was developed by NSA and Israel Together. Stuxnet made international headlines in 2010 for specifically targeting a uranium enrichment facility in Natanz, Iran. Stuxnet was designed to make the centrifuges spin out of control and cause physical damage to the plant in Natanz. Stuxnet temporarily disabled […]