Malware / Viruses / Worms

Computer Infection

The primary difference between a virus and a worm is that the activation of their host must trigger viruses. In contrast, worms are stand-alone malicious programs that can self-replicate and propagate independently after they have breached the system. Worms do not require activation—or any human intervention—to execute or spread their code.

Viruses are often attached or concealed in shared or downloaded files, both executable files—a program that runs script—and non-executable files such as a Word document or an image file. When the host file is accepted or loaded by a target system, the virus remains dormant until the infected host file is activated. The virus can run only after the host file is activated, executing malicious code and replicating to infect other files on your system.

In contrast, worms don’t require the activation of their host file. Once a worm has entered your system, usually via a network connection or as a downloaded file, it can then run, self-replicate and propagate without a triggering event. A worm makes multiple copies of itself which then spread across the network or through an internet connection. These copies will infect any inadequately protected computers and servers that connect—via the network or internet—to the originally infected device. Because each subsequent copy of a worm repeats this process of self-replication, execution, and propagation, worm-based infections spread rapidly across computer networks and the internet at large.

How Do Computer Viruses and Worms Spread?

Viruses and worms are a subcategory of malicious programs, aka malware. Any program in this subcategory of malware can also have additional Trojan functions.


Viruses can be classified according to their method to infect a computer.


Worms often exploit network configuration errors or security loopholes in the operating system (OS) or applications

Many worms use multiple methods to spread across networks, including the following:

  • Email: Carried inside files sent as email attachments
  • Internet: Via links to infected websites; generally hidden in the website’s HTML, so the infection is triggered when the page loads
  • Downloads & FTP Servers: This May initially start in downloaded files or individual FTP files, but if not detected, can spread to the server, and thus, all outbound FTP transmissions
  • Instant Messages (IM): Transmitted through mobile and desktop messaging apps, generally as external links, including native SMS apps, WhatsApp, Facebook messenger, or any other type of ICQ or IRC message
  • P2P/Filesharing: Spread via P2P file sharing networks, as well as any other shared drive or files, such as a USB stick or network server
  • Networks: Often hidden in network packets; though they can spread and self-propagate through shared access to any device, drive or file across the network

  • What are indicators of compromise (IoC)?
    Indicators of compromise (IoC) are evidence left behind by an attacker or malicious software that can be used to identify a security incident. Indicators of compromise (IoCs) are information about a specific security breach that can help security teams determine if an attack has occurred. This data can include details about the attack, such as … Read more
  • Heuristics Definition
    Heuristics came to public attention when Daniel Kahneman published his best-selling book “Thinking, Fast and Slow”. In it, Kahneman summarized the findings from his decades-long collaboration with his research partner Amos Tversky and got people interested in heuristics and their applications to decision-making, relationships, business, and more. What is a Heuristic? Definition A heuristic is … Read more
  • What is a zero-day exploit?
    A zero-day exploit is an attack that takes advantage of a mostly unknown security vulnerability. What is a zero-day exploit? A zero-day exploit (also called a zero-day threat) is an attack that takes advantage of a security vulnerability that does not have a fix in place. It is called a “zero-day” threat because the developer … Read more
  • Cryptography Definition
    Cryptography studies secure communications techniques that allow only the sender and intended recipient of a message to view its contents. The term is derived from the Greek word “kryptos”, which means hidden. It is closely associated with encryption, which is scrambling ordinary text into what’s known as ciphertext and then back again upon arrival. In addition, cryptography … Read more
  • Russian Sandworm Hackers Impersonate Ukrainian Telecoms to Distribute Malware
    New findings show that a threat cluster linked to the Russian nation-state actor tracked as Sandworm has continued its targeting of Ukraine with commodity malware by masquerading as telecom providers. Recorded Future said it discovered new infrastructure belonging to UAC-0113 that mimics operators like Datagroup and EuroTransTelecom to deliver payloads such as Colibri loader and Warzone RAT. The … Read more
  • Chrome extensions with 1.4M installs covertly track visits and inject code
    If you’ve installed any of these extensions, manually remove them stat. Google has removed browser extensions with more than 1.4 million downloads from the Chrome Web Store after third-party researchers reported they were surreptitiously tracking users’ browsing history and inserting tracking code into specific eCommerce sites they visited. The five extensions flagged by McAfee purport to offer … Read more
  • Just Open It
    “Just open it, you don’t need a password.” What is phishing? Phishing attacks are counterfeit communications that appear to come from a trustworthy source but can compromise all types of data sources. Attacks can facilitate access to your online accounts and personal data, obtain permissions to modify and compromise connected systems–such as point of sale terminals … Read more
  • Multi-Factor Authentication: Who Has It and How to Set It Up
    Don’t let scammers get their hands on your sensitive information. Here’s how to secure your online accounts with multi-factor authentication (MFA), and two-factor authentication (2FA). The 2014 Heartbleed bug exposed millions of internet logins to scammers thanks to one itty-bitty piece of code. Our security nightmares have only gotten progressively worse in the years since. What’s the … Read more
  • Yanluowang Ransomware Operators hacked Cisco to Steal Internal Data
    Recent reports indicate that Cisco’s corporate network was infected with ransomware from the Yanluowang group in late May.  Under the threat of leaking stolen files to the online world, the threat actor attempted to intimidate the victims into making a financial sacrifice: ransom. An employee’s Box folder linked to a compromised account was only accessible … Read more
  • What is Remote Access Trojan (RAT)?
    Remote access trojans (RATs) are malware designed to allow an attacker to remotely control an infected computer. Once the RAT runs on a compromised system, the attacker can send commands to it and receive data back in response. 2022 Security ReportDemo Endpoint RAT Protection How Does a Remote Access Trojan Work? RATS can infect computers … Read more
  • What is Smishing and How to Defend Against it?
    Smishing meaning and definition Smishing is a phishing cybersecurity attack carried out over mobile text messaging, also known as SMS phishing. As a variant of phishing, victims are deceived into giving sensitive information to a disguised attacker. SMS phishing can be assisted by malware or fraudulent websites. It occurs on many mobile text messaging platforms, … Read more
  • Ongoing ‘Roaming Mantis’ Smishing Campaign Hits Over 70,000 Users in France
    A Chinese threat actor named Roaming Mantis has been targeting Android users in France with the MoqHao malware in a new smishing campaign, security researchers with Sekoia warn. The campaign uses phishing SMS messages containing an embedded malicious link to trick unsuspecting victims into downloading malware on their Android devices or accessing a phishing page … Read more
  • Brand-New HavanaCrypt Ransomware Poses as Google Software Update App, Uses Microsoft Hosting Service IP Address as C&C Server
    A new ransomware family dubbed ‘HavanaCrypt’ disguises itself as a Google software update app, using a Microsoft web hosting service IP address as its command and control server to circumvent detection. Detailed by security researchers at Trend Micro in a report, the ransomware is the latest in a series of malware that poses as a legitimate … Read more
  • Russian Hackers Using DropBox and Google Drive to Drop Malicious Payloads
    The Russian state-sponsored hacking collective known as APT29 has been attributed to a new phishing campaign that takes advantage of legitimate cloud services like Google Drive and Dropbox to deliver malicious payloads on compromised systems. “These campaigns are believed to have targeted several Western diplomatic missions between May and June 2022,” Palo Alto Networks Unit … Read more
  • Why is everyone getting hacked on Facebook?
    Social media scams are just one of the many ways cybercriminals are taking advantage of people online these days. If your social media networks are anything like mine, you’ve noticed an uptick in people getting “hacked” lately. Maybe you’ve got a weird Facebook message from someone you hadn’t spoken with in a while. Maybe your … Read more
  • Hacker Steals Database of Hundreds of Verizon Employees
    The database contains information that could be used in social engineering and SIM swapping attacks. A hacker has obtained a database including hundreds of Verizon employees’ full names, email addresses, corporate ID numbers, and phone numbers. It’s unclear if all the data is accurate or up to date. The motherboard confirmed that at least some … Read more
  • Russian Hackers Tried Attacking Ukraine’s Power Grid with Industroyer2 Malware
    On Tuesday, the Computer Emergency Response Team of Ukraine (CERT-UA) disclosed that it thwarted a cyberattack by Sandworm, a hacking group affiliated with Russia’s military intelligence, to sabotage the operations of an unnamed energy provider in the country. “The attackers attempted to take down several infrastructure components of their target, namely: Electrical substations, Windows-operated computing … Read more
  • Stuxnet
    Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built … Read more
  • Removing Ransomware | Decrypting Data – How To Recover
    Ransomware infection means that your data has been encrypted or cyber criminals are blocking your operating system. These criminals usually demand a ransom in return for decrypting the data. Ransomware can find its way onto a device in many different ways. The most common routes include infections from malicious websites, unwanted add-ons in downloads, and spam. Targets of ransomware attacks include both individuals … Read more
  • What is Ransomware?
    Ransomware is a form of Cyber Crime that threatens you and your device, but what makes this malware unique? The word “ransom” tells you everything you need to know about this pest. Ransomware is extortion software that can lock your computer and demand a ransom for its release. In most cases, ransomware infection occurs as follows. The malware … Read more
  • XE Group was exposed for eight years of hacking and credit card theft.
    A relatively unknown group of Vietnamese hackers calling themselves ‘XE Group’ has been linked to eight years of for-profit hacking and credit card skimming. The threat actors are thought to be responsible for the theft of thousands of credit cards per day, mainly from restaurants, non-profit, art, and travel platforms. The actors use publicly available … Read more
  • Justice Dept. Brings New Charges in Ransomware Attacks – The New York Times
    Some News in Recent Ransomware Attacks The Justice Department said on Monday that it had brought charges against a Russian National whom it accused of conducting ransomware attacks against American government entities and businesses, including one that temporarily shut down the meat supply giant JBS. In the Biden administration’s latest crackdown on cybercrime, the Justice … Read more
  • What is a Command and Control(C2/CnC) Server?
    Like a regular system holder, you might wonder why your system is running slower than usual. You are always getting random messages like pop-ups, something got added as an extension in your browser, and you have never used this. Your browser cannot load the page, internet connectivity is slow, and even the computer is always … Read more
  • Colonial Pipeline Company – Ransomware – Gasoline Shortage
    Why are people filling plastic bags and taking ill-thought-out plans with gasoline in the North-Eastern region of the United States of America? The VPN account, which has since been deactivated, didn’t use multifactor authentication, an essential cybersecurity tool, allowing the hackers to breach Colonial’s network using just a compromised username and password. It’s not known … Read more
  • FBI hacks vulnerable US computers to fix malicious malware
    US justice department says bureau hacked devices to remove malware from insecure software. The FBI has been hacking into the computers of US companies running insecure versions of Microsoft software in order to fix them, the US Department of Justice has announced. The operation, approved by a federal court, involved the FBI hacking into “hundreds” of vulnerable … Read more
  • What are browser hijackers?
    A browser hijacker is a “form of unwanted software that modifies a web browser’s settings without the user’s permission.” The idea is to make users visit certain websites whether they want to or not so the hijacker enjoys higher advertising revenue. Browser hijackers may also contain spyware to obtain banking information and other sensitive data. … Read more
  • BadRabbit: a closer look at the new version of Petya/NotPetya
    Petya/NotPetya (aka EternalPetya), made headlines in June, due to its massive attack on Ukraine. Today, we noted an outbreak of a similar-looking malware, called BadRabbit, probably prepared by the same authors. Just like the previous edition, BadRabbit has an infector allowing for lateral movements, using  SMB to propagate laterally. Unlike NotPetya, it doesn’t use EternalBlue … Read more
  • Petya-esque ransomware is spreading across the world
    Ringing with echoes of WanaCrypt0r, a new strain of ransomware called Petya/NotPetya is impacting users around the world, shutting down firms in Ukraine, Britain, and Spain. Background Petya, created in July 2016, started off as one of the next-generation ransomware strains that utilize a Master Boot Record (MBR) locker. In the early days of ransomware, strains that … Read more
  • What is WannaCry ransomware?
    Is your computer vulnerable to attack from WannaCry ransomware? Read on as we explore all there is to know about the WannaCry ransomware attack. In this article, you will learn: WannaCry ransomware explained WannaCry is an example of crypto-ransomware, a malicious software (malware) cybercriminals use to extort money from individuals, corporations, hospitals, utilities, and governments—basically, … Read more
  • Anti-Petya live CD (the fastest Stage1 key decoder)
    ❗❗❗ATTENTION❗❗❗ Please use the  LATEST version of the decoder, available here: UPDATE: 17-th July, a new version of Petya has been released. At the moment, there is no way to decrypt the disk. Don’t let the infection reach Stage 2! Please read the first Petya key decoder for more background information. If you open some … Read more
  • Recovery from Petya ransomware
    Victims of the Petya ransomware will be pleased to learn that there is a method to recover their files without having to connect the drive to a different computer. (I was unable to follow the original link to the sites put up by the author since they apparently are subject to time quota.) HASHEREZADE who … Read more
  • Petya – Taking Ransomware To The Low Level
    Petya is different from other popular ransomware these days. Instead of encrypting files one by one, it denies access to the full system by attacking low-level structures on the disk. This ransomware’s authors have not only created their own boot loader but also a tiny kernel, which is 32 sectors long. Petya’s dropper writes the … Read more
  • Industroyer
    The 2016 attack on Ukraine’s power grid that deprived part of its capital, Kyiv, of power for an hour was caused by a cyberattack. ESET researchers have since analyzed samples of malware detected by ESET as Win32/Industroyer, capable of performing exactly that type of attack. Whether the same malware was really involved in what cybersecurity experts … Read more
  • Edward Snowden Confirms Stuxnet Malware developed by NSA and Israel Together.
    In an interview with Germany’s Der Spiegel Magazine, American whistleblower Edward Snowden Confirmed that Stuxnet Malware was developed by NSA and Israel Together. Stuxnet made international headlines in 2010 for explicitly targeting a uranium enrichment facility in Natanz, Iran. Stuxnet was designed to make the centrifuges spin out of control and cause physical damage to the plant in Natanz. Stuxnet temporarily disabled 1,000 … Read more