Malware / Viruses / Worms

Computer Infection

The primary difference between a virus and a worm is that the activation of their host must trigger viruses. In contrast, worms are stand-alone malicious programs that can self-replicate and propagate independently after they have breached the system. Worms do not require activation—or any human intervention—to execute or spread their code.

Viruses are often attached or concealed in shared or downloaded files, both executable files—a program that runs script—and non-executable files such as a Word document or an image file. When the host file is accepted or loaded by a target system, the virus remains dormant until the infected host file is activated. The virus can run only after the host file is activated, executing malicious code and replicating to infect other files on your system.

In contrast, worms don’t require the activation of their host file. Once a worm has entered your system, usually via a network connection or as a downloaded file, it can then run, self-replicate and propagate without a triggering event. A worm makes multiple copies of itself which then spread across the network or through an internet connection. These copies will infect any inadequately protected computers and servers that connect—via the network or internet—to the originally infected device. Because each subsequent copy of a worm repeats this process of self-replication, execution, and propagation, worm-based infections spread rapidly across computer networks and the internet at large.

How Do Computer Viruses and Worms Spread?

Viruses and worms are a subcategory of malicious programs, aka malware. Any program in this subcategory of malware can also have additional Trojan functions.

Viruses

Viruses can be classified according to their method to infect a computer.

Worms

Worms often exploit network configuration errors or security loopholes in the operating system (OS) or applications

Many worms use multiple methods to spread across networks, including the following:

  • Email: Carried inside files sent as email attachments
  • Internet: Via links to infected websites; generally hidden in the website’s HTML, so the infection is triggered when the page loads
  • Downloads & FTP Servers: This May initially start in downloaded files or individual FTP files, but if not detected, can spread to the server, and thus, all outbound FTP transmissions
  • Instant Messages (IM): Transmitted through mobile and desktop messaging apps, generally as external links, including native SMS apps, WhatsApp, Facebook messenger, or any other type of ICQ or IRC message
  • P2P/Filesharing: Spread via P2P file sharing networks, as well as any other shared drive or files, such as a USB stick or network server
  • Networks: Often hidden in network packets; though they can spread and self-propagate through shared access to any device, drive or file across the network

  • Industroyer
    The 2016 attack on Ukraine’s power grid that deprived part of its capital, Kyiv, of power for an hour was caused by a cyberattack. ESET researchers have since analyzed samples of malware detected by ESET as Win32/Industroyer, capable of performing exactly that type of attack. Whether the same malware was really involved in what cybersecurity experts […]