The primary difference between a virus and a worm is that the activation of their host must trigger viruses. In contrast, worms are stand-alone malicious programs that can self-replicate and propagate independently after they have breached the system. Worms do not require activation—or any human intervention—to execute or spread their code.
Viruses are often attached or concealed in shared or downloaded files, both executable files—a program that runs script—and non-executable files such as a Word document or an image file. When the host file is accepted or loaded by a target system, the virus remains dormant until the infected host file is activated. The virus can run only after the host file is activated, executing malicious code and replicating to infect other files on your system.
In contrast, worms don’t require the activation of their host file. Once a worm has entered your system, usually via a network connection or as a downloaded file, it can then run, self-replicate and propagate without a triggering event. A worm makes multiple copies of itself which then spread across the network or through an internet connection. These copies will infect any inadequately protected computers and servers that connect—via the network or internet—to the originally infected device. Because each subsequent copy of a worm repeats this process of self-replication, execution, and propagation, worm-based infections spread rapidly across computer networks and the internet at large.
How Do Computer Viruses and Worms Spread?
Viruses and worms are a subcategory of malicious programs, aka malware. Any program in this subcategory of malware can also have additional Trojan functions.
Viruses
Viruses can be classified according to their method to infect a computer.
- File viruses
- Boot sector viruses
- Macro viruses
- Script viruses
Worms
Worms often exploit network configuration errors or security loopholes in the operating system (OS) or applications
Many worms use multiple methods to spread across networks, including the following:
- Email: Carried inside files sent as email attachments
- Internet: Via links to infected websites; generally hidden in the website’s HTML, so the infection is triggered when the page loads
- Downloads & FTP Servers: This May initially start in downloaded files or individual FTP files, but if not detected, can spread to the server, and thus, all outbound FTP transmissions
- Instant Messages (IM): Transmitted through mobile and desktop messaging apps, generally as external links, including native SMS apps, WhatsApp, Facebook messenger, or any other type of ICQ or IRC message
- P2P/Filesharing: Spread via P2P file sharing networks, as well as any other shared drive or files, such as a USB stick or network server
- Networks: Often hidden in network packets; though they can spread and self-propagate through shared access to any device, drive or file across the network
- What is Maze ransomware?
Maze is a strain of ransomware* that has been impacting organizations since 2019. Although one main group created Maze, multiple attackers have used Maze for extortion purposes. In addition to encrypting data, most operators of Maze also copy the data they encrypt and threaten to leak it unless the ransom is paid. A Maze ransomware infection… Read more: What is Maze ransomware? - Stealthy Linux rootkit found in the wild after going undetected for 2 yearsKrasue infects telecom firms in Thailand using techniques for staying under the radar. Stealthy and multifunctional Linux malware that has been infecting telecommunications companies went largely unnoticed for two years until being documented for the first time by researchers on Thursday. Researchers from security firm Group-IB have named the remote access trojan “Krasue,” after a… Read more: Stealthy Linux rootkit found in the wild after going undetected for 2 years
- What is OWASP? What is the OWASP Top 10?The Open Web Application Security Project maintains a regularly updated list of the most pressing security concerns. What is OWASP? The Open Web Application Security Project, or OWASP, is an international non-profit organization dedicated to web application security. One of OWASP’s core principles is that all of their materials be freely available and easily accessible on… Read more: What is OWASP? What is the OWASP Top 10?
- What is authentication?Authentication is the process of verifying identity. It requires using passwords, hardware tokens, or several other methods. In cyber security, authentication is verifying someone’s or something’s identity. Authentication usually occurs by checking a password, a hardware token, or some other information proving identity. Just as an airline worker checks a passport or an identification card… Read more: What is authentication?
- What is a DNS flood? | DNS flood DDoS attackA DNS flood is a DDoS attack that aims to flood and overwhelm a target DNS server. What is a DNS Flood? Domain Name System (DNS) servers are the “phonebooks” of the Internet; they are the path through which Internet devices can look up specific web servers to access Internet content. A DNS flood is… Read more: What is a DNS flood? | DNS flood DDoS attack
- What is click fraud? | How click bots workClick fraud fakes clicks target pay-per-click ads, boosting webpage search rankings or artificially inflating the popularity of a post. Click bots are often responsible for click fraud. What is click fraud? Click fraud is when a person or a bot pretends to be a legitimate website visitor and clicks on an ad, a button, or a hyperlink.… Read more: What is click fraud? | How click bots work
- What is a bot? | Bot definitionA bot is a software program that operates on the Internet and performs repetitive tasks. While some bot traffic is from good bots, bad bots can negatively impact a website or application. What is a bot? A bot is a software application that is programmed to do specific tasks. Bots are automated, which means they… Read more: What is a bot? | Bot definition
- What are indicators of compromise (IoC)?Indicators of compromise (IoC) are evidence left behind by an attacker or malicious software that can be used to identify a security incident. Indicators of compromise (IoCs) are information about a specific security breach that can help security teams determine if an attack has occurred. This data can include details about the attack, such as… Read more: What are indicators of compromise (IoC)?
- Heuristics DefinitionHeuristics came to public attention when Daniel Kahneman published his best-selling book “Thinking, Fast and Slow”. In it, Kahneman summarized the findings from his decades-long collaboration with his research partner Amos Tversky and got people interested in heuristics and their applications to decision-making, relationships, business, and more. What is a Heuristic? Definition A heuristic is… Read more: Heuristics Definition
- What is a zero-day exploit?A zero-day exploit is an attack that takes advantage of a mostly unknown security vulnerability. What is a zero-day exploit? A zero-day exploit (also called a zero-day threat) is an attack that takes advantage of a security vulnerability that does not have a fix in place. It is called a “zero-day” threat because the developer… Read more: What is a zero-day exploit?
- Best patch management software of 2023Free and paid tools and services for Windows and Linux The best patch management software makes managing software updates across your computing devices and IT networks simple and easy. With new software vulnerabilities and exploits appearing daily, installing Windows and application security patches as soon as they’re released is vital. Unfortunately, that’s not always easy.… Read more: Best patch management software of 2023
- Cryptography DefinitionCryptography studies secure communications techniques that allow only the sender and intended recipient of a message to view its contents. The term is derived from the Greek word “kryptos”, which means hidden. It is closely associated with encryption, which is scrambling ordinary text into what’s known as ciphertext and then back again upon arrival. In addition, cryptography… Read more: Cryptography Definition
- Russian Sandworm Hackers Impersonate Ukrainian Telecoms to Distribute MalwareNew findings show that a threat cluster linked to the Russian nation-state actor tracked as Sandworm has continued its targeting of Ukraine with commodity malware by masquerading as telecom providers. Recorded Future said it discovered new infrastructure belonging to UAC-0113 that mimics operators like Datagroup and EuroTransTelecom to deliver payloads such as Colibri loader and Warzone RAT. The… Read more: Russian Sandworm Hackers Impersonate Ukrainian Telecoms to Distribute Malware
- Chrome extensions with 1.4M installs covertly track visits and inject codeIf you’ve installed any of these extensions, manually remove them stat. Google has removed browser extensions with more than 1.4 million downloads from the Chrome Web Store after third-party researchers reported they were surreptitiously tracking users’ browsing history and inserting tracking code into specific eCommerce sites they visited. The five extensions flagged by McAfee purport to offer… Read more: Chrome extensions with 1.4M installs covertly track visits and inject code
- Just Open It“Just open it, you don’t need a password.” What is phishing? Phishing attacks are counterfeit communications that appear to come from a trustworthy source but can compromise all types of data sources. Attacks can facilitate access to your online accounts and personal data, obtain permissions to modify and compromise connected systems–such as point of sale terminals… Read more: Just Open It
- Multi-Factor Authentication: Who Has It and How to Set It UpDon’t let scammers get their hands on your sensitive information. Here’s how to secure your online accounts with multi-factor authentication (MFA), and two-factor authentication (2FA). The 2014 Heartbleed bug exposed millions of internet logins to scammers thanks to one itty-bitty piece of code. Our security nightmares have only gotten progressively worse in the years since. What’s the… Read more: Multi-Factor Authentication: Who Has It and How to Set It Up
- Yanluowang Ransomware Operators hacked Cisco to Steal Internal DataRecent reports indicate that Cisco’s corporate network was infected with ransomware from the Yanluowang group in late May. Under the threat of leaking stolen files to the online world, the threat actor attempted to intimidate the victims into making a financial sacrifice: ransom. An employee’s Box folder linked to a compromised account was only accessible… Read more: Yanluowang Ransomware Operators hacked Cisco to Steal Internal Data
- What is Remote Access Trojan (RAT)?Remote access trojans (RATs) are malware designed to allow an attacker to remotely control an infected computer. Once the RAT runs on a compromised system, the attacker can send commands to it and receive data back in response. 2022 Security ReportDemo Endpoint RAT Protection How Does a Remote Access Trojan Work? RATS can infect computers… Read more: What is Remote Access Trojan (RAT)?
- What is Smishing and How to Defend Against it?Smishing meaning and definition Smishing is a phishing cybersecurity attack carried out over mobile text messaging, also known as SMS phishing. As a variant of phishing, victims are deceived into giving sensitive information to a disguised attacker. SMS phishing can be assisted by malware or fraudulent websites. It occurs on many mobile text messaging platforms,… Read more: What is Smishing and How to Defend Against it?
- Ongoing ‘Roaming Mantis’ Smishing Campaign Hits Over 70,000 Users in FranceA Chinese threat actor named Roaming Mantis has been targeting Android users in France with the MoqHao malware in a new smishing campaign, security researchers with Sekoia warn. The campaign uses phishing SMS messages containing an embedded malicious link to trick unsuspecting victims into downloading malware on their Android devices or accessing a phishing page… Read more: Ongoing ‘Roaming Mantis’ Smishing Campaign Hits Over 70,000 Users in France
- Brand-New HavanaCrypt Ransomware Poses as Google Software Update App, Uses Microsoft Hosting Service IP Address as C&C ServerA new ransomware family dubbed ‘HavanaCrypt’ disguises itself as a Google software update app, using a Microsoft web hosting service IP address as its command and control server to circumvent detection. Detailed by security researchers at Trend Micro in a report, the ransomware is the latest in a series of malware that poses as a legitimate… Read more: Brand-New HavanaCrypt Ransomware Poses as Google Software Update App, Uses Microsoft Hosting Service IP Address as C&C Server
- Russian Hackers Using DropBox and Google Drive to Drop Malicious PayloadsThe Russian state-sponsored hacking collective APT29 has been attributed to a new phishing campaign that uses legitimate cloud services like Google Drive and Dropbox to deliver malicious payloads on compromised systems. “These campaigns are believed to have targeted several Western diplomatic missions between May and June 2022,” Palo Alto Networks Unit 42 said in a Tuesday report.… Read more: Russian Hackers Using DropBox and Google Drive to Drop Malicious Payloads
- Why is everyone getting hacked on Facebook?Social media scams are just one of the many ways cybercriminals are taking advantage of people online these days. If your social media networks are anything like mine, you’ve noticed an uptick in people getting “hacked” lately. Maybe you’ve got a weird Facebook message from someone you hadn’t spoken with in a while. Maybe your… Read more: Why is everyone getting hacked on Facebook?
- Hacker Steals Database of Hundreds of Verizon EmployeesThe database contains information that could be used in social engineering and SIM swapping attacks. A hacker has obtained a database including hundreds of Verizon employees’ full names, email addresses, corporate ID numbers, and phone numbers. It’s unclear if all the data is accurate or up to date. The motherboard confirmed that at least some… Read more: Hacker Steals Database of Hundreds of Verizon Employees
- Russian Hackers Tried Attacking Ukraine’s Power Grid with Industroyer2 MalwareOn Tuesday, the Computer Emergency Response Team of Ukraine (CERT-UA) disclosed that it thwarted a cyberattack by Sandworm, a hacking group affiliated with Russia’s military intelligence, to sabotage the operations of an unnamed energy provider in the country. “The attackers attempted to take down several infrastructure components of their target, namely: Electrical substations, Windows-operated computing… Read more: Russian Hackers Tried Attacking Ukraine’s Power Grid with Industroyer2 Malware
- StuxnetStuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built… Read more: Stuxnet
- Removing Ransomware | Decrypting Data – How To RecoverRansomware infection means that your data has been encrypted or cyber criminals are blocking your operating system. These criminals usually demand a ransom in return for decrypting the data. Ransomware can find its way onto a device in many different ways. The most common routes include infections from malicious websites, unwanted add-ons in downloads, and spam. Targets of ransomware attacks include both individuals… Read more: Removing Ransomware | Decrypting Data – How To Recover
- What is Ransomware?Ransomware is a form of Cyber Crime that threatens you and your device, but what makes this malware unique? The word “ransom” tells you everything you need to know about this pest. Ransomware is extortion software that can lock your computer and demand a ransom for its release. In most cases, ransomware infection occurs as follows. The malware… Read more: What is Ransomware?
- XE Group was exposed for eight years of hacking and credit card theft.A relatively unknown group of Vietnamese hackers calling themselves ‘XE Group’ has been linked to eight years of for-profit hacking and credit card skimming. The threat actors are thought to be responsible for the theft of thousands of credit cards per day, mainly from restaurants, non-profit, art, and travel platforms. The actors use publicly available… Read more: XE Group was exposed for eight years of hacking and credit card theft.
- Justice Dept. Brings New Charges in Ransomware Attacks – The New York TimesSome News in Recent Ransomware Attacks The Justice Department said on Monday that it had brought charges against a Russian National whom it accused of conducting ransomware attacks against American government entities and businesses, including one that temporarily shut down the meat supply giant JBS. In the Biden administration’s latest crackdown on cybercrime, the Justice… Read more: Justice Dept. Brings New Charges in Ransomware Attacks – The New York Times
- What is a Command and Control(C2/CnC) Server?Like a regular system holder, you might wonder why your system is running slower than usual. You are always getting random messages like pop-ups, something got added as an extension in your browser, and you have never used this. Your browser cannot load the page, internet connectivity is slow, and even the computer is always… Read more: What is a Command and Control(C2/CnC) Server?
- Colonial Pipeline Company – Ransomware – Gasoline ShortageWhy are people filling plastic bags and taking ill-thought-out plans with gasoline in the North-Eastern region of the United States of America? The VPN account, which has since been deactivated, didn’t use multifactor authentication, an essential cybersecurity tool, allowing the hackers to breach Colonial’s network using just a compromised username and password. It’s not known… Read more: Colonial Pipeline Company – Ransomware – Gasoline Shortage
- FBI hacks vulnerable US computers to fix malicious malwareUS justice department says bureau hacked devices to remove malware from insecure software. The FBI has been hacking into the computers of US companies running insecure versions of Microsoft software in order to fix them, the US Department of Justice has announced. The operation, approved by a federal court, involved the FBI hacking into “hundreds” of vulnerable… Read more: FBI hacks vulnerable US computers to fix malicious malware
- What is a malicious payload?Payloads are parts of cyber attacks which cause harm. Payloads can sit dormant for seconds or even months before they are triggered. What is a malicious payload? In the context of a cyber-attack, a payload is the component of the attack which causes harm to the victim. Much like the Greek soldiers hiding inside the… Read more: What is a malicious payload?
- When are email attachments safe to open?Email attachments can contain malware. It is important to confirm who sent an attachment, why they sent it, and what it will do before opening or downloading it. When are email attachments safe to open? The ability to attach files to emails is useful, but it also introduces risk. Email attachments from malicious parties may… Read more: When are email attachments safe to open?
- What are browser hijackers?A browser hijacker is a “form of unwanted software that modifies a web browser’s settings without the user’s permission.” The idea is to make users visit certain websites whether they want to or not so the hijacker enjoys higher advertising revenue. Browser hijackers may also contain spyware to obtain banking information and other sensitive data.… Read more: What are browser hijackers?
- BadRabbit: a closer look at the new version of Petya/NotPetyaPetya/NotPetya (aka EternalPetya), made headlines in June, due to its massive attack on Ukraine. Today, we noted an outbreak of a similar-looking malware, called BadRabbit, probably prepared by the same authors. Just like the previous edition, BadRabbit has an infector allowing for lateral movements, using SMB to propagate laterally. Unlike NotPetya, it doesn’t use EternalBlue… Read more: BadRabbit: a closer look at the new version of Petya/NotPetya
- Petya-esque ransomware is spreading across the worldRinging with echoes of WanaCrypt0r, a new strain of ransomware called Petya/NotPetya is impacting users around the world, shutting down firms in Ukraine, Britain, and Spain. Background Petya, created in July 2016, started off as one of the next-generation ransomware strains that utilize a Master Boot Record (MBR) locker. In the early days of ransomware, strains that… Read more: Petya-esque ransomware is spreading across the world
- What is WannaCry ransomware?Is your computer vulnerable to attack from WannaCry ransomware? Read on as we explore all there is to know about the WannaCry ransomware attack. In this article, you will learn: WannaCry ransomware explained WannaCry is an example of crypto-ransomware, a malicious software (malware) cybercriminals use to extort money from individuals, corporations, hospitals, utilities, and governments—basically,… Read more: What is WannaCry ransomware?
- Anti-Petya live CD (the fastest Stage1 key decoder)❗❗❗ATTENTION❗❗❗ Please use the LATEST version of the decoder, available here: UPDATE: 17-th July, a new version of Petya has been released. At the moment, there is no way to decrypt the disk. Don’t let the infection reach Stage 2! Please read the first Petya key decoder for more background information. If you open some… Read more: Anti-Petya live CD (the fastest Stage1 key decoder)
- Recovery from Petya ransomwareVictims of the Petya ransomware will be pleased to learn that there is a method to recover their files without having to connect the drive to a different computer. (I was unable to follow the original link to the sites put up by the author since they apparently are subject to time quota.) HASHEREZADE who… Read more: Recovery from Petya ransomware
- Petya – Taking Ransomware To The Low LevelPetya is different from other popular ransomware these days. Instead of encrypting files one by one, it denies access to the full system by attacking low-level structures on the disk. This ransomware’s authors have not only created their own boot loader but also a tiny kernel, which is 32 sectors long. Petya’s dropper writes the… Read more: Petya – Taking Ransomware To The Low Level
- IndustroyerThe 2016 attack on Ukraine’s power grid that deprived part of its capital, Kyiv, of power for an hour was caused by a cyberattack. ESET researchers have since analyzed samples of malware detected by ESET as Win32/Industroyer, capable of performing exactly that type of attack. Whether the same malware was really involved in what cybersecurity experts… Read more: Industroyer
- Edward Snowden Confirms Stuxnet Malware developed by NSA and Israel Together.In an interview with Germany’s Der Spiegel Magazine, American whistleblower Edward Snowden Confirmed that Stuxnet Malware was developed by NSA and Israel Together. Stuxnet made international headlines in 2010 for explicitly targeting a uranium enrichment facility in Natanz, Iran. Stuxnet was designed to make the centrifuges spin out of control and cause physical damage to the plant in Natanz. Stuxnet temporarily disabled 1,000… Read more: Edward Snowden Confirms Stuxnet Malware developed by NSA and Israel Together.
