What are Viruses, Worms, and Trojans?

The examples of malware are everywhere: In November, it was reported that malware was used to steal information about one of Japan's newest rockets and upload it to computers controlled by hackers. Critical systems at two US power plants were recently found infected with malware spread by USB drives. Malware known as "Dexter" stole credit card data from point-of-sale terminals at businesses. And espionage-motivated computer threats are getting more sophisticated and versatile all the time.

In this Weekly Security Tip, we'll cover the basics for those who may not be familiar with the different types of malware that can affect computers. Malware comes in a variety of types, including viruses, worms, and Trojans.

Viruses

Viruses are programs that can replicate themselves in order to spread from computer to computer, while targeting each PC by deleting data or stealing information. They can also change the computer's behavior in some way. "Almost all viruses are attached to an executable file, which means the virus may exist on a system but will not be active or able to spread until a user runs or opens the malicious host file or program," Cisco notes. "Viruses spread when the software or document they are attached to is transferred from one computer to another using the network, a disk, file sharing, or infected e-mail attachments."

Worms

Worms are similar to viruses in that they replicate themselves to spread from machine to machine. Cisco says the main difference is a "worm operates more or less independently of other files, whereas a virus depends on a host program to spread itself." Worms spread easily and are likely to cause harm not just to individual PCs but to entire computer networks.

Trojans

Trojans do not replicate themselves, unlike viruses and worms. They are named after the Trojan horse of ancient Troy because they disguise themselves as legitimate, harmless programs to convince users to install them. "After it is activated, it can achieve any number of attacks on the host, from irritating the user (popping up windows or changing desktops) to damaging the host (deleting files, stealing data, or activating and spreading other malware, such as viruses)," Cisco writes. "Trojans are also known to create back doors to give malicious users access to the system."

Certain types of attacks combine attributes of viruses, worms, and Trojans into "blended threats" that combine features of viruses, worms, and Trojans.

RESOURCES

http://arstechnica.com/security/2013/02/viruses-trojans-and-worms-oh-my-the-basics-on-malware/
http://arstechnica.com/security/2012/11/malware-siphons-data-on-new-rocket-from-japanese-space-agency/
http://arstechnica.com/security/2013/01/two-us-power-plants-infected-with-malware-spread-via-usb-drive/
http://arstechnica.com/security/2012/12/dexter-malware-steals-credit-card-data-from-point-of-sale-terminals/
http://arstechnica.com/security/2013/01/why-red-october-malware-is-the-swiss-army-knife-of-espionage/
http://www.cisco.com/web/about/security/intelligence/virus-worm-diffs.html

Security tips are brought to you by the CTS SOC. The mission of the CTS SOC is to provide centralized information sharing, monitoring, and analysis of Washington State security posture. Contact us at: soc@cts.wa.gov.