Malware vs Virus: What’s the Difference?

There appears to be a general misunderstanding among internet users about the difference between malware and viruses. The two terms are often used interchangeably and to an extent, this is perfectly fine. This article seeks to clarify the difference between them while helping to identify other common types of malware.

We spend a lot of time discussing website malware specifically, but today we are going to talk a bit more about how computer viruses and malware, in general, works and also how they vary by type.

To start with, malware is a combination of the words “malicious” and “software”. It refers to a malicious software present on exploited systems.

There is computer malware and website malware. Web-based malware (also known as website malware) is malicious code that infiltrates a website system or database. Web- based malware can be any malware targeting an online system, such as a device OS or software application. That is why computer malware and website malware are different targets.

What is the Difference Between a Virus and Malware?

A virus is often used as a synonym for “malware”, but it technically refers to one specific type of malware. A virus can infect anything from a computer, to a mobile device, to a website depending on its objective.

Common Types of Malware

While there is some overlap in the way that the different types of malware operate, each type has its specific identifiers.

Here is a breakdown of some of the most common types of malware:

Virus

A computer virus functions very much like a parasite, replicating itself infinitely or until its programmed task is complete. Its purpose is to hide within an application, so it must be activated by the user. It is more likely to be found in an application that promotes sharing (such as email), so that it can infect more systems.

It is inaccurate to use the term website virus. However, if we would like to describe a website malicious code (website malware) as a virus, it would be when it is part of a cross-site contamination (or XSS). This is when malware from one website replicates to another website in a shared server environment.

Worm

A worm has the ability to delete and/or replace something with something else. Its objective is to destroy a system as it moves along from one system to another. It can also replicate itself.

Unlike a virus though, it is autonomous—not requiring external activation. A worm has the ability to travel on its own through networks and find new locations to infect.  However, a virus needs to rely on a host application for movement. It travels by exploiting vulnerabilities within a given system and passes through the open door. If left unchecked on a server, just the activity of the worm’s movement can cripple bandwidth for all of the sites hosted within.

Trojan

A trojan is the term for any application (including web applications) that houses malware. Now the application may do what it is designed to do, but will reveal its true intentions when it releases a malware attack upon the system once activated through the installation process. A trojan horse is commonly used as a backdoor into systems.

Trojan horses usually pass as a benign or innocent looking software. Their objective is to steal information and/or provide further access into the system.

They can also be programmed to take over systems’ resources, such as core files and network bandwidth. Be wary of .EXE or .BAT files with no personalized icon or labels that seem confusing (or irrelevant to the advertised application). A telltale sign of a trojan application is if it triggers a warning from the operating system that it has no official trusted signature – for verification purposes.

Within a web environment, a good example of a trojan is a user clicking on a seemingly legitimate CAPTCHA and ending up downloading some piece of software.

Scareware

Many users have seen scareware. Unfortunately, there is enough awareness about it that it’s not as big of a threat as it used to be.

For those who don’t know, this malware generates an obnoxious (and sometimes flashing) alert that pops up on the screen to inform the user that their system is infected, urging them to purchase the advertised anti-malware product to remove it.

While they aren’t necessarily lying that the system is infected, it is their underhanded strategy that put the threat there in the first place: to scare an individual into the sale or installations of a piece of software which can itself be malicious. This strategy can also be emulated through a website, where the system is not really infected – the page just displays the same type of alert to make a person think that it is.

A lot of these shady programs are categorized by antivirus companies as “Potentially Unwanted Programs” or PUPs.

Spyware

Spyware is a type of malware that hides in the background of a system and records personal information – such as visited sites, financial information, or keystrokes. This information is reported back to the malware’s creator for personal use or used to interact with the infected user on a more personal level (more information on this in the next section). The interesting thing about spyware is that it can be used in both an illegal and legal setting.

One way that spyware can be used in a legal way is called workspace spyware. In this case, the company tracks what the employee does when using the computer. This can be for internal security reasons or just to ensure that the employees are not spending their time doing what they shouldn’t.

Spyware can definitely hide within an application and operate without consent of the system owner. If a person is not careful to read the terms of service for an application or skips through too many steps of an installation process, they can inadvertently agree to the installation of spyware without realizing it.

This type of malware also has the ability to infect an unsecured website and monitor data input, such as a contact form.

Adware and Pop-up Ads

Adware is a type of malware that usually works in conjunction with spyware. It can track a person’s browsing or purchasing habits through the spyware and then constantly display advertisements that reflect those habits in a frequent and irritating manner. It is not just limited to pushing sales though, as adware can prompt (sometimes even force) a person to click on an unwanted link or visibly and audibly promote pornographic material – simply as a means for embarrassment, depending on the agenda of the malware creator.

This type of malware can also infect a website in the same manner. One well-known example is the display of advertisements for a particular product within the header of the site, such as a Viagra knockoff.  Adware can be a type of pop-up ad commonly found on infected websites.

Ransomware

Ransomware is one of the most notorious type of malware. It takes advantage of a vulnerability found within a system, or the user downloading a trojan file to encrypt the files, so that those files cannot be understood by the system. The cybercriminal then leaves a message for the owner of the system to demand payment – usually through some kind of untraceable cryptocurrency.

Why? In order to retrieve the decryption keys built in the encryption itself. Once this is in place, not even a malware removal service can undo the damage without that privacy key, as it is the only thing that can undo the encryption. The victim must unfortunately chose to pay the ransom (with no guarantee that the cybercriminal will even uphold their end of the bargain) or restore a backup that they hopefully created before the infection. A loss of any recent updates to their site or system is unavoidable.

Ransomware can also act as a worm where it encrypts a system and demands payment but also immediately tries to do the same to nearby connected systems or spread itself through emails of the system it is affecting.

What’s the Difference Between Antivirus and Anti-Malware?

A good anti-malware program can protect a computer against malicious files infections. If you are looking for a computer anti-malware, read this test on malware protection software to help you choose one.

Malware attacks target more than computers. Cybercriminals have adapted these methods so that they are compatible with web applications as well.

Nowadays, cybercriminals target websites for their own personal profit at the expense of the site owner. But what options are available to protect a person’s priceless web presence? Well, this is where Sucuri comes in! We remove website malware.

Conclusion

While proper personal security hygiene is always strongly advised, such as hard-to-guess passwords and limited server access where it is not necessary, Sucuri’s Web Application Firewall (WAF) protects a website from all of these attacks, and our virtual patching technology protects sites from the latest attack trends. For more information on how Sucuri’s WAF works to protect a site, you can visit our website firewall page.

With good security, there is no reason to fear cybercriminals – no matter what attack method they try to use. Sucuri is here to help whether a person decides to consider one of our available security plans or not. We aim to educate anyone interested at the very least. Knowledge is the first step in defense against these attacks. And as any child of the 80s would know, “Knowing is half the battle!”



*** This is a Security Bloggers Network syndicated blog from Sucuri Blog authored by Stephen Johnston. Read the original post at: https://blog.sucuri.net/2019/06/malware-vs-virus-whats-the-difference.html