What is the Difference Between a Virus, a Trojan, a Worm, a Rootkit?

Almost everyone has heard of the terms spyware, malware, virus, trojan horse, computer worm, rootkit, etc, etc, but do you really know the difference between each of them? I was trying to explain the difference to someone and got a bit confused myself. With so many types of threats out there, it is difficult to keep track of all the terms.

Virus, Trojan, Worm

In this article, I am going to go through some of the most important ones we hear all the time and tell you the differences. Before we begin, however, let's get two other terms out of the way first: spyware and malware. What is the difference between spyware and malware?

Spyware, in its original meaning, the basic purpose of a program that installs itself on a system without your permission or clandestinely bundled with a legitimate program that collected personal information about you and then sent it to a remote computer. However, spyware eventually went beyond computer monitoring and the term malware began to be used interchangeably.

Malware is basically any type of malicious software intended to harm the computer, collect information, gain access to confidential data, etc. Malware includes viruses, Trojans, rootkits, worms, keyloggers, spyware, adware, and pretty much anything you can think of. Now we are going to talk about the difference between a virus, Trojans, worms, and rootkits.

Virus

Although viruses seem like the majority of malicious programs found these days, not really. The most common types of malware are Trojans and worms.

So what is a virus? It is basically a program that can spread (replicate) from one computer to another. The same is true for a worm as well, but the difference is that a virus usually has to inject itself into an executable file in order to run. When the infected executable runs, it can then spread to other executable files. In order for a virus to spread, it usually requires some kind of user intervention.

If you've ever downloaded a file attached to your email and it ended up infecting your system, it would be considered a virus, since the user is required to actually open the file. There are plenty of ways that viruses cleverly insert themselves into executable files.

One type of virus, called a cavity virus, can get inside the most-used sections of an executable file, so it doesn't corrupt the file or increases the size of the file.

The most common type of virus today is the Macro Virus. These are sadly viruses that inject Microsoft products like Word, Excel, Powerpoint, Outlook, etc. Since the Office is so popular and it is on the Mac obviously it is the smartest way to spread a virus if that is what you are looking to accomplish.

Troy Horse

A Trojan Horse is a malware program that does not attempt to replicate itself but instead gets installed on a user's system by posing as a legal software program. The name obviously comes from Greek mythology since the software is presented as harmless and therefore tricks the user into installing it on their computer.

Once a Trojan is installed on a user's computer, it does not attempt to inject itself into a file like a virus but instead allows hackers to remotely control the computer. One of the most common uses of a computer infected with a Trojan is as part of a botnet.

A botnet is basically a bunch of machines connected through the Internet, which can then be used to send spam or to perform certain tasks, such as Denial of Service attacks, that have websites.

When I was in college in 1998, a crazy popular Trojan Horse at the time was Netbus. In our bedrooms, we have used to install it on computers and play all kinds of jokes on each other. Unfortunately, most Trojan Horses will crash computers, steal financial data, log keystrokes, view your screen with your permissions, and much more devious things.

Computer Worm

A computer worm is like a virus, except that it can self-replicate. Not only can it replicate itself without the need for a host file to inject itself into, but it typically also uses the network to spread. This means that a worm can do serious damage to a network as a whole, while a virus usually targets files on the infected computer.

All worms come loaded or unloaded. With no load, the worm has just replicated itself across the network and eventually slows down the network, due to increased traffic caused by the worm.

A worm with a payload will replicate and try to perform some other tasks like deleting files, sending emails, or installing a back door. A back door is just one way to bypass authentication and gain remote access to the computer.

Worms spread mainly due to security vulnerabilities in the operation of the system. This is why it is important to install the latest security updates (We'll recommend installing Endpoint Security Software) for your operating system.

Rootkit

A rootkit is a malware that is extremely difficult to detect and that actively tries to hide the user, the operating system, and any anti-virus / anti-malware programs. The software can be installed in any number of ways, including exploiting a vulnerability in the operating system or by gaining administrator access to the computer.

After the program has been installed and as long as you have administrator privileges, the program will then go over the one it was hiding and altering the currently installed operating system and software to avoid detection in the future. Rootkits are what you hear if you disable your antivirus or install in the operating system, with which your only option is sometimes to reinstall the entire operating system.

Rootkits can also come with payloads from which other programs, such as viruses and key loggers, hide. To get rid of a rootkit, no need to reinstall the operating system requires users to boot from an alternate operating system first, and then attempt to clean the rootkit or at least copy critical data.

We hope this short summary gives you a better sense of what the different terminology means and how they relate to each other. If you have anything to add that I have missed, feel free to post in the comments. To enjoy!

Comments