Difference between Virus, Worm and Trojan

The words Trojan, Virus and Worm are often used synonymously but all the three differ in practice. They are all malicious programs that can cause damage to your computer infrastructure and form part of the Malware family. Malware is hostile, intrusive, and annoying software. It is designed to harm or secretly access a computer system without the user’s consent.

The Malware in most cases is downloaded from the internet when legitimate websites get compromised, leading to infections on visiting systems. In other cases, a drive-by downloading infects the system, usually via Java vulnerability delivered through adware, pop-ups, or similar applications. Peer-to-peer applications are often compromised to distribute malware. Malware is a broad category and includes spyware, adware, virus, worms, etc.

Viruses and Worms are the most widespread Malware both of which are able to self propagate. The difference between them is that a worm operates more or less independently of other files, whereas a virus attaches itself to a larger software which acts as a host.

You might like: SC lifts ban on cryptocurrencies

What is a Virus

A virus is a self-replicating program that reproduces its code by attaching copies into other executable codes (host files) and then activates on some sort of trigger event (such as a specific user task, a particular time, or an event of some sort). The virus may exist on your computer but it cannot infect your computer unless you run or open the malicious program (trigger event). The term ‘computer virus’ was introduced for first time in 1984 in a thesis by American scientist Fred Cohen. Cohen described computer virus as a “program that can ‘infect’ other programs by modifying them to include a possibly evolved copy of itself. With the infection property, a virus can spread throughout a computer system or network using the authorizations of every user using it to infect their programs. Every program that gets infected may also act as a virus and thus the infection grows.”

Viruses require human interference to spread from one device to another device i.e, they propagate when the software or document they are attached to is transferred from one computer system to another by the user. Similar to how each biological virus has a different impact on the human body, each computer virus impacts different parts/components of the computer system.

The first known computer virus, Brain, is allegedly written by two Pakistani brothers, Basit Farooq Alvi and Amjad Farooq Alvi. The Alvi brothers wrote the code to address the issue of pirated copies of a computer program they had written being circulated by their customers. Brain infected the boot sector of the floppy and even displayed the brothers names and contact numbers for vaccination. The brothers now run a company by name Brain Telecommunication Ltd in Lahore.

Few virus types are as follows:

1. Ransomware: This locks users out of their own system and demands an online payment for unlocking. The “family” includes examples such as Cryptorbit, CryptoLocker, CryptoDefense, and police-themed.
2. Boot sector virus: This virus type actually moves the boot sector to another location on the hard drive, forcing the virus code to be executed first.
3. Shell virus: Working just like the boot sector virus, this variant type wraps itself around an application’s code, inserting its own code before the application’s. Every time the application is run, the virus code is run first.
4. Cluster virus: This virus modifies directory table entries so that user or system processes are pointed to the virus code itself instead of the application or action intended.
5. File extension virus: These viruses modify file extensions of files. WannaCry is one such malware that modifies the file extensions.
6. Multipartite virus: Attempts to infect both files and the boot sector at the same time. This generally refers to a virus with multiple infection vectors.
7. Macro virus: This virus type infects template files created by Microsoft Office, normally Word and Excel.
8. Polymorphic code virus: This virus type mutates its code using a built-in polymorphic engine. These viruses are difficult to find and remove because their signatures constantly change. No part of the virus stays the same from infection to infection.

What is a worm?

A worm is a self-replicating malware computer program. The worm uses a computer network to send copies of itself to other systems without human intervention. Worms are standalone software and do not require a host program or human help to propagate. Worms reside in active memory and duplicate itself without modifying the files, but consuming up resources. A well-known and most devasting worm in recent times is WannaCry which is also a ransomware attack. The ability to self-propagate without human interaction and without requiring a host file or program meant it is classified as a worm rather than a virus. The Christmas tree worm that paralysed the IBM worldwide network in 1987 was first known disruptive worm. The worms, these days are often created with aid of nation-state sponsorship to combat in modern-day digital warfare. Stuxnet worm which devastated Iranian nuclear facilities in 2010 is said to be the first such digital weapon.

Stuxnet was a 500-kilobyte computer worm that infiltrated numerous Iranian computer systems. The worm first, analyzed and targeted Windows networks and computer systems. The worm, having infiltrated the machines, began to continually replicate itself. The replication process was so invasive that if a USB was plugged into an affected system, the worm would infiltrate the USB device and spread to any subsequent computing systems that the USB was plugged in to. Next, the machine infiltrated the Windows-based Siemens Step7 software. By compromising the Step7 software, the worm gained access to the industrial program logic controllers. The worm’s creators got access to crucial industrial information as well as the ability to operate various machinery at the individual industrial sites. The worm attack resulted in a huge number of uranium enriching centrifuges to break.

What is Trojan?

A Trojan is software that appears to perform a desirable function for the user prior to running or installing it but instead performs a function, usually without the user’s knowledge, that steals information or otherwise harms the system. The name is inspired by the Greek mythology Trojan War. The term was first used in the context of computer security vulnerability by security pioneer Daniel Edwards during his time at National Security Agency (NSA). A trojan can replicate itself and thus be either a virus or a worm, or both. Trojans come in a number of variants and use.

A Trojan when executed often open up “back doors”, providing access to the machine to intruders. The function of a back door is to let the malicious elements gain access by circumventing normal system protection. One such example of a trojan attack happened for the first time at George Mason University in February 1997. An unknown user inserted a trojan in the university’s computer systems and whenever a user opened Netscape Navigator, a protest email message was sent to the local security review panel. After a number of students complained about receiving email replies to messages they had not sent, the problem was tracked down to a trojan.