Thursday, December 17, 2015

Computer Worms Vs Computer Viruses Vs Trojans



Computer worms, computer viruses and trojans have one similarity. They all are malware. But, how are worm, virus and trojan different from each other ? Let's try to understand.


What is malware ?


Malware is an abbreviated form of Malicious Software. It indicates any software which is used for malicious purposes like stealing private data, corrupting files, crashing hard disks, extorting money etc. They infect a computer stealthily, without the user's knowledge. And then spread themselves.







Worm, virus and trojan are malware. But, there are subtle differences among all these terms, though their intention is similar. So, what all are the differences among them ?

Let's start by Computer Worms.


Computer Worms


Computer Worms are malware which infect a computer without the user's knowledge, like other malware do. And then it spreads through self-replication.

But unlike Computer Virus, they do not need to attach themselves to an existing program. It often uses computer networks and spread itself taking the advantage of security vulnerability of an existing software.

They almost always cause some harm to the network, by taking lots of bandwidth if not anything else. And after infecting a computer, they can delete files, use the computer as a botnet (What is botnet ?) and use its computer resources for illegal activities, send spams (How to prevent email spams ?) or even blackmail companies by threatening about DoS or Denial of Service Attacks(What are DoS and DDoS attacks and how to prevent them ?). To give an example, Conficker malware is a good example of computer worm.


Computer Virus


Computer Viruses also infect a computer and then spread themselves to infect more computers. They normally attach themselves with other computer programs, so that, when a user executes the program in his computer, they infect the computer. Just to give a common example, Microsoft Word Document support macro so that it can execute while opening the document. A virus can attach itself to a Word Document as a macro, so that, whenever a user will open the document, the code of the virus will be executed and the computer will be infected (How does PowerSniff malware infect a computer ?).

Computer Viruses can attach themselves to data files also. For example, a virus can attach its code to a jpg file and change the name of the file to jpg.exe, so that, whenever a user will open the file, unknowingly his computer will get infected.

A virus can affect the Master Boot Record or MBR of a computer also. And when that happens, it can survive through reinstallation of Operating Systems(How does Nemesis Bootkit infect a computer ?).

Computer Viruses can perform many harmful activities like corrupting hard disks, deleting files, degrading performance of computer, display unrelated messages on computer screen, stealing private data by logging keystrokes (What are keyloggers and how to prevent them ?), spamming contacts etc.


Trojan


The word Trojan (Trojan Horses and their threats)is derived from the ancient Greek wooden horse that the Greeks used to invade Troy stealthily. Trojan programs generally tricks a user by some form of social engineering (What is social engineering and what all are the techniques used in social engineering ?) and get loaded and executed into the system. They often misrepresent themselves to appear useful, routine or interesting to the user and persuades the user to install it.

Trojans can infect a computer  by clicking on a suspicious link, opening email attachment(What is phishing and how to safeguard oneself from phishing ?), by installing software from untrusted sources or even by visiting unsafe website (What is drive by download ?). Sometimes, they even misrepresent themselves in unsafe websites as Anti-Virus software and when a user installs them, they infect the computer.

But unlike, Computer Worms and Computer Viruses, they do not self-replicate themselves.


Spyware and Ransomware are types of Trojans. Spyware infect a computer to steal sensitive private data or spy on the activities of the user. And Ransomware also do the same, but for blackmailing the user to extort money (e.g. How does Petya ransomware infect a computer and how to prevent it ?).

Trojans, when they infect a computer with elevated privileges, can do much harm. They too can corrupt hard disks, corrupt data, crash a computer, format disks, infect MBR or Master Boot Record of a computer and they can even steal sensitive private data or encrypt user files to extort money (What is Remote Access Trojan or RAT ?). To give an example, Zeus malware is a good example of trojan.


Prevention Techniques


Computer Worms, Computer Viruses and Trojans have similar prevention techniques.

  • Do not click on suspicious links.
  • Do not open suspicious email attachments.
  • Install software from trusted sources only.
  • Do not download anything from untrusted websites. (What are the security risks of using P2P File Sharing Software like BitTorrent ?).
  • Keep your operating system and other commonly used software updated with recent security patches. More updated a software is, lesser are its security vulnerabilities.
  • Very often malware infects a computer exploiting security vulnerabilities present in a browser. So, keep your browser updated with recent security patches (What are Browser Hijackers ?)
  • Keep your computer updated with a trusted security program.
  • Do not pay money if someone is trying to extort money by infecting your computer. Instead, take regular backup of your computer and keep your system updated with security patches and software.
  • Keep your online accounts protected with strong passwords(How to create a strong password that can be remembered easily ?)Do not use the same password for two different accounts. Attackers often hack one account and use the same password to hack multiple other accounts.
  • Enable 2 Factor Authentication whenever it is possible (What is 2 Factor Authentication and why should we always enable it ?)
  • Configure proper firewall in the system. It is better to prevent unnecessary applications from using the Internet when it is not needed. (What is firewall and how does it protect a computer ?)
  • You can use an Intrusion Detection System to detect and prevent malicious intrusions in your computer (What is an Intrusion Detection System ?). There are quite a number of open source IDS also which are good enough.



How to configure iptables firewall on Linux ?

What is an Intrusion Detection System and how does it work ?

What is a Backdoor and how to prevent it ?

What is a RAT or Remote Access Trojan and how to prevent it ?



1 comment:

  1. Another prevention technique is to install monitoring software such as AV (Eg. ESET Antivirus) to keep these malwares off your system.

    ReplyDelete