Viruses, Worms and Trojans: what are they and what are their differences?

Viruses… They infect millions of computers per year and also costs millions in damage. They can occur and infect a device through clicking malicious ads, downloading questionable content or through an infected drive. Many people believe that, whatever malware it is, they call it a “virus” but virus is just one of many types of malware known to infect computers and phones.

There are multiple types of malware but we’ll break it down to the most common ones. These are Viruses, Worms and Trojans. What are they? What are their differences.

To begin, let’s start with viruses…

Computer Virus

Image: CIH Virus Graphic Art, Courtesy of: LifeWire (page no longer available)

Viruses are a type of malware that infects a computer by attaching itself to different programs, files or macro programs. Most viruses remain dormant or inactive until you execute it. After execution, it will only then start releasing its payload. The payload can be harmless, such as for protests or for pranks, or it can be lethal to the system, such as intentionally crashing or causing the blue screen of death.

There are four stages in the life of a virus:

  • Dormant- Although the virus is already inside the host computer, it rests for a while and does nothing. So as long the infected program is not executed, the virus would remain sleeping. In an infected file/program, there are two types of code: one for the program itself and the other for the virus. Once the program is executed, the virus’ code will “trigger” first, which leads us to the second stage. Take note that there are viruses that do not go through this stage
  • Propagation- The virus starts doing what they do best: replicating and multiplying itself to infect drives, certain files and/or programs. Just like real-life viruses, computer viruses may mutate and change to avoid detection. For each file/program infected, there is a cloned version of the virus, which in turn would also start multiplying.
  • Trigger- The virus becomes active in this stage. The trigger stage can occur through system events, and when a virus is activated, it will release its payload, which is the last stage.
  • Execution- When a virus is activated, it will release its payload, such as, but not limited to: renaming file or file extension, deleting core folders such as System32 and editing the system registry so that, even with a factory reset, the virus remains.

In the early days of programming, viruses are hard to detect and remove, due to a lack of antivirus programs and that computers are not as common as they are today. Today, many antivirus programs have been developed and they update their virus definitions almost everyday to detect new forms of malware.

One prominent example of a deadly computer virus is the Chernobyl Virus, or the CIH Virus. The virus was written in 1998 in Taiwan by Chen Ing-Hau, a student at Tatung University. The virus costed US$1 Billion in commercial damages and about 60 million computers were infected. The virus is also known as “Spacefiller” because the virus inserts itself into existing programs with gaps in their code, thus making it resilient to computer security programs at the time. Most viruses enlarge the infected file’s size, in contrast, CIH does not.

Computer Worm

ILOVEYOU worm in action, uploaded by: OnNeutral

Computer Worms are similar in function as a virus but the difference is that computer worms can be controlled remotely and they do not rely on another program to trigger. Computer worms are its own program and can act independently.

One of the most famous examples of computer worm is the Love Letter worm, also known as ILOVEYOU or Love Bug. The program was written on 4th May 2000 by AMA Computer College student Onel De Guzman, a Filipino student. The worm was one of the most destructive in the world and that it infected even the Pentagon. The worm costed around US$8 billion in total commercial damages.

Last May 2020, the original author of the worm was located. He said that he wrote the worm to steal internet access passwords because he could not afford internet at the time. He also admitted that the co-author Reonel Ramones, has nothing to do with it, therefore clearing his name as an accused co-author

Trojan Horse

Between a worm and a virus, trojans are the most different among the three. Trojans are a type of malware known to steal information such as passwords, location, bank info and ISP. They have many forms including: adware, spyware, ransomware and rogue antiviruses

Trojan horses infect a computer without the host or the user knowing. Unlike viruses and worms, they infect a computer silently and, without you knowing, they already have stole important information.

Trojan Horses are the most common type of malware today. Most trojans infect Windows-based PCs but can also infect other devices running Android, iOS or MacOS.

The most prominent example of a trojan that took the world by storm is the WannaCry ransomware. It is similar to another ransomware, named Cryptolocker, in which the trojan “locks” or encrypts your files and then asks for a ransom for them to be released. With the files encrypted, the user cannot access them, or becomes corrupted up until they pay the ransom. This is usually very expensive, and mainly use bitcoins as a mode of payment. As of today, the total value of BTC is approximately $54,000, or about PHP2.6 million. Wannacry demanded an equivalent of US$300 in Bitcoin.

The WannaCry trojan that infected millions of computers in 2017

The ransomware also demanded to pay within 3 days or the ransom will be doubled. Also, if a user does not pay within 7 days, all files encrypted will be gone forever (although there were reports of paid users saying that, even after paying, files were not restored). The ransomware spread so fast that Microsoft had to release security patches to older versions of Windows that are already in their end-of-life, such as Windows XP.

Although the outbreak was short, (lasting only three days due to a discovery of a kill switch) it infected about 200,000 computers in 150 countries. The most affected were Russia, Ukraine, India and Taiwan. The trojan even forced the TSMC (Taiwan Semiconductor Manufacturing Company) to temporarily halt production in 2018 when a new variant was discovered.


Now that you know the differences between the three, how do you protect yourself?

The first thing is to be wary of things you click. Do not download files from suspicious links, such as pop-up ads, typosquatted websites and fake download buttons. Remember that these download buttons are often poorly-designed and are usually animated and in 3D, that they are ads themselves. To know which download button is legit, hover (but do not click) to the download button and look at the bottom-left of your browser. This displays the link to which the download button is connected to.

Antivirus applications are good countermeasures to known exploits and malware. Many of them come free with the option of removing infected files they have detected. Although some are paid that come with extra features such as online shopping security, browser firewall and typosquatter protection. They run silently on your PC and can detect most malware before it starts its payload.

Check for files in the email. Viruses often end in .EXE file extension. .EXE are executables, and executing the program is the most common way a virus can infect. If a file looks like a text file but contains .EXE (for example: example.txt.exe), then do not click. Legitimate programs such as games, Office applications and multimedia programs are available through their official websites.

You probably have seen this one. There are scareware ads on phones and computers saying that your computer has been infected and that you need to clean it. Do not be fooled, these are just ads so that you install their program into your phone or computer. Some of them might have malicious code injected or are trojans.