Malware Defined: Viruses, Worms, Trojan Horses

In this article and the next few, I'm going to look at several types of malicious computer programs and behavior. Because these malicious programs and behaviors are so widespread, it's important for every user (even developers) to be aware of them and prevent infection on their own computers and potential distribution to others.

A computer virus is a program that tries to alter the behavior of the computer without the user's permission. The virus might attempt to overwrite data, change the way another program operates, or damage the system by altering key operating system files. Although not all viruses are malicious in intent, the idea of causing a program to do something on someone else's computer without their explicit permission is always wrong, even if the program intends to do no harm. Over the years, as viruses and other malicious software has become more widespread, the term "virus" has often been slightly misunderstood and is often used to describe other threats.

The difference between a worm and a virus is subtle. To be a virus, a program just needs to execute itself and replicate itself. For example if you get infected by a Word macro virus, what makes it a virus is that it runs as soon as you open an infected document and that it will attempt to infect other Word documents - replication. Another trick viruses use to run themselves is to partially or completely replace another legitimate program with their own code, so they next time the user tries to run the desired program, the virus code will run. Up until a few years ago, viruses were mainly spread though infected files on floppy disks, when a user took a disk from one machine to another. Now, with the internet, viruses can spread much faster if a user gets an infected file through email, the web, or other internet sources.

To be a worm, the program needs to try to make copies of itself from one place to another. In today's environment, most worms attempt to spread through email. So, if your Word macro virus attempts to access your Outlook contacts to email itself to everyone you know, then it is a worm as well as a virus.

Until the mid-to-late 90's, most malware was written in a stanard programming language, like any other application, to be compiled and executed. But, with the advent of Word and Excel and their huge user-base and build in macro programming language (VBA - Visual Basic for Applications) malicious coders found they could use VBA and Word or Excel to do their dirty work. Today, many of the most damaging worm and virus threats are built to attack Word and Excel.

Trojan Horses pretend to be something they aren't. In the truest sense of the "Trojan horse" analogy (remember, the original Trojan horse was a giant wooden gift horse with soldiers hiding in it) freeware programs that install hidden applications are the truest form of Trojan horse applications. Simpler Trojan horses just claim to be one thing (a picture viewer for example) when they are actually another (code that will overwrite your boot sector for example.) Trojan horses don't run on their own like a virus does, they rely on tricking the user to run them. They also don't replicate themselves. A Trojan horse could incorporate a worm as well if once the user launch the Trojan horse, it attempts to send itself to other computers.

Luckily, any computer user can easily protect themselves from all of these types of software by following a few simple steps:

1. The first step in protection is installing and running a current anti-virus software program. Although this software is called anti-virus, most of these applications also protect against worms. Most anti-virus software now has the ability to checking incoming and outgoing email (through popular email programs like Outlook), to protect you against receiving or spreading unwanted computer problems through email. Since Word and Excel documents are such popular targets, most anti-virus software also specifically interfaces with these for protection.
2. The second step is to keep your anti-virus software definitions regularly updated. This will protect you as new viruses and worms are discovered. Most anti-virus software has a feature to automatically update your definitions periodically and it's good practice to set this to update at least once a week.
3. Next, you should be very careful in opening email. If you get an email with an attachment from a sender you don't recognize, don't open the attachment. Even if the sender is someone you do recognize, if you aren't expecting an email with an attachment from them, if the wording of the subject or message seems strange for that person to send you, don't open it without first checking with them to verify it is legitimate.
4. For protection from trojan horses, be careful if you download and install any software from the internet. If you do, be sure you are always downloading it from a reputable site you can trust. Several sites offer reviews of the software you can download, read the reviews to see if other users have registered any complaints about trojans or freeware in the software you are planning to install. Most major anti-virus software also now provides some protection against trojan horses.

If you follow these few simple rules, it's actually very hard to get a computer virus, worm, or trojan horse anymore. The most often ignored rule is #3 about opening suspicious email. When a new email worm makes the rounds, it will spread quickly, in hours or days infecting tens of thousands of computers or more. Until your anti-virus software vendor releases a new definition to protect against the new threat (and you update your antivirus software to install it) your computer can be vulnerable to a new infection. Being suspicious about email will help you.

In the next installment, I'll show you how spam, spyware, and adware are more than just annoyances.

For further reference see:

• Symantec Security Response Glossary

Jim Minatel is a freelance writer for Developer.com in addition to working with Wiley and WROX publishing.