Malware vs. virus: the difference, and why it matters, explained

According to a recent study on the state of malware, 60% of businesses see malware and ransomware attacks as an extreme threat. They have good reason to do so, with these types of attacks steadily growing in terms of both sophistication and payday for cybercriminals.

Looking at the claims data from policyholders, cyber insurance firm Coalition reported a 47% jump in average ransom demand from just over $230,000 in the first quarter of 2020 to $338,669 in the second. Actual ransomware payouts also skyrocketed from just over $84,000 at the end of 2019 to more than $233,817 in the third quarter of 2020, ransomware negotiation company Coveware found.

But that’s only part of the total cost of such an attack, writes CSO’s Jaikumar Vijayan, and for organizations that refuse to accede to extortion attempts, it’s not even a factor. What is, however, is the time it takes for them to recover from it, which averages at 50 days. According to penetration testing platform developer Cobalt, this pushes the price tag of a malware attack to over $2.5 million.

In this article, we’ll explore what malware is, why it so often gets mixed up with “virus” and why it shouldn’t, plus tips on how to detect and ward off malicious software attacks.

“All bugs are insects, but…”: the difference between malware and virus

What is malware on a computer – or any device really? Broadly speaking, it means software or firmware that performs unauthorized actions with the intention of harming the confidentiality, integrity, or availability of an information system, including its data, applications, or operating system.

So is malware a virus? The virus vs. malware dilemma is very much like the bugs vs. insects one. That is, all viruses are malware, but not all malware is a virus. Malware, short for malicious software, is an umbrella term that refers to any program or code specifically created to wreak havoc on a computer, network, or server. Viruses make up a subset of malware.

As per the definition of the National Institute of Standards and Technology at the US Department of Commerce, a virus is a "hidden, self-replicating section of computer software, usually malicious logic, that propagates by infecting – that is, inserting a copy of itself into and becoming part of – another program". Much like their biological counterparts, they require a host to survive.

Why do people sometimes use them interchangeably? For the very same reason why we still say “hang up” for ending a phone conversation, even though most of us would probably have a hard time remembering the last time (or any time) we finished a telephone call by putting an earpiece back into its holder. In other words, old habits die hard.

As cybersecurity software company Avast points out, the first instances of malware came about in the 1970s and were dubbed “viruses”. So naturally, the first antimalware programs of the 1980s and 1990s became known as “antivirus” – because that was the most important threat they helped users fend off. Since then, cyber risks and the programs that defend against them have both come a long way – but the name has stuck.

The anatomy of malware: examples and how they work

The two most common ways to categorize malware, Josh Fruhlinger explains on CSO, are how the software spreads and what it does once it has found its way into a computer, network, or server.

In the first categorization, three different types of malware emerge.

● Viruses refer to a piece of malicious computer code that inserts itself within the code of another standalone program without the user’s knowledge or permission, then forces its host to carry out destructive activity.

● Similarly to viruses, worms are designed to spread from one computer to another and create disruption in their wake – with one notable difference. They can self-replicate and spread independently without a host program or human interaction.

● Trojans give malicious actors backdoor access to a business’s systems and sensitive data. As their name suggests, Trojan horses make their way into computers disguised as legitimate programs that users want and go undetected for a long period – until it’s already too late.

If we look at what they do rather than how they get around, the main categories of malware include spyware, ransomware, adware, and rootkit.

● Spyware is a type of malicious code that is covertly installed into an information system to gather information on users without their knowledge. A subset of spyware is keyloggers which monitor and record every single key pressed on a keyboard, whether it’s a computer or an Apple iPhone.

● Ransomware is an alarmingly common malware attack example – as per Verizon’s Data Breach Investigations Report, the number of such incidents doubled in frequency to make up 10% of all breaches in 2021. Here, the victim’s computer usually gets locked by encryption and their data is held hostage until a ransom is paid.

● Rootkits give hackers admin status of an operating system, which makes them notoriously hard to detect.

● Adware usually piggybacks onto freeware or shareware that a user downloads, then displays in-browser ads to earn money for their creator.

In terms of delivery, all of the above might as well be classified into a single category: email malware. According to Deloitte, 91% of all cyberattacks begin with a phishing email to an unsuspecting victim. Fruhlinger points out: “With spam and phishing email being the primary vector by which malware infects computers, the best way to prevent malware is to make sure your email systems are locked down tight – and your users know how to spot danger.”

From macro to packers: a brief introduction to computer virology

In terms of delivery, all of the above might as well be classified into a single category: email malware. According to Deloitte, 91% of all cyberattacks begin with a phishing email to an unsuspecting victim. Fruhlinger points out: “With spam and phishing email being the primary vector by which malware infects computers, the best way to prevent malware is to make sure your email systems are locked down tight – and your users know how to spot danger.”

● Macros are the least sophisticated ones and are usually embedded code into data files, such as documents and spreadsheets.

● Polymorphic viruses are on the more complex side, doing their “job” slightly differently each time the code runs to avoid detection.

● Resident viruses nest in the computer memory and activate whenever the operating system loads or performs a specific function.

● Boot sector viruses are startup file infecting viruses, which run at bootup before the security layers are engaged.

● Multipartite viruses are, in the simplest of terms, all of the above, capable of infecting several parts of a system, from memory to files.

In terms of how they fit into the larger picture of the cyberattack, computer virus examples include droppers, beacons or payloads, packers, and command and control viruses.

● Droppers are a type of Trojan whose sole mission is to install malware and malware components into the targeted system, including beacons.

● Also called payload, a beacon serves as a direct communication channel between the compromised network and the threat actor.

● Packers are the milk chocolate shell to the trojans’ Kinder Surprise, except their yellow capsule usually hides a payload.

● Command and control is the mission control of a cyber attack, allowing attackers to maintain communication with the compromised device or network and exploit them.

Why is malware dangerous? 3 reasons to stay vigilant

1. There’s no such thing as harmless malware

Let’s take adware as an example. At best, it drains system resources, puts a brake on internet speed and spams users with pop-up ads. But all it takes is one of them to click on an ad with a phishing or spoofing link and there you have it: a full-blown cybersecurity liability.

2. They can shut down your entire network – or worse

Just last year, Colonial Pipeline went offline after falling victim to a grandiose ransomware attack orchestrated by a hacker group called DarkSide. The result? A hundred gigabytes of data stolen, $4.4 million paid in ransom, and 17 US states declaring a state of emergency.

3. Your reputation will recover slower than your infrastructure

Customer loyalty is hard to earn but easy to lose. In the wake of a massive hacking attack against ISP TalkTalk, the UK-based connectivity provider was left with a bill of £40-45 million in financial costs and a £15-million trading impact, plus a customer base drop of 100,000.

“Do I have viruses on my computer?” 8 ways to tell and tips for prevention

Is your computer acting strange? Look for these signs to find out if it might be caused by malware:

● Unusually slow computer or app startup or performance

● Problems shutting down or restarting your computer

● Sudden system crashes and frequent error messages

● Icons and toolbars you didn’t add to your PC

● Unremovable software that you didn’t download

● Lots of pop-ups or ads with inappropriate content

● Emails sent from your accounts without your knowledge

● New default search engine or tab opens in your browser

If the answer to any of the above questions is yes, don’t panic. Follow these steps to navigate back to safety, courtesy of the Federal Trade Commission:

1. Stop any activity that requires you to enter login credentials, credit card details or any other sensitive information until the malware is removed.
2. Check if you have security software on your device, such as anti-malware and antivirus, or malicious software removal tools.
3. Make sure your software is up to date, including your PC’s operating system and security software as well as all applications installed.
4. Run a full manual scan on your device for malware and remove anything that gets flagged, especially if you don’t recognize it.
5. Re-run the scan once you’re done cleaning up and deleting viruses. Remember to restart your device for the changes to take effect.
6. Reinforce your defense. Set your security software, browser, and operating system to update automatically and never weaken default security settings.

Supercharge your protection against malware: how Tresorit can help

An end-to-end encrypted content collaboration platform, Tresorit empowers you to:

● Make your cloud a safer place for users

Every file and relevant metadata on our users’ devices are encrypted with randomly generated encryption keys. Accessing files is only possible with a user’s unique decryption key that no one else, not even Tresorit, has knowledge of.

● Stay in control of what happens to your data

Implement organization-wide data protection measures for collaborating on files, including controlling who has access to what data, logging file activities, and creating internal security policies for data management.

● Encrypt attachments in Gmail and Outlook

Integrate Tresorit with Google Workspace or Azure Active Directory and Office 365 and allow users to replace risky email attachments with encrypted share links and password-protected files using their existing email addresses.

● Set up and enforce enterprise security policies in one place

Apply policy templates, including 2-step verification, IP filtering, timeout policies, and sharing policies, to a set of users, create different policies for each template and modify these policies at any moment through a single interface.

● Keep access secure and limited

Decide which devices are allowed to access which files and from where users are allowed to log in. Manage files and tresors at a granular level, making them accessible only to those who need them, and limit file downloads or revoke access at any time.