What Is the Difference Between Malware and a Virus?

The terms "virus" and "malware" are often used interchangeably. However, they are technically different, so the question of malware vs. viruses is an important one.

Malware is a catch-all term for any type of malicious software, regardless of how it works, its intent, or how it’s distributed. A virus is a specific type of malware that self-replicates by inserting its code into other programs. Computer viruses have been prominent since almost the beginning of the commercial internet: The first one was created in 1982 for the Apple II, and other versions quickly followed.

Viruses spread by attaching themselves to legitimate files and programs, and are distributed through infected websites, flash drives, and emails. A victim activates a virus by opening the infected application or file. Once activated, a virus may delete or encrypt files, modify applications, or disable system functions.

Examples of malware vs. viruses

There are many different types of viruses. These are the three most common examples:

  • The file infector can burrow into executable files and spread through a network. A file infector can overwrite a computer's operating system or even reformat its drive.
  • The macro virus takes advantage of programs that support macros. Macro viruses usually arrive as Word or Excel documents attached to a spam email, or as a zipped attachment. Fake file names tempt the recipients to open the files, activating the viruses. An old but still prominent type of malware, macro viruses, remain popular with hackers.
  • Polymorphic viruses modify their own code. The virus replicates and encrypts itself, changing its code just enough to evade detection by antivirus programs.
  • Malware encompasses all types of malicious software, including viruses, and may have a variety of goals. A few of the common objectives of malware are:
  • Trick a victim into providing personal data for identity theft
  • Steal consumer credit card data or other financial data
  • Assume control of multiple computers to launch denial-of-service attacks against other networks
  • Infect computers and use them to mine bitcoin or other cryptocurrencies

The five types of malware

Besides viruses, multiple other types of malware can infect not only desktops, laptops, and servers, but also smartphones. Malware categories include the following:

  • Worms. A worm is a standalone program that can self-replicate and spread over a network. Unlike a virus, a worm spreads by exploiting a vulnerability in the infected system or through email as an attachment masquerading as a legitimate file. A graduate student created the first worm (the Morris worm) in 1988 as an intellectual exercise. Unfortunately, it replicated itself quickly and soon spread across the internet.
  • Ransomware. As the name implies, ransomware demands that users pay a ransom—usually in bitcoin or other cryptocurrency—to regain access to their computer. The most recent category of malware is ransomware, which garnered headlines in 2016 and 2017 when ransomware infections encrypted the computer systems of major organizations and thousands of individual users around the globe.
  • Scareware. Many desktop users have encountered scareware, which attempts to frighten the victim into buying unnecessary software or providing their financial data. Scareware pops up on a user's desktop with flashing images or loud alarms, announcing that the computer has been infected. It usually urges the victim to quickly enter their credit card data and download a fake antivirus program.
  • Adware and spyware. Adware pushes unwanted advertisements at users and spyware secretly collects information about the user. Spyware may record the websites the user visits, information about the user's computer system and vulnerabilities for a future attack, or the user’s keystrokes. Spyware that records keystrokes is called a keylogger. Keyloggers steal credit card numbers, passwords, account numbers, and other sensitive data simply by logging what the user types.
  • Fileless malware. Unlike traditional malware, fileless malware does not download code onto a computer, so there is no malware signature for a virus scanner to detect. Instead, fileless malware operates in the computer's memory and may evade detection by hiding in a trusted utility, productivity tool, or security application. An example is Operation RogueRobin, which was uncovered in July 2018. RogueRobin is spread through Microsoft Excel Web Query files that are attached to an email. It causes the computer to run PowerShell command scripts, providing an attacker access to the system. As PowerShell is a trusted part of the Microsoft platform, this attack typically does not trigger a security alert. Some fileless malware is also clickless, so a victim does not need to click on the file to activate it.

Antimalware and antivirus solutions

Because so many types of malware and viruses are in the wild—and cybercriminals are creating more every day—most antimalware and antivirus solutions rely on multiple methods to detect and block suspicious files. The four main types of malware detection are:

  • Signature-based scanning. This is a basic approach that all antimalware programs use, including free ones. Signature-based scanners rely on a database of known virus signatures. The success of the scanner depends on the freshness of the signatures in the database.
  • Heuristic analysis. This detects viruses by their similarity to related viruses. It examines samples of core code in the malware rather than the entire signature. Heuristic scanning can detect a virus even if it is hidden under additional junk code.
  • Real-time behavioral monitoring solutions. These seek unexpected actions, such as an application sending gigabytes of data over the network. It blocks the activity and hunts the malware behind it. This approach is helpful in detecting fileless malware.
  • Sandbox analysis. This moves suspect files to a sandbox or secured environment in order to activate and analyze the file without exposing the rest of the network to potential risk.

IT security professionals can augment their organization's malware and virus defenses by updating and patching applications and platforms. Patches and updates are especially critical for preventing fileless malware, which targets application vulnerabilities and cannot be easily detected with antimalware solutions.

Likewise, implementing and encouraging data security best practices can be valuable in preventing data breaches. Basic best practices for password management and role-based access to data and applications, for example, can minimize the odds of a hacker gaining access to a system and limit a hacker's ability to do damage if they gain access. Regular security updates for employees can also help them spot potential threats and remind employees to practice good security hygiene.

Explore more Security Awareness topics