Virus or Malware

Have you ever given up, when you were trying to explain the difference between viruses and malware? I must admit that I have. So this is my way to make up for that.

First step: simple definitions

Malware: the word comes from malicious software, so it includes everything that runs on a computer, or other device, with bad intentions. The bad intentions can be aimed at you or at your computer.

Virus: a program, or piece of code, that runs against your wish and can replicate itself.

Looking at the definitions we can learn that a virus is a type of malware, but not all malware are viruses. Well known other types of malware are RansomwareTrojans and Spyware. Besides malware, there is also Adware, which most of the time qualify as potentially unwanted programs (PUPs), and are usually easy to remove.

Replication

I put emphasis on “can replicate itself” for a reason. This is because the replication factor is very important in the definition of a virus. As we concluded that viruses are malware, but only malware that can replicate itself is considered a virus. We can distinguish between different forms of replication. Viruses can replace other files with a copy of themselves or attach their code to existing executables.

We can make a distinction in the way viruses will spread

Not a complete list, but to demonstrate the variety, here are a few of them:

  • Boot sector viruses, copied from floppy to computer, became a lot less popular, but have switched to USB, so there are still a few using this method.
  • File infectors, these viruses attach themselves to, or replace other executables, so they get run instead of, or even along with the intended program.
  • Macro type of viruses, these viruses hide in documents and execute when the document is opened. These documents can be sent by mail as attachments or offered for download on websites.
  • Viruses can also be delivered by exploit kits.

What does Polymorphic mean?

You may have seen the term polymorphic virus. This indicates that the virus replicates, but the “replica” is not an exact copy of the original. The main routine has the same payload, but the files differ in shape and size. This is a method used to avoid detection by anti-viruses that are based on file detection.

Payload

In the old days when viruses had no other goal, then to wreck havoc on a computer, they were much more common then today. The goal often was just to prove a point or demonstrate the skills of the writer. Today’s more commercial viruses can be intended to weaken your defenses, to steal information or to add the computer to a botnet. Otherwise they are very rare, because there is no commercial interest in breaking your computer.

Does Malwarebytes Anti-Malware detect viruses?

Yes, it does, but only those that are current threats. So only if there is a chance you might run into them in the wild. Also Malwarebytes Anti-Malware deletes infected files, but it can’t clean them if the virus is attached to the original file. Meaning, we detect the virus and remove the file, but we don’t take the virus out of a file and leave the clean file behind. Which is one of the reasons why we recommend to use Malwarebytes Anti-Malware together with an anti-virus solution.

Conclusion

Viruses come in many shapes and flavors, but not every malware is a virus. The most important thing however, is to be adequately protected against and to be aware of the dangers.

Recommended reading:

Techterms malware definition

Webopedia: virus definition

ABOUT THE AUTHOR

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.