The digital world mimics and uses many things from our nature. Computer viruses and worms are vivid examples of such mimicry. This post briefly describes the computer viruses and worms, compares and highlights their differences.
Both, computer viruses and worms are harmful programs or malware, which can affect any digital asset such as data, information systems, hardware devices, networks, and other IT infrastructure components. Although they have many similarities, viruses and worms are different caregories of malware.
Computer viruses, similar to natural viruses can not live and function alone and need a host program (organism) for the replication. We can think of viruses as programs with incomplete code, which can function only when their code is incorporated into another executable program. A virus is activated when the user intentionally or unintentionally runs the infected program, for example, inserts the infected USB into the computer with autorun enabled or runs the infected email attachment. After the activation, the virus starts infecting other executables as well as runs harmful functions which cause data loss, unwanted modification, or malfunction of hardware equipment. The spread of the virus mostly happens manually, with the involvement of the human factor. Transmission from the domain to the domain occurs through infected USB devices, email attachments, or common file shares.
Worms, in comparison with viruses, do not need a host program to operate and replicate over the networks and systems. They invade into the computers automatically, through the network interfaces without the involvement of humans. It happens when the worm scans the networks and finds out the vulnerabily (security hole) of the target system. Further, it uses (exploit) this vulnerability to gain access to the target system. Vulnerabilities are created accidentally by software developers during writing a program or developing an operating system. After gaining control over the compromised program worm starts scanning other computers, to reveal similar vulnerabilities. In most cases, worms are considered to be more dangerous, as the infection of systems happens silently, without human interaction.
Nowadays, it is difficult to observe only computer viruses or worms as described above in their definitions. More often, cybercommunity reveals threats that combine the functionality of the worm and virus in one program. One of the most known examples is the Stuxnet, which caused the damage of Iran’s nuclear centrifuges of Natanz uranium enrichment plant in 2010. Stuxnet is a multimodule worm that infects computers running on Microsoft Windows through USB sticks. Another example of a combined threat is the WannaCry worm which spreads and encrypts the computer disks with further requesting a ransom for the decryption of information. In 2017, WannaCry caused substantial financial damage estimated at $4 billion in losses across the globe.
Conclusions
Computer viruses and worms are both malware categories. They are mostly similar but have well-defined distinctions. Viruses need an executable host to run and replicate. Worms are autonomous programs, which replicate automatically, without human involvement. Worms are more dangerous because they spread invisibly. However, the level of danger depends on the particular type of virus or worm. Nowadays, viruses and worms are combined into sophisticated threats, with greater potential for damage.
Davit's Blog 