Topic 26

The Malware Family

Concept

In everyday talk, almost any hostile program gets called a "virus." It is a handy word, but it hides a useful distinction: hostile software comes in several kinds, and they are told apart by two things — how they spread and what they do. A virus is only one branch of the family.

Four members come up again and again in security news: the virus, the worm, the trojan, and spyware. Once Olivia can tell them apart, a headline like "a worm spread across the hospital network" stops being a vague scary blob and starts saying something specific.

A simple way to keep them straight is to think of human illnesses. Some sicknesses need close contact to pass between people; some travel through the air on their own; some come hidden inside something you welcomed in; and some sit quietly and listen. Each malware type maps onto one of those — and then we will leave the illness picture behind and use the real terms.

The four members of the malware family — sorted by how they spread and what they do

Virus

Spreads: attaches to a file or program; travels when a person runs or shares that infected thing. Does: whatever its code says — corrupt, steal, or open a door.

Worm

Spreads: by itself across networks, with no human action. Does: copies itself relentlessly, which can clog and crash systems as it goes.

Trojan

Spreads: by disguise — looks like an app you want, so you install it. Does: whatever its hidden code intends, once you have let it in.

Spyware

Spreads: often bundled with a trojan or a bad download. Does: hides and quietly collects information, then sends it to the attacker.

What Is a Virus?

A virus is hostile code that attaches itself to a file or program — a document, an installer, an app. On its own it does nothing. It spreads only when a person runs or shares the infected thing: you open the file, the hidden code runs, and it tries to attach copies of itself to other files.

That dependence on a human is the defining trait. Like a cold that needs people to come into contact, a virus needs someone to carry it — to open, copy, or pass along the infected file. No click, no spread.

What Is a Worm?

A worm looks similar at first — it is hostile code that copies itself — but it has one crucial difference: it spreads by itself, across networks, with no human action at all. It finds other reachable computers, copies itself onto them, and from each new machine reaches out again.

This is why worms can explode across the internet astonishingly fast. Where a virus waits for a person to open something, a worm is more like an airborne illness — it travels on its own and infects whatever it can reach. That self-spreading, hands-off behavior is exactly what separates a worm from a virus.

What Is a Trojan?

A trojan does not force its way in or spread on its own. It gets in by disguise: it pretends to be something you want — a useful tool, a game, a free version of paid software — so that you install it willingly. The name comes from the ancient story of the wooden horse left as a gift, with soldiers hidden inside.

The disguise is the attack. There is no break-in to detect, because the user opened the door. A trojan is like poison hidden in a present: the danger is wrapped in something you were glad to accept.

What Is Spyware?

The first three are mostly about spreading. Spyware is defined by what it does: it hides on a device and quietly collects information — what you type, what is on your screen, where the device is — and sends that back to the attacker.

Spyware's whole goal is to stay unnoticed for as long as possible, because the longer it watches, the more it learns. It is like a hidden listening bug planted in a room: it does not announce itself, it just records and reports.

Why the Distinction Is Worth Keeping

So far: a virus needs a person to carry it, a worm carries itself, a trojan is invited in by disguise, and spyware hides and watches. Telling them apart is not pedantry — each type is caught and stopped differently, which the rest of this chapter and the defenses later in the course build on. Calling everything a "virus" flattens all of that into one word and loses the part that actually tells you what is going on.

Common Confusions

"All malware is a virus." A virus is just one branch of the family. Worms, trojans, and spyware spread and behave differently, and lumping them together hides the difference that matters.
"A worm needs me to open something." That is a virus. A worm spreads on its own across networks with no human action — that self-spreading is the exact trait that makes it a worm.
"A trojan breaks in by force." The opposite — a trojan is let in. The user installs it thinking it is something good; the disguise is the whole attack, not a break-in.
"Spyware and a trojan are the same thing." A trojan is about how it gets in (disguise); spyware is about what it does (quietly collects information). A trojan often delivers spyware, but they answer different questions.

Why It Matters

It lets you read security news accurately: "a worm spread across the network" now means something specific — self-spreading code — not just "something bad happened."
Each type connects to how it is caught and stopped, which the later defenses in this course are shaped around.
It replaces one vague scary word with a small, sortable map, so a new threat is easier to place and understand.

Knowledge Check

A piece of hostile software copies itself from computer to computer across a network on its own, without anyone clicking anything. Which type is it?

A worm
A virus
A trojan
Spyware

Olivia downloads what she thinks is a free version of a paid app and installs it herself. It turns out to be hostile. What kind of malware fits this best?

A trojan
A self-spreading worm
A virus
Spyware

What is the main difference between a virus and a worm?

A virus needs a person to carry it; a worm spreads alone
A virus steals data, while a worm never harms anything
A worm needs you to open a file; a virus travels by itself
A virus is just a harmless prank; a worm is the real threat

You got correct