Malware, Spyware, Virus, Worm, and Trojan horse

This tutorial explains the types or classes of malware. Learn what viruses, worms, spyware, and Trojan horses are, how they work and how they differ from each other.

A malware is any form of malicious code that is designed to perform a malicious task. Generally, malicious programs are created to corrupt data, crash applications, harass users, and perform many other malicious actions. A malware is classified based on the way it works. In the following section, we will discuss four classes of malware. These classes are viruses, worms, spyware, and Trojan horses.


A virus is a small executable and self-replicating computer program. The developer designs the virus in such a way that it can secretly attach to other programs. The developer attaches the virus to a legitimate application or software and shares the application on the Internet. When a user downloads and installs that application, the virus is also secretly installed on the user's computer.

Virus invokes whenever the application is invoked. Since the virus is self-replicating, it will make a copy of itself every time the application is invoked. In addition to self-replication, viruses can also include instructions to perform malicious tasks such as damaging system files, corrupting user data files, causing applications to behave unexpectedly.

Types of viruses

Viruses can be categorized by where they reside and by how they work. The most common types of viruses are the following.


Boot-sector viruses

These viruses infect the boot sector of the hard disk. Operating systems use the boot sector in the booting process. If a virus hides in the boot sector of the hard disk containing the operating system, the virus is executed when the operating system boots. This means the virus will replicate every time the machine boots.

File viruses

These viruses target executable files. They hide themselves in executable files such as .exe, .cmd, and .bat files. When a user executes an executable that contains a virus, the virus executes with the file as well. When the virus executes, it reproduces itself and damages the system in the way the virus developer intended.

Polymorphic viruses

These viruses modify themselves as they reproduce. Since a polymorphic virus changes each time when it is executed, it is the hardest virus to detect. An antivirus program can't detect it until the program knows the specific evolution algorithm.

Macro viruses

These viruses target applications that support or use scripting languages. The virus developer hides the macro virus in a file that the target application supports and sends the file as an email attachment to the user. When the user opens the attachment, the macro code executes. For example, Microsoft office supports macros. The virus developer can hide macro viruses in Microsoft document files or Microsoft spreadsheets



Worms are self-executable codes or scripts. They do not need a host application to attach themselves. Once a system is infected with a worm, the worm uses the vulnerabilities of the system to replicate itself and to spread other systems. Worms consumes system resources to slow it down.

Trojan horses

trojan horse

Trojan horses masquerade as a legitimate application. They usually trick users into divulging their credentials or sensitive information. A Trojan horse can spread from one computer to another only through user interaction such as downloading pirated software from the Internet, opening email attachments that contain Marcos, or attaching a USB drive into an infected computer.



Malware developer uses spyware to secretly monitor target systems. Once the spyware is installed on the target system, the spyware secretly monitors all activities of the user and sends them to the developer.

Differences viruses, worms, Trojan horses, and Spyware

Viruses attach with other applications or executable files. When infected files are executed, the attached virus installs on the host system. Each time when the infected application is launched, the virus replicates itself. Viruses are created to modify, corrupt, or delete the system or data files. Viruses have no remote connections. They can't be controlled from the remote system. To spread from one computer to another, they depend on host applications and user interactions.

Worms are directly installed on the target system. Once installed, they consume all available resources of the host system, causing the system to slow down. They are mainly created to slow down systems. They replicate themselves. They can be controlled from the remote system. To spread from one computer to another, they use the vulnerabilities of the host system. Worms spread faster than viruses.

Trojan horses hide in other legitimate programs. When a user installs an infected program, the trojan horse is also installed on the host system. After installation, it waits for a command from the developer. It works like a sleeper cell. It only executes when it gets a command from the developer. After execution, it gives unauthorized access and control of the system to the developer. Trojan horses do not replicate. They don't spread from one computer to another.

Spyware also hides in another program. When the user installs the infected program, spyware is also installed on the target system. After installation, it actively monitors user's activities on the host system and sends them to the developer. The developer can use them for commercial purposes without the user's consent. Spyware does not replicate and spread from one computer to another computer.

That's all for this tutorial. In this tutorial, we discussed the four most common types of malware. If you like this tutorial, please share it on Facebook and subscribe to our YouTube channel.

ComputerNetworkingNotes CCNA Study Guide Malware, Spyware, Virus, Worm, and Trojan horse