Malware vs Virus: The Differences Explained

April 1, 2021

Often used interchangeably, the terms malware and virus have two distinct meanings.

Malware, or malicious software, is an overarching term used to describe any program or code that is created with the intent to do harm to a computer, network or server.

A virus, on the other hand, is a type of malware. Its definition is limited only to programs or code that self-replicates or copies itself in order to spread to other devices or areas of the network.

Based on the above definitions, the word malware can be used to refer to any type of virus. However, the word virus does not describe all types of malware.

2021 CrowdStrike Global Threat Report

Download the 2021 Global Threat Report to uncover trends in attackers’ ever-evolving tactics, techniques, and procedures that our teams observed this past year.

Download Now

The Difference Between Malware and a Virus

Aside from the matter of self-replication, there are other important distinctions between malware and viruses. Understanding the characteristics of these two cyber threats can help the user identify the type of attack and how to best resolve it.

Attack Type

Again, malware is an overarching category of attack. It includes subcategories such as ransomware, keyloggers, trojans, worms, spyware and, of course, viruses.

While there are many types of viruses, all of them share the ability to spread through self-replication.

Method of Infection

Typically, malware attacks are initiated through phishing or social engineering techniques, as well as corrupt attachments or downloads.

Most often, viruses are spread via web application, software and email; they can also be transmitted through infected websites, content downloads and corrupt storage devices.

Attack Operations

Malware works in different ways, but most start by ensuring a means of persistent access to a system so adversaries can slip into the network any time they like. Once inside, the malware takes control of the system with the purpose of communicating back to its original sender. The information it communicates may include sensitive data, intellectual property, captured keystrokes or images from a device’s camera, among other items.

Viruses, on the other hand, are usually dormant until the victim activates the attack, either through opening an infected application, downloading a corrupt file or clicking an infected link. Once activated, the virus may complete any number of tasks that it was designed to do, including deleting files, encrypting data, taking over system functions or disabling security settings.

Attack Outcomes

The outcome of a malware attack depends on the type of attack. In some cases, like ransomware attacks, the goal of the cybercriminal is to receive payment in return for system restoration. In others, like distributed denial of service (DDOS) attacks, the hacker may have no purpose other than to disrupt operations.

Though viruses vary in terms of sophistication, the attacker’s goal is generally to damage the user’s device or the larger network. For organizations, the virus may result in disrupted operations and may cost significant sums to restore the system, but the attacker typically does not profit off the activity directly unless the virus is part of a broader malware attack, such as a ransomware scheme.

Why the Terms Malware and Virus Are Often Misused

Understanding why the terms malware and virus are often misused requires a lesson in both history and linguistics.

In the 1970s, some of the first malware attacks were referred to as viruses. People without expertise in the world of technology and cybersecurity were not aware of the technical definition and simply thought this term could be used to describe any malware attack. In the coming years, the term became more mainstream, eventually becoming a shorthand way to refer to a variety of cyberattacks.

Compounding matters, for the next two decades, computer users were bombarded with the need for cybersecurity products and services, which were usually presented as antivirus software. Though the products protected the user from other types of malware as well, the product name focused on virus protection, which reinforced the idea that viruses were the major category of attack.

Examples of Malware

Malware is an umbrella term used to describe any type of malicious software, regardless of its operations, intent or distribution mechanism. Common types of malware include:

For more information about the most common types of malware, please see our supplemental post: Common examples of malware.

Examples of Viruses

Just as there are many types of malware, there are also many varieties of viruses. That said, it is important to remember that the definition of malware is much broader and includes a wide variety of techniques and methods. Viruses, on the other hand, are similar in the sense that they all rely on self-replication to infect new hosts.

Common types of viruses include:

  • Boot Sector Virus
  • Browser Hijacker
  • Direct Action Virus
  • File Infector Virus
  • Macro Virus
  • Multipartite Virus
  • Overwrite Virus
  • Polymorphic Virus
  • Resident Virus
  • Web Scripting Virus

Technically speaking, ransomware is a type of malware. It works by encrypting the victim’s important files in demand of a payment (ransom) to restore access.

Ransomware is not a virus because it is not a self-replicating infection. However, a virus can be used as part of a ransomware attack to encrypt data or alter files in a way that makes them unusable to the owner.

Solutions to Protect Against Malware and Viruses

The best approach to protect against malware is to employ a unified array of methods including machine learning, exploit blocking, behavioral analysis and blacklisting.

The CrowdStrike Falcon® platform uses a unique and integrated combination of methods to prevent and detect known malware, unknown malware and fileless malware (which looks like a trusted program).

Machine Learning
The Falcon platform uses machine learning to block malware without using signatures. Instead, it relies on mathematical algorithms to analyze files and can protect the host even when it is not connected to the internet.

Exploit Blocking
Malware does not always come in the form of a file that can be analyzed by machine learning. Some types of malware may be deployed directly into memory through the use of exploit kits. To defend against these, the Falcon platform provides an exploit blocking function that adds another layer of protection.

Behavioral Analysis
What about fileless malware that doesn’t use an exploit kit, such as certain types of ransomware? To protect systems against these threats, the Falcon platform uses indicators of attack (IOAs), which look across both legitimate and suspicious activities to detect stealthy chains of events that indicate malware infection attempts. Most IOAs can prevent non-malware attacks as well.

Blocklisting
Falcon also allows organizations to blocklist applications, automatically preventing them from running anywhere in the organization.