Viruses, Worms, and Trojans
Compare self-replicating viruses, network-spreading worms, and disguised Trojans — understanding how each propagates and what damage it typically causes.
What Makes Software Malicious
Malware (malicious software) is any software designed to disrupt, damage, gain unauthorized access to, or exfiltrate data from systems. The term encompasses many distinct categories that differ in how they spread, what they do, and what detection techniques they evade. Security+ tests your ability to differentiate between malware types by their propagation mechanism (how they spread), payload (what damage or action they perform), and persistence mechanism (how they survive reboots). The three foundational categories are viruses, worms, and Trojans.
Viruses: Infection and Self-Replication
A virus is malware that attaches itself to a legitimate host file and requires a human action (executing the infected file) to spread. When the infected file runs, the virus replicates by injecting its code into other executables, documents, or boot sectors. Virus types include file infectors (attach to .exe files), macro viruses (embed in Office documents and run when macros execute), boot sector viruses (infect the MBR and load before the OS), and polymorphic viruses (change their code signature with each infection to evade signature-based detection).
# Virus detection evasion techniques:
# Polymorphic: changes code signature each replication
# Metamorphic: rewrites itself entirely each time (harder to detect)
# Stealth: intercepts OS calls to hide infected files
# Encrypted: body encrypted, only decryptor visible to scanner
# File infector: appends or prepends code to executable
# Macro virus: lives in Office document; runs via VBA macros
# Boot sector: infects MBR/VBR; loads before OS; bypasses AV