Computer viruses are named after human viruses that spread from person to person. A computer virus is a program made of malicious code that can propagate itself from device to device. Like a cold that alters your well-being, when your computer is infected, it alters the way your computer operates, can destroy your files, or prevent it from working altogether.
A virus typically attaches itself to a program, file, or the boot sector of the hard drive. Once the virus attaches itself to that file or program (aka, the host), they’re infected.
When the infected application or file runs in the computer, the virus activates and executes in the system. It continues to replicate and spread by attaching replicas of itself to other files and applications in the system.
A virus spreads when the infected file or program migrates through networks, file collaboration apps, email attachments, and USB drives. Once a user opens the infected file or program, the vicious cycle repeats itself all over again.
Typically, the host program continues to function after the viral infection, but some viruses overwrite entire programs with copies of themselves, which corrupts and destroys the host program altogether. Viruses can also attack data: they can disrupt access, corrupt, and/or destroy your data.
Worms are a self-replicating type of malware (and a type of virus) that enter networks by exploiting vulnerabilities, moving quickly from one computer to another. Because of this, worms can propagate themselves and spread very quickly – not only locally, but have the potential to disrupt systems worldwide.
Unlike a typical virus, worms don’t attach to a file or program. Instead, they slither and enter computers through a vulnerability in the network, self-replicating and spreading before you’re able to remove the worm. But by then, they’ll already have consumed all the bandwidth of the network, interrupting and arresting large network and web servers.
In 2017, the WannaCry worm attack caused damage worth hundreds of millions to billions of dollars. Also known as WannaCry ransomware, this attack is a hybrid of ransomware and a worm – specifically cryptoworm.
Ransomware is a type of malware that holds a user’s data hostage: it encrypts data and asks the victim to pay a ransom, betting on the user’s willingness to pay to restore the user’s data. Ransomware infections often occur through phishing campaigns.
Instead, WannaCry took advantage of a vulnerability in Microsoft’s SMB Version 1 file sharing protocol, typically used by Windows machines to communicate with file systems over a network. Those who didn’t patch SMB Version 1 learned the hard way about the perils of forgetting to patch their systems.
WannaCry leveraged EternalBlue, a Windows SMB protocol exploit, to gain access, install a backdoor, and download software – infecting the systems.
In short, WannaCry self-propagated, self-replicated, and quickly traversed entire networks, causing worldwide damage.
Here are some simple ways to protect yourself:
When a virus or worm evades your anti-virus detection software or endpoint to exfiltrate your organization’s data, Varonis can help.
Varonis DatAdvantage monitors and analyzes file and email activity – as well as user behavior. When there’s an unusual amount of lockouts that occur or a thousand files are opened in a minute, Varonis DatAlert can detect these anomalies, automate security responses, and enable teams to investigate security incidents directly in the web UI. Varonis Edge adds context with perimeter telemetry, detecting signs of attack at the perimeter via DNS, VPN, and Web Proxies.
Secure Sense is the security provider that cares. We are a team of experts with a passion for IT and protecting your organization is what motivates us daily. If you have questions or want to learn more about how we can improve your organization’s security, our services or just want to chat security please give us a shout. If you’re looking to guest blog, please send an email here.