Malware is any program or code that causes a computer to behave in a manner not intended by the user. Many types of malware are often called viruses, although they have few if any of them have the necessary qualities to be in the virus category, most importantly self-replication. Worms may fall into the same category as viruses as they are self-replicating, but trojans, spyware, adware and jokes are not. There is a great deal of disagreement on how to categorize them and what constitutes one category or another, even among experts.

The term "Malware" comes from the first three letters of Malilcious and the last four of Software. Not all viruses and worms are maliciously destructive (some such as Welchia, CodeGreen and YahaSux even remove other worms and viruses and patch the operating system), and therefore are probably not malware by this stricter definition. A possible better term might be "Rogue Program".


The most common types of self-replicators are viruses and worms. Some researchers categorize worms as a subcategory of virus as "viral" has popularly come to describe something that spreads. Other types of self-replicators such as fork bombs replicate too fast and usually stay on only one system, so they never become very popular except as a parlor trick. Others are completely theoretical and have never been implemented before.


A virus is not a program or executable file by itself, but rather a piece of code that spreads by adding itself to a program or a disk sector. When an infected program is executed, the virus code will be sent to a file, a certain number of files, a file or files in a certain location or all files on the computer, depending on how the virus was coded. These newly infected files will be able to infect other files (noting this is important, as there are some programs that "infect" files with junk code that cannot replicate once it is attached to the new host).

This term is popularly used for anything that goes wrong with a computer. Even people who are more technically minded may use the term "virus" for all types of malware, probably because its popular meaning has become so ingrained in the culture that its misuse cannot be avoided.


A worm is a self-replicating program that sends copies of itself from one computer to another, primarily through networks. The most visible type of these is the email worm, as millions of copies of these are sent out each day and they clog email inboxes. While only a handful of viruses cause damage in the millions of dollars, worms are often reported to cause damage in the tens of billions. It is named for the "Tapeworm" of John Brunner's Shockwave Rider.

Fork bomb

A Fork bomb also known as a rabbit, rabbit job or wabbit, is a program that replicates many times on one system, usually until it runs out of memory or disk space. These may have been the first forms of self-replicating programs and they are the simplest. One story of a program that behaves this way is the Rabbit that dates to 1974. Q The Misanthrope wrote a Fork bomb-like program in 1972 while in grade 7. Some reports of fork bomb programs date as far back as the 1960's.

Another definition of rabbit is a program that exists as only one copy and "hops" around the network. The Virus Encyclopedia will be using the first definition Rabbit.


This is a theoretical type of program that would exist as separate components on two or more different computers. The "Tapeworm" of John Brunner's Shockwave Rider actually resembles an Octopus more than a worm.



The term "trojan horse" or simply trojan can describe a wide range of non-spreading malicious programs. The term trojan alludes to the wooden horse of Troy that the Greeks used to gain entrance to the city. The original definition was a desirable-looking program that would entice the user to run it and do destructive or otherwise undesirable things to the computer. This definition could possibly encompass nearly all malware, as viruses usually need to be executed by the user in order to infect files, and most email, instant message and peer-to-peer worms require the user to execute them, but these take everything else into their own hands once executed. The Christmas tree worm was considered a trojan by some because it required the user to open it.

Today trojans seem to be defined by the fact that they let things into the computer, rather than by the fact that the user thought something was a good program and executed it. Worms such as Mydoom, Beagle, Vote and Mytob drop malicious backdoor programs that are referred to by Antivirus products and the media as trojans. These trojans are never touched or even seen by the user, as they are executed by the worms that drop them.

Some worms and viruses such as Oompa are also described as trojans by businesses and "fanboys" who believe (or want themselves and/or others to believe) that their particular platform is perfect. They believe that a virus or worm indicates that there is a flaw in their system, while a trojan does not. This kind of thought showed itself most clearly when Oompa first appeared, as many Macintosh users operated under the assumption that there were no viruses or worms for Mac computers and some even believed that it was impossible to create one for the Mac. In truth, a virus or worm can be coded for any platform, regardless of its vulnerabilities, and a trojan infection can be a result of a system flaw.

Backdoor Trojan

Backdoor Trojans or simply Backdoors, allow a cracker to gain access to a remote computer. The backdoor may allow the cracker to read, write to, execute, create and delete files on the computer. It may also be a gateway for worms to enter the computer.

Keystroke Loggers

"Keystroke loggers" record what the user types and send it out in some way, most likely to the email address or directly to the computer of the creator.

Other Trojans

Others may simply do something malicious to the computer, such as delete files, format the hard drive or make the computer unusable in some other way. If a program performs a malicious action and it does not replicate itself, it may be classified as a trojan.


Spyware describes programs that relay information about the host computer to another over the Internet. Usually it comes bundled with legitimate software and collects information about the user's browsing habits and sends the information to companies that use it for marketing purposes. Spyware easily fits into the category of Trojan under nearly all definitions of that word. Some of these programs may be legitimate, as they are installed by parents to monitor their children's computer use, or by employers to monitor their employees.


Adware displays advertisements on the host computer. They may be legitimate programs, such as Weatherbug, which tells users that advertisements must be displayed in order to keep the program free. On the exact opposite end of the spectrum are programs like Virusburst, which may sometimes be forcibly downloaded and installed when visiting a malicious website, and displays fake virus warnings urging the victim to buy the product in order to remove the viruses. Even legitimate adware can be very annoying and in some cases where it continues to do things even after the user has specified that it should stop, sleazy. Some early versions of RealPlayer had this problem.

Exploit Code

Exploit code targets a program vulnerability that causes the system to run a (sometimes remote) program and/or gain elevated user privileges for a user or program. Crackers may use exploit code to gain access to a remote system. Many Internet worms use exploit code to get their new target to download a copy of them and run it.

Joke programs

A joke program is a harmless program that makes the user think he/she has just done something to damage the computer. A typical joke program may display messages or in some other way trick the user into thinking that s/he has run a program that is going to destroy the computer. It may try to cause the user to panic by displaying a meter that shows the progress it has made in destroying the computer. The program may then display a "gotcha" message or simply exit and leave the user to wonder what happened. While these programs are harmless, antivirus products may still remove them because of the panic they can cause.


Peter Szor. The Art of Computer Virus Research and Defense. Addison Wesley, Pearson Education, Symantec Press: 2005. ISBN 0-321-30454-3

Press Office. Sophos Antivirus, First ever virus for Mac OS X discovered. 2006.02.16

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License