Viruses, Worms and Trojans: What Are the Differences and How You Can Protect Yourself

Have you checked your smartphone today? Booted up your workstation? Whether in business or privately: nothing works without the usage of a computer. So it’s all the more important that IT systems and data are secured against external attacks. Anyone who has ever had a technical problem knows how unpleasant IT failures can be. Things get particularly bad when these failures are intentionally caused by cybercriminals. That’s reason enough to take a closer look at the dangers. We explain the difference between viruses, worms and the other virtual pests as well as the options available to protect your business from them.

Types of Malware: an Overview

The term “malware” is made up of the words “malicious” and “software” and is more or less self-explanatory. Malware is a program that performs malicious functions and is designed to access a device without the user’s knowledge in order to compromise it. The terms malware, malicious program, badware, evilware or junkware are also frequently used. All of these applications have the same target: Your data Depending on the malware, the data may be deleted, blocked, modified or copied. They also put a strain on the computing power of your system. We introduce you to the best-known types of malware in the following.

Backdoor, Spyware, Malware: Clarification of Terminology Is Not Easy

Distinguishing the terms from one another is not that simple. For example, backdoors are often installed by programs that a Trojan horse has smuggled onto a system. And of course, spyware can be easily executed via the backdoor. Most users hardly see the difference between the various threats and generally refer to all malware as a computer virus. But, for the affected system, it doesn’t really matter which malicious program caused the damage. That’s because digital infections are like analog ones: As soon as they’re treated properly and you see improvement, it doesn’t really matter what strain of bacteria caused the disease.

What’s the Motivation behind Creating Malware?

Cybercrime is now a lucrative business - not only for criminals who attack companies or institutions, but also for people who create malicious programs. For example, cybercriminals now offer “ransomware-as-a-service” or RaaS for short: One side develops the malware required for the blackmail and, if necessary, the corresponding attack infrastructure, and the other then uses it for the attacks. In August 2022, Microsoft explicitly warned against RaaS in the Cyber Signals security report.

Tip:

Ransomware is now classified by experts as THE top threat for companies. Find out why and how you can protect yourself in this article: Ransomware Risk: How to Protect Your Business Against Becoming a Digital Hostage.

But apart from ransomware, the reasons for creating malicious programs are diverse: Lack of challenges, boredom, the desire for respect, revenge - or just money problems. For example, Onel de Guzman, who released the now-famous ILOVEYOU worm in 2000, did so because he couldn’t afford dial-up service and instead stole other users’ credentials.

However, not everyone who creates a virus program is automatically a cybercriminal. Many “professional hackers” use malware to uncover security flaws and develop research programs. An example of this is the German Chaos Computer Club (CCC), which regularly tests software, apps and websites from companies and institutions for their security.

Employees as a Cyber Risk

One of the biggest potential vulnerabilities for cyber attacks in a company is its employees - and cyber criminals know that. So it’s no wonder that phishing, fake presidents, payment diversion fraud and general network attacks have increased massively since 2020, especially when people are working remotely. In this article we tell you in detail how you can recognise the fake president trick, sensitise your employees and protect your business: The Fake President Trick - When Scammers Pretend to Be the CEO

So training for employees - both internal and external - as well as partners and service providers on topics such as password security, phishing or visiting privately used portals (e.g. social media or online shops) at the workplace is crucial. Because damage can occur faster than you think, as this real exali damage case shows, in which a crypto-Trojan entered a company’s network via the terminal server and began to encrypt company data there. Read more about this real exali damage event here: Ransomware: A Damage Event Involving a Virus and Inadequate Protection

Cybercrime: How Can I Protect Myself from an Attack?

The only way to be 100 percent protected from malware is not to use a computer. So if you want to lead a life or business in the digitally networked world, you have to learn to deal with a certain risk. The few things that can prevent malware damage are:

Good anti-virus software:
System-wide antivirus scans
Regular system updates (to close security gaps instantly)
Regular training of employees on cyber security issues
Being careful when handling emails and downloading programs
Not using an administrator account in everyday life (this makes system-wide changes by malware more difficult)
2-factor authentication for external accounts (e.g. social media, image databases)
Being careful when exchanging data (regardless of whether it is a picture, video, music or game, everything can be affected)
Creating backups of your data so you don’t end up empty-handed in the event of an attack

It is also important to make sure you only use a single antivirus software; otherwise, important protective functions of different programs could cancel each other out.

Business Risk Cyber Attack: IT Forensics and the Question of Costs

The above tips will help minimise the risk of a malware attack. But despite all the precautions, attacks can still happen. What if the malware was successful? It can get really expensive. If your data is gone, if you have been locked out of the system or if the network is no longer accessible, costs can accrue.

As an example calculation, let’s take an online shop that is offline for five days due to a virus (smuggled in via a fake application PDF): Specialists come in to locate and remove the viruses from the IT systems (costs for IT forensics: 19,500 Euro), loss of earnings due to lost sales and running costs (35,000 Euro), poor ratings from customers (online marketing and PR measures against reputational damage 17,500 Euro). This adds up to 72,000 Euro. That’s a hefty sum that could be even higher if you don’t react immediately. The recovery of data that has been made unusable, for example from the merchandise management or ERP system, is also not included in this calculation.

Protection with Professional Indemnity Insurance

You should think about the right protection in good time so you aren’t stuck with the costs. Here’s something a lot of people don’t know: You can insure the financial consequences of cyber damage and hacker attacks! The insurance also provides active support from experts in IT forensics, data protection law and PR. At exali.com you have the following options:

Professional Indemnity Insurance

Professional Indemnity Insurance from exali has integrated coverage for data and cyber damage that you may cause to third parties through a mistake (for example, if customer data is stolen during a hacker attack). You can also insure first-party claims.

Data Protection & First-Party Cyber Damage Coverage

With the First-party Cyber and Data Risks Insurance (FPC) add-on, you can flexibly “upgrade” all Professional Indemnity Insurance from exali so your own business is optimally protected in the event of a cyber attack. For example, the insurance company will then cover the costs of restoring your IT systems.

If you have any questions about the perfect coverage for your profession, please give us a call. You can always reach our customer advisors from Monday to Friday from 9 a.m. to 6 p.m. on +49 (0)821 80 99 46-0. You are also welcome to send us a message using our contact form.