In association with heise online

Types of malware

"Virus" has become the established colloquial term for malware of all kinds, but this is not correct in the strict sense of the term. A virus is a type of malware with special characteristics different from those of a worm or a Trojan horse. Often, malware combines various characteristics; for instance, there are many email worms that also function like viruses.


A virus is a program that infects other files by infiltrating them. Viruses always propagate themselves through such "hosts", while the original program may continue to function; often, viruses only attach their program code to these files. Today, these classical viruses are rather rare.

Macro virus

This is a special form of virus that uses the macro languages that are often held in files to be executed by applications. In most cases, such macro viruses are found in Microsoft Office files (Excel tables, Word documents, etc). If Office reads an infected document, it executes a virulent macro code which may infect additional files.


A worm has a specific method of propagation. As opposed to viruses, worms do not need a host, but are independent programs with routines to copy themselves onto other computers. The most common way of propagation is by email: the worms spread as attachments (mostly directly executable) that are sent to email addresses that are selected randomly (more or less). Specific worms also exploit errors in the network functions of their victims for direct attacks. For instance, the Blaster/Lovsan worm infected Windows computers through their RPC service.

Trojan horse

A Trojan horse is a type of software that appears to be useful, but actually compromises the system, for instance by opening a loophole, which can be used by the originator to take remote control over the compromised computer and to abuse it, such as for Distributed Denial of Service (DDoS) attacks on servers or for spam distribution purposes. Although "Trojan" is not strictly correct - the inhabitants of Troy were the victims rather than the perpetrators of the Greeks' trick with the wooden horse - its conciseness has made it the established common-language term.


A Rootkit serves to hide the presence of loopholes and malicious programs by manipulating the system in a way that prevents the display of certain files, processes or network activities. A rootkit by Sony BMG has gained notoriety; it installed from this company's audio CDs on the computer to hide a copy protection mechanism. Other programs were also able to use this "magic cap".


Every now and then, waves of hoaxes flood the Internet. Hoaxes are "joke emails" warning of alleged viruses. The rule of thumb to recognize hoaxes is simple: warnings of viruses received without request must not be taken seriously. As long as users have not subscribed to the newsletter of some antivirus vendor, such warnings are false in most cases. Another indication of a hoax is the request to send the email to "all your friends and acquaintances". In particular, emails coming from large, renowned companies such as Microsoft or AOL and pretending to warn of such malware are likely to be hoaxes. As a matter of principle, such companies do not send virus warnings.

Some hoaxes request that users delete certain files because they allegedly contain a virus. Well known examples are Sulfnbk.exe and Jdbmgr.exe. While the former is a Windows system file for recovering long file names, the latter is a component of Windows' Java debugger (Java Debug Manager). If these files are deleted, Windows may not run smoothly anymore. If there are any doubts, users should consult the respective antivirus databases. Please go to our Link section to find a collection of relevant links.


  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit