There’s a virus smiling angrily and a price tag attached to it, which says "What is malware?"

As a netizen, you’ve probably heard of malware attacks and viruses threatening your digital wellbeing. But are those the same thing? Not really.

Not all malware is viruses, but all computer viruses are malware. The two terms are interchangeable but have different meanings. Luckily, we are just the kind of nerds to explain that in plain, understandable terms. So — virus vs. malware — let’s go!

Viruses vs. malware: the main difference

Malware is a general term for all malicious software (mal+ware). In contrast, a virus is a specific type of malware that self-replicates by attaching to legitimate files and spreads from one computer to another. Other malware forms may not necessarily be able to self-replicate as viruses do.

Malware and viruses differ in how they infect devices, carry out attacks, and their outcomes. So let’s take a cyber epidemiologist’s look at them.

A virus with an angry smile sits in a bubble, and the bubble has a name tag with

What is malware

Malware is software using unauthorized access to harm the user — to disrupt a computer, server, client, or computer network, leak private information, gain unauthorized access to devices, encrypt and deny access to information, or interfere with the user’s computer security.

To better understand what malware is, we should look into its types.

Types of malware

Rootkit or remote access malware
A virus replicates by spreading infected files (like pirated movies). Usually, it will look like a legitimate file. Once the user activates the infected file, the virus can delete data, encrypt personal files, or do a variety of other harmful stuff.
Its main function is to replicate and jump from one computer to another. It can spread between computers if they’re on the same network. But, unlike viruses, worms replicate themselves and don’t need a user to activate them. Worms can infect a device multiple times, and each additional one slows it down, sometimes to the point where the device becomes unusable. Worms can also delete files, consume bandwidth, and install ransomware.
A rootkit grants the hacker administrator access and privileges to a victim’s device. It lets them do anything an owner of the computer can.
Infected websites or malicious websites
Ransomware locks up a victim’s device or data, usually encrypts it, and demands monetary payment to unlock or decode it.
Some websites have malware on them. An unsuspecting victim visits such a page, clicks on a malicious link, an image, or an ad, and unknowingly downloads the hostile code. This technique is usually referred to as a watering hole attack.
Keylogger malware records (logs) all keystrokes on a device, allowing the hacker to extract login credentials and other sensitive data.
Fileless malware or resident malware
Instead of installing itself on the hard drive, fileless malware only exists in RAM. This way, there's no malware signature for a virus scanner to detect. Its greatest strength is its only weakness: since RAM only provides temporary storage, its contents are lost when the computer is off.
Spyware is used to spy on the person without their knowledge and steal their data. A keylogger, a trojan, and adware could be considered types of spyware.
Adware, similar to spyware, tracks a person’s online activity to gather information about their browsing habits and shower them with ads. Adware, however, doesn’t track keystrokes and can’t download or install software into the victim’s device.
Bot and Botnet
Bot/botnets covertly use a victim's device's resources for nefarious ends, like launching DDoS attacks. Multiple computers that are infected with bots form a botnet, which allows malware creators to scale up their schemes.
Cryptojacking uses your device to mine cryptocurrency via the bot/botnet principle.

What is a virus

A virus is a specific type of malware that spreads from device to device via infected files that users need to activate themselves — for example, click an executable file or a link.

Types of viruses

Writer’s note: the main principles of how computer viruses spread and infect computers are similar to real-life viruses and their hosts. What I found interesting is that none were created with the intent to mimic nature. I would even tip my hat to the creator’s genius if only they weren’t this malicious.

File-infecting virus
Polymorphic virus or a metamorphic virus
A file-infecting virus infects and overwrites executable .com and .exe files by copying malicious code into them. The intent is to cause permanent damage or make the files unusable. How ghastly.
A Trojan usually enters computer systems disguised as a legitimate program, similar to a virus. The main difference is that it doesn’t try to make more copies of itself or infect other files.
Polymorphic viruses change their code, appearance, or their virus signature files to avoid detection.
Resident virus
Browser hijacker or browser redirect virus
Malicious mobile apps
Resident viruses may be considered a subtype of fileless malware. And just like fileless malware, a resident virus writes itself onto the computer's memory and hides there. It can start its destructive work whenever the operating system boots up and can’t be deleted even if you restart your device.
Browser hijackers attempt things like changing your homepage and installing toolbars onto your browser. Browser hijackers redirect the user to other malicious websites so they can help the cybercriminal generate fraudulent advertising revenue.
These apps can be found on Google Play and Apple Store. They appear genuine but are actually spying on you, pushing ads, and so on (not unlike Trojans).
Fake antivirus
Fake antivirus is a type of program or attack that relies on spooking you with fake claims of viruses. They scare you into installing antivirus software, which may be a Trojan or other malware.

The list isn’t final, nor will it ever be, since categorizing and naming each virus is tricky. Some viruses are used in conjunction with others, and some are so new that we might be unaware of them.

Note: if you’re interested in the most famous viruses to date, check out our FAQ section at the bottom.

Why are the terms malware and virus misused?

Because the public remembers only the most famous!

Somewhere between the 1970s and 1980s, the first malware was ”born”; it was called a ”virus” and spread through floppy disks. At the time, it became the most popular type of cyber-attack.

Because of its popularity, the term virus became shorthand for every type of malware, especially for people who aren’t into cybersecurity details.

Preventative software, called antivirus, further cemented the “brand” of viruses into the collective subconscious. Many cybersecurity solutions tend to use the “antivirus” label to this day, despite dealing with more than the common cyber flu.

Note: if this got you interested, you can read more about the brief history of malware.

How can I tell if my device is infected?

The common symptoms for catching a worm, a virus, or a cyber malady are:

  • Your computer starts making unexpected and random sounds;
  • Files and folders change their content without warning;
  • Your device is slower than usual and without clear reason;
  • Unknown apps run in the background and use too many resources;
  • Unexplained shortage of disc space;
  • Applications try to connect to websites you’ve never heard of;
  • Something doesn’t let you download antivirus programs or make updates;
  • Messages you don’t recall writing are sent from your email or social media accounts;
  • Unprompted pop-up windows.

If you’ve experienced at least one of the symptoms mentioned above, your device might be infected with malware. So what can you do to protect yourself?

How to protect yourself against viruses?

Let’s talk about malware protection. There are several good practices to consider:

  1. Get an app against cyberthreats 

Security software like Surfshark Antivirus* watches over your device, whether on a computer or a phone. It can detect computer viruses as they try to enter the system, scan your files for existing infections, and more — all thanks to the tireless efforts of security researchers.

*Antivirus is part of the Surfshark One cybersecurity bundle

  1. Keep your software updated

Everything from your device’s operating system to the individual apps you use gets updated fairly regularly. Never postpone updates as they often contain security updates, patching out existing vulnerabilities and addressing new ones. It’s imperative to keep antivirus software updated to counter new threats. 

  1. Only use trusted software

Due diligence is your friend if you’re looking for new, unfamiliar software. Check the reviews in app stores and other websites, don’t trust deals that are too good to be true, and if a website looks shady, it probably is. 

  1. Be on the lookout for phishing

Phishing tricks the user (you) into divulging information – or installing malware. Lucky for you, we have a phishing guide on how to recognize and avoid phishing attacks.  

In conclusion: use one app to crush all malware

Viruses are but a type of malware. Staying vigilant is necessary, but you can’t always expect it to be enough. The most effective way for dealing with malware remains this one: get an app that handles all your cybersecurity needs 24/7.

Protect against the cyber-pandemic
And don’t leave malware a chance


Do I have a virus or malware?

To see if you have a virus or malware, you should run a diagnostic — get Surfshark Antivirus. Our threat database is renewed every three hours, so the Antivirus will detect viruses on your computer if there are any. Remember, we offer a 30-day money-back guarantee.

Will a virus scan detect malware?

A virus scan should detect malware. Most antiviruses detect, quarantine, and delete malicious code to prevent malware from damaging your device. Since there are viruses that change their signature independently to avoid detection, modern antiviruses update themselves automatically to be up to date with the latest databases of viruses.

Is malware worse than a virus?

In theory and in general, malware is worse than viruses, but it all boils down to the specifics of each cyberthreat. Malware is a broad category of software that hackers use to steal your data and do other nefarious deeds — and a virus is a type of malware.

What are the most famous viruses and malware?

  • Conficker (or Downup) was a worm that infected over 9 million computers worldwide. It reset account lockout settings and blocked access to antivirus sites. Detected in November of 2008.
  • The ILOVEYOU virus posed as a love confession. It would spread itself to users via email, sending lists, and overwriting files, making computers unable to boot up. The virus was so effective that it held the Guinness World Record as the most virulent virus ever. It infected over ten million computers on and after May 5, 2000. 
  • Cryptolocker was a worm spreading through email attachments and was one of the first ransomware attacks. It utilized a trojan virus that encrypted files once it reached the victim’s device. It was first noticed around September 2013. Damage is estimated to be around three million USD, money that was extorted out of 500,000 people.
  • SQL Slammer was a 2003 computer worm that caused a denial of service on some internet hosts like the Bank of America’s ATMs. By infecting 75,000 victims, it crashed the internet within 10 minutes. It’s estimated that the cyberthreat has caused around one billion USD in damages.
  • Stuxnet was malware developed by the US government in the 2010s to obstruct Iranian nuke building. This worm has destroyed Iranian nuclear centrifuges by sending damaging instructions.

Dishonorable mentions: Morris Worm, MyDoom, Storm Worm, Sasser & Netsky.