A software virus infects a previously "healthy" program or system that had been working well in exactly the same way as a biological virus penetrates a healthy cell. Every time the compromised host program is opened, the infection makes it execute the actions specified by the malicious code before performing its own functions.

Since the program appears to be working as normal, users do not usually notice the actions of the malicious code that are running in the background. The virus is therefore able to copy its digital DNA and spread it to other program files undisturbed. If just one infected file is transferred to an external device via a storage medium or download and executed there, the infection then starts to spread through this new system.

The differences between viruses and worms

Unlike viruses, worms do not need a host program. These are malware programs that can run independently and are usually concealed somewhere in the depths of an operating system under an inconspicuous name. Worms spring into action without the user having to do anything – in the most straightforward case, there may be a corresponding entry in the operating system's start function, which runs automatically. As soon as the worm is "awake", it could trawl through a system's contact folder, for example, and send a copy of itself as an attachment to all the e-mail addresses it finds. If one of the recipients opens the program in the attachment, then the worm has made the leap to a new system.

Viruses and worms are typically used in scattergun, non-specific cyber attacks, where the main aim is to infect as many devices as possible. The ultimate goal may be to control the hijacked systems remotely via the planted malware and incorporate them into a botnet, for example. However, lots of today's malware does not act like either a virus or a worm: it is spread individually via spam or drive-by infections instead.

All connected devices can be affected

Whether it's a webcam, refrigerator, fitness wristband or light – nowadays, more and more devices are sharing data as part of the Internet of Things. To demonstrate the possible consequences of a worm epidemic, a team of Israeli and Canadian IT security researchers developed a worm directed at a certain type of smart light bulbs. The worm accessed the lamps' control system through a vulnerability in the radio protocol, which can be used to switch the bulbs on and off via WLAN.

The worm continued to spread wirelessly from lamp to lamp – and the closer the distance between the lamps, the faster the spread. The researchers actually managed to wirelessly infect lighting systems by driving a car past them and flying a drone. In theory, a worm epidemic of this kind could trigger a chain reaction and switch off all the smart lights in a large city. Not until a couple of months after the researchers had reported the vulnerability did the manufacturer rectify the flaw in the radio protocol by issuing a firmware update.