What Is a Computer Virus?

A computer virus is an ill-natured software application or authored code that can attach itself to other programmes, self-replicate, and spread itself onto other devices. When executed, a virus modifies other computer programmes by inserting its code into them. If the virus’s replication is successful, the affected device is considered “infected” with a computer virus.

The malicious activity carried out by the virus’s code can damage the local file system, steal data, interrupt services, download additional malware, or any other actions the malware author coded into the programme. Many viruses pretend to be legitimate programmes to trick users into executing them on their devices, delivering the computer virus payload.

Every computer virus has a payload that performs an action. The threat actor can code any malicious activity into the virus payload, including simple, innocuous pranks that don’t do any harm. While a few viruses have harmless payloads, most of them cause damage to the system and its data. There are nine main virus types, some of which could be packaged with other malware to increase the chance of infection and damage. The nine major categories for viruses on computers are:

Boot Sector Virus

Your computer drive has a sector solely responsible for pointing to the operating system so that it can boot into the interface. A boot sector virus damages or controls the boot sector on the drive, rendering the machine unusable. Attackers usually use malicious USB devices to spread this computer virus. The virus is activated when users plug in the USB device and boot their machine.

Web Scripting Virus

Most browsers have defences against malicious web scripts, but older, unsupported browsers have vulnerabilities allowing attackers to run code on the local device.

Browser Hijacker

A computer virus that can change the settings on your browser will hijack browser favourites, the home page URL, and your search preferences and redirect you to a malicious site. The site could be a phishing site or an adware page used to steal data or make money for the attacker.

Resident Virus

A virus that can access computer memory and sit dormant until a payload is delivered is considered a resident virus. This malware may stay dormant until a specific date or time or when a user performs an action.

Direct Action Virus

When a user executes a seemingly harmless file attached to malicious code, direct-action viruses deliver a payload immediately. These computer viruses can also remain dormant until a specific action is taken or a timeframe passes.

Polymorphic Virus

Malware authors can use polymorphic code to change the programme’s footprint to avoid detection. Therefore, it’s more difficult for an antivirus to detect and remove them.

File Infector Virus

To persist on a system, a threat actor uses file infector viruses to inject malicious code into critical files that run the operating system or important programmes. The computer virus is activated when the system boots or the programme runs.

Multipartite Virus

These malicious programmes spread across a network or other systems by copying themselves or injecting code into critical computer resources.

Macro Virus

Microsoft Office files can run macros that can be used to download additional malware or run malicious code. Macro viruses deliver a payload when the file is opened and the macro runs.

For a threat actor to execute a virus on your machine, you must initiate execution. Sometimes, an attacker can execute malicious code through your browser or remotely from another network computer. Modern browsers have defences against local machine code execution, but third-party software installed on the browser could have vulnerabilities that allow viruses to run locally.

The delivery of a computer virus can happen in several ways. One common method is via a phishing email. Another technique is hosting malware on a server that promises to provide a legitimate programme. It can be delivered using macros or by injecting malicious code into legitimate software files.

At their core, computer viruses are discreet programmes that hitch a ride on other files or applications. In most cases, their primary objective is to replicate and spread like wildfire.

Computer viruses function as malicious software programmes designed to infect other programmes by modifying them in some way. In doing so, a virus will attach itself to an unsuspecting file or application in order to spread.

The Infection Process

A virus can attach itself to any legitimate programme or document that supports macros to execute its code, such as an email attachment or a file download from a website. Once the file is opened or downloaded, the virus springs into action and starts executing.

Hiding in Plain Sight

Computer viruses can be quite crafty to remain hidden from both users and antivirus software alike. Viruses employ stealth techniques such as polymorphism, which changes their appearance, or encryption methods.

The Damage Done

Once activated, a virus may wreak havoc on your computer system. It can steal sensitive data, corrupt files, slow down performance, and even crash your entire system. It can spread from system to system after a user takes action that either intentionally or accidentally facilitates it.

It’s important to note that viruses are just one type of malware, and many other types of malicious software can harm your computer or steal your personal information.

Computer viruses spread through various channels, and being aware of these channels is essential to protect yourself and your organisation from infection.

Email Attachments

One method of virus transmission is through email attachments. Hackers often disguise their malicious code as seemingly harmless files, such as documents or images unsuspecting users open without a second thought. For example, Ursnif banking Trojan campaigns are known to spread via email attachments posing as invoices or financial statements.

Internet Downloads

Viruses can also hide in software installers, media files, or even browser extensions that you download from the web. It’s important to be cautious when downloading files from unknown sources or sketchy websites. A notorious case was the Download.com scandal, where popular applications were bundled with adware and other unwanted programmes by default.

File Sharing Networks

File sharing networks like torrent sites and peer-to-peer platforms can easily transmit viruses. Innocent-looking movie torrents or cracked software may carry hidden payloads designed to compromise your device upon installation. For example, The Pirate Bay used a browser-based cryptocurrency miner, so when someone visited the website, their computer was used to mine cryptocurrency without their knowledge or consent.

Removable Media

Viruses can attach to removable media, such as USB drives and CDs/DVDs, infecting any computer they’re plugged into. The infamous Stuxnet worm is a prime example of a virus that spreads through removable media.

To protect yourself and your organisation from computer viruses, always exercise caution and employ robust cybersecurity measures like up-to-date antivirus software and regular system scans. Remember, knowledge is power, especially when preventing viruses and cyber-attacks.

A computer worm is a type of malware designed to replicate itself to spread to other computers. Unlike computer viruses, worms do not require a host programme to spread and self-replicate. Instead, they often use a computer network to spread themselves, relying on security failures on the target computer to access it.

Once a worm infects a computer, it uses that device as a host to scan and infect other computers. When these new worm-infested computers are compromised, the worm continues to scan and infect other computers using these computers as hosts. Worms operate by consuming heavy memory and bandwidth loads, resulting in overloaded servers, systems, and networks.

The way a computer virus acts depends on how it’s coded. It could be something as simple as a prank that doesn’t cause any damage, or it could be sophisticated, leading to criminal activity and fraud. Many viruses only affect a local device, but others spread across a network environment to find other vulnerable hosts.

A computer virus that infects a host device continues delivering a payload until it’s removed. Most antivirus vendors offer small removal programmes that eliminate the virus. Polymorphic viruses make removal difficult because they change their footprint consistently. The payload could be stealing data, destroying data, or interrupting services on the network or the local device.

While overlapping in intention and meaning, malware and viruses are two distinct terms that are often used interchangeably.

Malware is a general term for any type of malicious software, while a virus is a specific type of malware that self-replicates by inserting its code into other programmes. While viruses are a type of malware, not all malware is a virus.

Malware can take many forms, including viruses, worms, trojans, spyware, adware, and ransomware, and it can be distributed through infected websites, flash drives, emails, and other means. A virus requires a host programme to run and attaches itself to legitimate files and programmes. It causes a host of malicious effects, such as deleting or encrypting files, modifying applications, or disabling system functions.

Malware authors write code that is undetectable until the payload is delivered. However, like any software programme, bugs could present issues while the virus runs. Signs that you have a computer virus include:

• Popup windows, including ads (adware) or links to malicious websites.
• Your web browser home page changes, and you did not change it.
• Outbound emails to your contact list or people on your contact list alert you to strange messages sent by your account.
• The computer crashes often, runs out of memory with few active programmes or displays the blue screen of death in Windows.
• Slow computer performance even when running few programmes or the computer was recently booted.
• Unknown programmes start when the computer boots or when you open specific programmes.
• Passwords change without your knowledge or your interaction on the account.
• Frequent error messages arise with basic functions like opening or using programmes.

The web contains millions of computer viruses, but only a few have gained popularity and infect record numbers of machines. Some examples of widespread computer viruses include:

• Morris Worm – One of the earliest and most pervasive computer virus examples, this self-replicating computer programme spread through the early Internet in 1988, slowing down or crashing many machines.
• Nimda – This particular type of worm targeted web servers and computers running Microsoft Windows operating systems, spreading through multiple infection vectors in 2001.
• ILOVEYOU – A highly destructive worm that spread via email, disguised as a love confession and caused widespread damage in 2000 by overwriting files.
• SQL Slammer – A fast-spreading computer worm that exploited a vulnerability in Microsoft SQL Server, causing network congestion and disrupting Internet services in 2003.
• Stuxnet – A sophisticated worm designed to target and sabotage industrial control systems, particularly Iran’s nuclear programme, by exploiting zero-day vulnerabilities in 2010.
• CryptoLocker – This ransomware Trojan, which infected hundreds of thousands of computers in 2013, encrypted victims’ files and demanded a ransom for their decryption.
• Conficker – Emerging in 2008, this worm exploited vulnerabilities in Windows operating systems, creating a massive botnet and causing widespread infection.
• Tinba – First discovered in 2012, this banking Trojan primarily targeted financial institutions, aiming to steal login credentials and banking information.
• Welchia – A worm that aimed to remove the Blaster worm from infected systems and patch the exploited vulnerability but caused unintended network congestion in 2003.
• Shlayer – A macOS-specific Trojan that primarily spreads through fake software updates and downloads, delivering adware and potentially unwanted programmes since 2018.

Removing a computer virus can be a challenging task, but there are several steps you can take to get rid of it. Common steps to remove a computer virus include:

1. Download and install antivirus software: Assuming you don’t already have antivirus software installed, download and install a real-time and on-demand solution, if possible. A real-time malware scanner scans for viruses in the background while you use the computer. You must start the on-demand scanner whenever you want to scan your device.
2. Disconnect from the internet: Some computer viruses use the internet connection to spread, so it’s best to disconnect from the internet when removing a virus from your PC to prevent further damage.
3. Delete any temporary files: Depending on the type of virus, deleting temporary files can also delete the virus, as some viruses are designed to initiate when your computer boots up.
4. Reboot your computer into safe mode: To help mitigate damages to your computer while you remove a virus, reboot your device in ‘Safe Mode’. This will inhibit the virus from running and allow you to remove it more effectively.
5. Run a virus scan: Run a full scan using your antivirus software, opting for the most thorough or complete scanning option available. If possible, cover all your hard drive letters during the scan.
6. Delete or quarantine the virus: Once the virus is detected, your antivirus software will give you the option to delete or quarantine the virus. Quarantining the virus will isolate it from the rest of your computer to prevent it from causing further damage.
7. Reboot your computer: Assuming you’ve effectively removed the virus, your computer can be rebooted. Simply turn on the device as you would do so normally without initiating the “Safe Mode” option.
8. Update your browser and operating system: To complete the virus removal process, update your operating system and web browser to the latest version possible. Browser and OS Updates often contain fixes for particular vulnerabilities and exploits.

Given the general nature of this process, the outcome may vary from virus to virus and device to device. If you are unsure if you’ve effectively removed a virus from your computer, contact an IT or computer professional for assistance.

Computer viruses can damage your PC, send sensitive data to attackers, and cause downtime until the system is repaired. You can avoid becoming the next computer virus victim by following a few best practices:

• Install antivirus software: Antivirus should run on any device connected to the network. It’s your first defence against viruses. Antivirus software stops malware executables from running on your local device.
• Don’t open executable email attachments: Many malware attacks including ransomware start with a malicious email attachment. Executable attachments should never be opened, and users should avoid running macros programmed into files such as Microsoft Word or Excel.
• Keep your operating system updated: Developers for all major operating systems release patches to remediate common bugs and security vulnerabilities. Always keep your operating system updated and stop using end-of-life versions (e.g., Windows 7 or Windows XP).
• Avoid questionable websites: Older browsers are vulnerable to exploits used when just browsing a website. You should always keep your browser updated with the latest patches and avoid these sites to prevent drive-by downloads or redirecting you to sites that host malware.
• Don’t use pirated software: Free pirated software might be tempting, but it’s often packaged with malware. Download vendor software only from the official source and avoid using software pirated and shared software.
• Use strong passwords: Make sure your passwords are highly secure and difficult to guess. Avoid using the same password across multiple accounts and change them regularly to mitigate vulnerabilities and prevent hackers from stealing them.
• Remain vigilant: Always be cautious when downloading files or software from the internet or opening suspicious email attachments. Turn off file sharing and never share access to your computer with someone you don’t know. Also, avoid keeping sensitive or private information stored on your computer