A computer virus is a malicious application or authored code used to perform destructive activity on a device or local network. The code’s malicious activity could damage the local file system, steal data, interrupt services, download additional malware, or any other actions coded into the program by the malware author. Many viruses pretend to be legitimate programs to trick users into executing them on their device, delivering the computer virus payload.
Types of Computer Viruses
Every virus has a payload that performs an action. The threat actor can code any malicious activity into the virus payload, including simple, innocuous pranks that don’t do any harm. While a few viruses have harmless payloads, most of them cause damage to the system and its data. There are nine main virus types, some of which could be packaged with other malware to increase the chance of infection and damage. The nine major categories for viruses are:
Boot Sector Virus
Your computer drive has a sector solely responsible for pointing to the operating system so that it can boot into the interface. A boot sector virus damages or controls the boot sector on the drive, rendering the machine unusable. Attackers will usually spread this virus type using a malicious USB device. The virus is activated when users plug in the USB device and boot their machine.
Web Scripting Virus
Most browsers have defences against malicious web scripts, but older, unsupported browsers have vulnerabilities that allow an attacker to run code on the local device.
A virus that can change the settings on your browser will hijack browser favourites, the home page URL, your search preferences and redirect you to a malicious site. The site could be a phishing site or an adware page used to steal data or make money for the attacker.
A virus that can access computer memory and sit dormant until a payload is delivered is considered a resident virus. This malware may stay dormant until a specific date, time, or a user performs an action.
Direct Action Virus
When a user executes a seemingly harmless file attached with malicious code, direct action viruses deliver a payload immediately. These viruses can also remain dormant until a specific action is taken or a timeframe passes.
Malware authors can use polymorphic code to change the program’s footprint to avoid detection. Polymorphic viruses make it more difficult for an antivirus to detect and remove them.
File Infector Virus
To persist on a system, a threat actor uses file infector viruses to inject malicious code into critical files that run the operating system or important programs. When the system boots or the program runs, the virus is activated.
These malicious programs spread across a network or other systems by copying themselves or injecting code into critical computer resources.
Microsoft Office files can run macros, and these macros can be used to download additional malware or run malicious code. Macro viruses deliver a payload when the file is opened, and the macro runs.
What Causes Computer Viruses?
Computer viruses are standard programs; only instead of offering useful resources, these programs can damage your device. For a threat actor to execute a virus on your machine, you must initiate execution. In some cases, an attacker can execute malicious code through your browser or remotely from another network computer. Modern browsers have defences against local machine code execution, but third-party software installed on the browser could have vulnerabilities that allow viruses to run locally.
The delivery of a computer virus can happen in several ways. One common method is via a phishing email. Another technique is hosting malware on a server that promises to provide a legitimate program. It can be delivered using macros or by injecting malicious code into legitimate software files.
What Is a Computer Worm?
A computer worm is malware, just like a virus, but a worm takes a copy of itself and propagates it to other users. Worms can also deliver a payload and exhaust resources. For example, an email worm sends a copy of itself to everyone on an infected user’s email contact list. When it reaches recipient inboxes, anyone who runs the worm sends it to their contact list. Email worms exhaust storage space and spread very quickly across the internet, so they create issues differently than a virus.
What Does a Computer Virus Do?
The way a computer virus acts depends on how it’s coded. It could be something as simple as a prank that doesn’t cause any damage, or it could be sophisticated, leading to criminal activity and fraud. Many viruses only affect a local device, but others spread across a network environment to find other vulnerable hosts.
A virus that infects a host device will continue delivering a payload until it’s removed. Most antivirus vendors have small removal programs that eliminate the virus. Polymorphic viruses make it difficult for removal because they change their footprint consistently. The payload could be stealing data, destroying data, or interrupting services on the network or the local device.
Symptoms of Computer Virus
Malware authors write code that is undetectable until the payload is delivered. However, like any software program, bugs could present issues while the virus runs. Signs that you have a computer virus include:
- Popup windows, including ads (adware) or links to malicious websites.
- Your web browser home page changes, and you did not change it.
- Outbound emails to your contact list or people on your contact list alert you to strange messages sent by your account.
- The computer crashes often, runs out of memory with few active programs, or a blue screen of death in Windows.
- Slow computer performance even when running few programs or the computer was recently booted.
- Unknown programs start when the computer boots or when you open specific programs.
- Passwords change without your knowledge or your interaction on the account.
Examples of Computer Virus
The web contains millions of computer viruses, but only a few have gained popularity and infect record numbers of machines. Some examples of widespread computer viruses include:
- Morris Worm
- SQL Slammer
How to Prevent Computer Viruses
Computer viruses can damage your PC, send sensitive data to attackers, and cause downtime until the system is repaired. You can avoid becoming the next computer virus victim by following a few best practices:
- Install antivirus software: Antivirus should run on any device connected to the network. It’s your first defence against viruses. Antivirus software stops malware executables from running on your local device.
- Don’t open executable email attachments: Many malware attacks including ransomware start with a malicious email attachment. Executable attachments should never be opened, and users should avoid running macros programmed into files such as Microsoft Word or Excel.
- Keep your operating system updated: Developers for all major operating systems release patches to remediate common bugs and security vulnerabilities. Always keep your operating system updated and stop using end-of-life versions (e.g., Windows 7 or Windows XP).
- Avoid questionable websites: Older browsers are vulnerable to exploits used when just browsing a website. You should always keep your browser updated with the latest patches, but avoiding these sites will stop drive-by downloads or redirecting you to sites that host malware.
- Don’t use pirated software: Free pirated software might be tempting, but it’s often packaged with malware. Download vendor software only from the official source and avoid using software that’s pirated and shared.