Computer Virus Definition

A computer virus is an ill-natured software application or authored code that can

attach itself to other programs, self-replicate, and spread itself onto other devices.
When executed, a virus modifies other computer programs by inserting its code
into them. If the virus’s replication is successful, the affected device is considered
“infected” with a computer virus.

The malicious activity carried out by the virus’s code can damage the local file
system, steal data, interrupt services, download additional malware, or any other
actions the malware author coded into the program. Many viruses pretend to be
legitimate programs to trick users into executing them on their devices, delivering
the computer virus payload.

Cybersecurity Education and Training

Begins Here
START A FREE TRIAL

Country:

Types of Computer Viruses

Every computer virus has a payload that performs an action. The threat actor can
code any malicious activity into the virus payload, including simple, innocuous
pranks that don’t do any harm. While a few viruses have harmless payloads,
most of them cause damage to the system and its data. There are nine main
virus types, some of which could be packaged with other malware to increase the
chance of infection and damage. The nine major categories for viruses on
computers are:

Boot Sector Virus

Your computer drive has a sector solely responsible for pointing to the operating
system so that it can boot into the interface. A boot sector virus damages or
controls the boot sector on the drive, rendering the machine unusable. Attackers
usually use malicious USB devices to spread this computer virus. The virus is
activated when users plug in the USB device and boot their machine.

Web Scripting Virus

Most browsers have defenses against malicious web scripts, but older,
unsupported browsers have vulnerabilities allowing attackers to run code on the
local device.

Browser Hijacker
A computer virus that can change the settings on your browser will hijack browser
favorites, the home page URL, and your search preferences and redirect you to a
malicious site. The site could be a phishing site or an adware page used to steal
data or make money for the attacker.

Resident Virus
A virus that can access computer memory and sit dormant until a payload is
delivered is considered a resident virus. This malware may stay dormant until a
specific date or time or when a user performs an action.

Direct Action Virus

When a user executes a seemingly harmless file attached to malicious code,
direct-action viruses deliver a payload immediately. These computer viruses can
also remain dormant until a specific action is taken or a timeframe passes.
 Polymorphic Virus
Malware authors can use polymorphic code to change the program’s footprint to
avoid detection. Therefore, it’s more difficult for an antivirus to detect and remove
them.

File Infector Virus

To persist on a system, a threat actor uses file infector viruses to inject malicious
code into critical files that run the operating system or important programs. The
computer virus is activated when the system boots or the program runs.

Multipartite Virus
These malicious programs spread across a network or other systems by copying
themselves or injecting code into critical computer resources.

Macro Virus
Microsoft Office files can run macros that can be used to download additional
malware or run malicious code. Macro viruses deliver a payload when the file is
opened and the macro runs.

What Causes Computer Viruses?

Computer viruses are standard programs; instead of offering useful resources,
these programs can damage your device. Computer viruses are typically crafted
by hackers with various intentions, like stealing sensitive data to causing chaos in
systems. Some hackers create these malicious programs for fun or as a
challenge, while others have more sinister motives like financial gain or cyber
warfare.

Hackers may exploit weak points in an operating system or app to acquire

unapproved access and power over a user’s machine to achieve their goals.

 Ego-driven: Some virus authors seek fame within the hacker community by
creating destructive or widespread viruses that garner media attention.
 Cybercrime: Hackers often use computer viruses as tools for ransomware
attacks, identity theft, and other forms of online fraud.

 Sabotage: In some cases, disgruntled employees create computer viruses to

intentionally damage their employer’s infrastructure.

 Cyber espionage: State-sponsored hackers may develop advanced

persistent threats (APTs) using custom-made malware designed for long-term
infiltration into targeted networks.

For a threat actor to execute a virus on your machine, you must initiate execution.
Sometimes, an attacker can execute malicious code through your browser or
remotely from another network computer. Modern browsers have defenses
against local machine code execution, but third-party software installed on the
browser could have vulnerabilities that allow viruses to run locally.

The delivery of a computer virus can happen in several ways. One common
method is via a phishing email. Another technique is hosting malware on a server
that promises to provide a legitimate program. It can be delivered using macros
or by injecting malicious code into legitimate software files.

How Do Computer Viruses Work?

At their core, computer viruses are discreet programs that hitch a ride on other
files or applications. In most cases, their primary objective is to replicate and
spread like wildfire.

Computer viruses function as malicious software programs designed to infect

other programs by modifying them in some way. In doing so, a virus will attach
itself to an unsuspecting file or application in order to spread.

The Infection Process

A virus can attach itself to any legitimate program or document that supports
macros to execute its code, such as an email attachment or a file download from
a website. Once the file is opened or downloaded, the virus springs into action
and starts executing.

Hiding in Plain Sight

Computer viruses can be quite crafty to remain hidden from both users and
antivirus software alike. Viruses employ stealth techniques such as
polymorphism, which changes their appearance, or encryption methods.

The Damage Done

Once activated, a virus may wreak havoc on your computer system. It can steal
sensitive data, corrupt files, slow down performance, and even crash your entire
system. It can spread from system to system after a user takes action that either
intentionally or accidentally facilitates it.

It’s important to note that viruses are just one type of malware, and many other
types of malicious software can harm your computer or steal your personal
information.

Proofpoint Threat Response

No defense can stop every attack

LEARN MORE

How Do Viruses Spread?

Computer viruses spread through various channels, and being aware of these
channels is essential to protect yourself and your organization from infection.

Email Attachments
One method of virus transmission is through email attachments. Hackers often
disguise their malicious code as seemingly harmless files, such as documents or
images unsuspecting users open without a second thought. For example, Ursnif
banking Trojan campaigns are known to spread via email attachments posing as
invoices or financial statements.

Internet Downloads
Viruses can also hide in software installers, media files, or even browser
extensions that you download from the web. It’s important to be cautious when
downloading files from unknown sources or sketchy websites. A notorious case
was the Download.com scandal, where popular applications were bundled with
adware and other unwanted programs by default.

File Sharing Networks

File sharing networks like torrent sites and peer-to-peer platforms can easily
transmit viruses. Innocent-looking movie torrents or cracked software may carry
hidden payloads designed to compromise your device upon installation. For
example, The Pirate Bay used a browser-based cryptocurrency miner, so when
someone visited the website, their computer was used to mine cryptocurrency
without their knowledge or consent.

Removable Media
Viruses can attach to removable media, such as USB drives and CDs/DVDs,
infecting any computer they’re plugged into. The infamous Stuxnet worm is a
prime example of a virus that spreads through removable media.

To protect yourself and your organization from computer viruses, always exercise
caution and employ robust cybersecurity measures like up-to-date antivirus
software and regular system scans. Remember, knowledge is power, especially
when preventing viruses and cyber-attacks.

What Is a Computer Worm?

A computer worm is a type of malware designed to replicate itself to spread to
other computers. Unlike computer viruses, worms do not require a host program
to spread and self-replicate. Instead, they often use a computer network to
spread themselves, relying on security failures on the target computer to access
it.

Once a worm infects a computer, it uses that device as a host to scan and infect
other computers. When these new worm-infested computers are compromised,
the worm continues to scan and infect other computers using these computers as
hosts. Worms operate by consuming heavy memory and bandwidth loads,
resulting in overloaded servers, systems, and networks.
 What Does a Computer Virus Do?
The way a computer virus acts depends on how it’s coded. It could be something
as simple as a prank that doesn’t cause any damage, or it could be sophisticated,
leading to criminal activity and fraud. Many viruses only affect a local device, but
others spread across a network environment to find other vulnerable hosts.

A computer virus that infects a host device continues delivering a payload until it’s
removed. Most antivirus vendors offer small removal programs that eliminate the
virus. Polymorphic viruses make removal difficult because they change their
footprint consistently. The payload could be stealing data, destroying data, or
interrupting services on the network or the local device.

Computer Viruses vs. Malware

While overlapping in intention and meaning, malware and viruses are two distinct
terms that are often used interchangeably.

Malware is a general term for any type of malicious software, while a virus is a
specific type of malware that self-replicates by inserting its code into other
programs. While viruses are a type of malware, not all malware is a virus.

Malware can take many forms, including viruses, worms, trojans, spyware,
adware, and ransomware, and it can be distributed through infected websites,
flash drives, emails, and other means. A virus requires a host program to run and
attaches itself to legitimate files and programs. It causes a host of malicious
effects, such as deleting or encrypting files, modifying applications, or disabling
system functions.

Signs of Computer Virus

Malware authors write code that is undetectable until the payload is delivered.
However, like any software program, bugs could present issues while the virus
runs. Signs that you have a computer virus include:

 Popup windows, including ads (adware) or links to malicious websites.

 Your web browser home page changes, and you did not change it.
 Outbound emails to your contact list or people on your contact list alert you to
strange messages sent by your account.

 The computer crashes often, runs out of memory with few active programs or
displays the blue screen of death in Windows.

 Slow computer performance even when running few programs or the

computer was recently booted.

 Unknown programs start when the computer boots or when you open specific
programs.

 Passwords change without your knowledge or your interaction on the account.

 Frequent error messages arise with basic functions like opening or using
programs.

Examples of Computer Virus

The web contains millions of computer viruses, but only a few have gained
popularity and infect record numbers of machines. Some examples of
widespread computer viruses include:

 Morris Worm – One of the earliest and most pervasive computer virus
examples, this self-replicating computer program spread through the early
Internet in 1988, slowing down or crashing many machines.

 Nimda – This particular type of worm targeted web servers and computers
running Microsoft Windows operating systems, spreading through multiple
infection vectors in 2001.

 ILOVEYOU – A highly destructive worm that spread via email, disguised as a

love confession and caused widespread damage in 2000 by overwriting files.

 SQL Slammer – A fast-spreading computer worm that exploited a

vulnerability in Microsoft SQL Server, causing network congestion and
disrupting Internet services in 2003.
 Stuxnet – A sophisticated worm designed to target and sabotage industrial
control systems, particularly Iran’s nuclear program, by exploiting zero-day
vulnerabilities in 2010.

 CryptoLocker – This ransomware Trojan, which infected hundreds of

thousands of computers in 2013, encrypted victims’ files and demanded a
ransom for their decryption.

 Conficker – Emerging in 2008, this worm exploited vulnerabilities in Windows

operating systems, creating a massive botnet and causing widespread
infection.

 Tinba – First discovered in 2012, this banking Trojan primarily targeted

financial institutions, aiming to steal login credentials and banking information.

 Welchia – A worm that aimed to remove the Blaster worm from infected
systems and patch the exploited vulnerability but caused unintended network
congestion in 2003.

 Shlayer – A macOS-specific Trojan that primarily spreads through fake

software updates and downloads, delivering adware and potentially unwanted
programs since 2018.

How to Remove a Computer Virus

Removing a computer virus can be a challenging task, but there are several steps
you can take to get rid of it. Common steps to remove a computer virus include:

1. Download and install antivirus software: Assuming you don’t already have
antivirus software installed, download and install a real-time and on-demand
solution, if possible. A real-time malware scanner scans for viruses in the
background while you use the computer. You must start the on-demand
scanner whenever you want to scan your device.

2. Disconnect from the internet: Some computer viruses use the internet
connection to spread, so it’s best to disconnect from the internet when
removing a virus from your PC to prevent further damage.
3. Delete any temporary files: Depending on the type of virus, deleting
temporary files can also delete the virus, as some viruses are designed to
initiate when your computer boots up.

4. Reboot your computer into safe mode: To help mitigate damages to your
computer while you remove a virus, reboot your device in ‘Safe Mode.’ This
will inhibit the virus from running and allow you to remove it more effectively.

5. Run a virus scan: Run a full scan using your antivirus software, opting for the
most thorough or complete scanning option available. If possible, cover all
your hard drive letters during the scan.

6. Delete or quarantine the virus: Once the virus is detected, your antivirus
software will give you the option to delete or quarantine the virus.
Quarantining the virus will isolate it from the rest of your computer to prevent it
from causing further damage.

7. Reboot your computer: Assuming you’ve effectively removed the virus, your
computer can be rebooted. Simply turn on the device as you would do so
normally without initiating the “Safe Mode” option.

8. Update your browser and operating system: To complete the virus removal
process, update your operating system and web browser to the latest version
possible. Browser and OS Updates often contain fixes for particular
vulnerabilities and exploits.

Given the general nature of this process, the outcome may vary from virus to
virus and device to device. If you are unsure if you’ve effectively removed a virus
from your computer, contact an IT or computer professional for assistance.

How to Prevent Computer Viruses

Computer viruses can damage your PC, send sensitive data to attackers, and
cause downtime until the system is repaired. You can avoid becoming the next
computer virus victim by following a few best practices:

 Install antivirus software: Antivirus should run on any device connected to

the network. It’s your first defense against viruses. Antivirus software stops
malware executables from running on your local device.
 Don’t open executable email attachments: Many malware attacks
including ransomware start with a malicious email attachment. Executable
attachments should never be opened, and users should avoid running macros
programmed into files such as Microsoft Word or Excel.

 Keep your operating system updated: Developers for all major operating
systems release patches to remediate common bugs and security
vulnerabilities. Always keep your operating system updated and stop using
end-of-life versions (e.g., Windows 7 or Windows XP).

 Avoid questionable websites: Older browsers are vulnerable to exploits

used when just browsing a website. You should always keep your browser
updated with the latest patches and avoid these sites to prevent drive-by
downloads or redirecting you to sites that host malware.

 Don’t use pirated software: Free pirated software might be tempting, but it’s
often packaged with malware. Download vendor software only from the official
source and avoid using software pirated and shared software.

 Use strong passwords: Make sure your passwords are highly secure and
difficult to guess. Avoid using the same password across multiple accounts
and change them regularly to mitigate vulnerabilities and prevent hackers
from stealing them.

 Remain vigilant: Always be cautious when downloading files or software

from the internet or opening suspicious email attachments. Turn off file
sharing and never share access to your computer with someone you don’t
know. Also, avoid keeping sensitive or private information stored on your
computer