A computer virus is a harmful program intentionally designed to access a computer without the owner’s permission, often with the goal of stealing or destroying data.
Viruses often infect systems because of programming errors, weaknesses in operating systems, and lax security practices. According to AV-Test, an independent organization that analyzes and rates antivirus and security suite software, about 560,000 new malware pieces are detected every day.
Computer viruses come in various types, classified by their origin, how they spread, where they store themselves, the files they affect, and their destructive capabilities. Each type brings a unique set of characteristics and threats.
Let’s dig deeper to see how different types of viruses actually work.
Did you know?In 2017, the WannaCry ransomware affected over 200,000 computers across 150 countries by exploiting a vulnerability in Windows systems. This cybercrime is estimated to have caused $4 billion in losses worldwide.
Table of Contents
1. Boot Sector Virus
Can affect: Any file after getting into the main memory
A Boot Sector virus targets a storage device’s master boot record (MBR). Any media, whether it is bootable or not, can trigger this virus. The virus injects its code into the hard disk’s partition table and enters the computer’s main memory upon restarting.
The common issues that may arise after getting infected include booting problems, unstable system performance, and inability to locate hard disks.
Since the boot sector virus can encrypt the boot sector, it may be difficult to remove. In most cases, users are not even aware they have been infected with a virus until they scan the system with an antivirus program.
However, this type of virus has become rare since the decline in floppy disks. Modern operating systems come with an inbuilt boot sector safeguard, which makes it difficult to find the MBR.
Protection: Make sure that the disk you are using is write-protected. Do not start/restart the computer with unknown external disks connected.2. Direct Action Virus
Example: VCL.428, created by the Virus Construction LaboratoryCan affect: All .exe and .com file extension
Direct Action Virus quickly gets into the main memory, infects all programs/files/folders defined in the Autoexec.bat path, and then deletes itself. It can also destroy the data present in a hard drive disk or USB attached to the computer.
They usually spread when the file in which they are contained is executed. As long as you don’t run or open the file, it shouldn’t spread to other parts of your device or your network.
Even though these viruses are often located in the root directory of the hard disk, they can change their location with each execution. While they usually don’t delete system files, they can significantly impact the overall performance of the system.
Protection: Use an antivirus scanner. Direct action virus is easy to detect, and all infected files can be completely restored.3. Overwrite Virus
Examples: Grog.377, Grog.202/456, Way, LoveletterCan affect: Any file
Overwrite viruses are very dangerous. They have affected a wide range of operating systems, including Windows, DOS, Macintosh, and Linux. They simply delete the data (partially or completely) and replace the original code with their own.
They replace file content without changing its size. And once the file is infected, it cannot be restored and you will end up losing all data.
Furthermore, this type of virus can not only make applications un-operational but also encrypt and steal your data on execution.
While they are very effective, attackers do not use overwrite viruses anymore. They tend to focus on tempting users with genuine Trojan horses and distributing malicious code via email.
Protection: The only way to get rid of this virus is to delete all the infected files, so it’s better to keep your antivirus program updated, especially if you are using Windows.4. Web Scripting Virus
Can affect: Any web page by injecting hidden code in the header, footer, or root access file
A web scripting virus breaches web browser security, allowing attackers to inject client-side scripting into the web page. It propagates quite faster than other conventional viruses.
When it breaches the web browser security, it injects malicious code to alter some settings and take over the browser. Typically, it spreads with the help of infected ads that pop up on web pages.
Web scripting viruses mostly target social networking sites. Some are powerful enough to send spam emails and initiate dangerous attacks such as DDoS attacks to make the server unresponsive or ridiculously slow.
They can be further categorized into two groups:
- Persistent web scripting virus: can impersonate a user and cause a lot of damage.
- Non-persistent web scripting virus: attacks the user without getting noticed. It operates in the background and remains forever hidden from the user.
5. Directory Virus
Example: Dir-2Can affect: The entire program in the directory
Directory Virus (also known as Cluster virus) infects the file by changing the DOS directory information. It changes DOS in such a way that it points to the virus code rather than pointing to the original program.
More specifically, this virus injects malicious code into a cluster and marks it as allocated in the FAT. It then saves the first cluster and uses it to target other clusters that are associated with the file it wants to infect next.
When you run a program, DOS loads and executes the virus code before running the actual program code. In other words, you unknowingly run the virus program, and the original program is relocated by the virus. This makes it challenging to locate the original file once it’s infected.
Protection: Install the antivirus to relocate the misplaced files.6. Polymorphic Virus
Examples: Whale, Simile, SMEG engine, UPolyXWell, that’s the Workbench install on that one completed buggered-up. I’m like a human-computer virus. A polymorphic human-computer virus. I’d like to see Norton AV stop me. I spread from Amiga to Amiga, destroying Workbench installs as I bloody go. #ShootMe pic.twitter.com/VWUsrdwh8O
— 3DO, PS1 & Atari Will (@ste_mega) February 25, 2021
Can affect: Any file
Polymorphic viruses encode themselves using different encryption keys each time they infect a program or create a copy of themselves. Because of different encryption keys, it becomes very difficult for the antivirus software to find them.
This type of virus depends on mutation engines to change its decryption routines every time it infects a device. It uses complex mutation engines that generate billions of decryption routines, which makes it even more difficult to detect.
In other words, it is a self-encrypted virus that is designed to avoid detection by scanners.
The first known polymorphic virus (named “1260”) was created by Mark Washburn in 1990. It infects .com files in the current or PATH directories upon execution.
Protection: Install advanced antivirus tools that are equipped with newer security technologies (such as machine learning algorithms and behavior-based analytics) to detect threats7. Memory Resident Virus
Can affect: Currently running files on PC as well as files that are being copied or renamed
Memory resident virus lives in primary memory (RAM) and gets activated when you switch on the computer. It affects all files currently running on the desktop.
Since the virus loads its replication module into the main memory, it can infect files without being executed. It automatically gets activated whenever the operating system loads or performs specific functions.
There are two types of memory-resident viruses:
- Fast infectors are specifically built to corrupt as many files it can as quickly as possible. They are very easy to notice because of their adverse effects.
- Slow infectors gradually degrade the performance of the computer. They spread more widely because they can go undetected for much longer.
If you are lucky, your antivirus software may have an extension or plugin that can be downloaded on a USB flash drive and run to remove the virus from memory. Otherwise, you may have to reformat the machine and restore whatever you can from the available backup.
8. Macro Virus
Can affect: .mdb, .PPS, .Doc, .XLs files
These viruses are written in the same macro language used for popular software programs such as Microsoft Excel and Word. They insert malicious code in the macros that are associated with spreadsheets, documents, and other data files, causing the infected program to run as soon as the document is opened.
Macro viruses are designed to corrupt data, insert words or pictures, move text, send files, format hard drives, or deliver even more destructive kinds of malware. They are transmitted through phishing emails. And they mostly target MS Excel, Word, and PowerPoint files.
Since this type of virus centers on applications (not on operating systems), it can infect any computer running any operating system, even those running Linux and macOS.
Protection: Disable macros and do not open emails from unknown sources. You can also install modern antivirus software that can detect easily detect macro viruses.9. Companion Virus
Examples: Stator, Terrax.1096Can affect: All .exe files
Companion viruses were more popular during the MS-DOS era. Unlike conventional viruses, they do not modify the existing file. Instead, they create a copy of a file with a different extension (such as .com), which runs in parallel with the actual program.
For example, if there is a file named abc.exe, this virus will create another hidden file named abc.com. And when the system calls a file ‘abc’, the .com (higher priority extension) runs before the .exe extension. It can perform malicious steps such as deleting the original files.
In most cases, companion viruses require human intervention to further infect a machine. After the arrival of Windows XP, which doesn’t use the MS-DOS interface much anymore, there were fewer ways for such viruses to propagate themselves.
However, the virus still works on recent versions of Windows operating systems if a user opens a file unintentionally, especially when the ‘show file extension’ option is deactivated.
Protection: The virus can be easily detected because of the presence of an additional .com file. Install reliable antivirus software and avoid downloading attachments of unsolicited emails.10. Multipartite Virus
Can affect: Files and boot sector
The Multipartite virus infects and spreads in multiple ways depending on the operating system. It usually stays in memory and infects the hard disk.
Unlike other viruses that either affect the boot sector or program files, the multipartite virus attacks both the boot sector and executable files simultaneously, causing more damage.
Once it gets into the system, it infects all drives by altering applications’ content. You will soon start noticing performance lag and low virtual memory available for user applications.
The first reported multipartite virus was “Ghostball.” It was detected in 1989 when the Internet was still in its early phase. At that time, it wasn’t able to reach many users.
However, things have changed a lot since then. With more than 4.66 billion active internet users worldwide, multipartite viruses pose a serious threat to businesses and consumers.
Protection: Clean the boot sector and the entire disk before storing any new data. Do not open attachments from a non-trusted internet source, and install a legitimate and trusted antivirus tool.11. FAT Virus
Example: The link virusCan affect: Any file
FAT stands for file allocation table, a section of storage disk used to store information, such as the location of all files, total storage capacity, available space, used space, etc.
A FAT virus alters the index and makes it impossible for the computer to allocate the file. It is powerful enough to force you to format the whole disk.
In other words, the virus doesn’t modify host files. Instead, it forces the operating system to execute malicious code altering particular fields in the FAT file system. This prevents your computer from accessing specific sections on the hard drive where important files are located.
As the virus spreads its infection, several files or even entire directories can be overwritten and permanently lost.
Protection: Avoid downloading files from non-trusted sources, especially those identified as “attack/unsafe sites” by browser or search engine. Use robust antivirus software.Other Malware That Are Not Viruses But Are Equally Dangerous
12. Trojan Horse
Examples: ProRat, ZeroAccess, Beast, Netbus, ZeusTrojan Horse (or Trojan) is a non-replicating type of malware that looks legitimate. Users are typically tricked into loading and executing it on their system. It can destroy/modify all the files, modify the registry, or crash the computer. In fact, it can give hackers remote access to your PC.
Generally, trojans are usually spread through different forms of social engineering. For example, users are tricked into clicking on fake advertisements or opening email attachments disguised to appear genuine.
Protection: Avoid opening unknown files attached to email (especially those with extensions like .exe, .bat, and .vbs). Use reliable high-end antivirus software and update it regularly13. Worm
Hex dump of the Blaster worm, displaying a message left for then-Microsoft CEO Bill Gates
A worm is a standalone malware program that replicates itself in order to spread to other computers. It relies on networks (mostly emails) and security holes to travel from one system to another. Unlike viruses, it overloads the network by replicating or sending too much data (overusing bandwidth), forcing the hosts to shut down the server.
A worm is capable of replicating itself without any human interaction. It doesn’t even need to attach an application to cause damage.
Most worms are designed to modify content, delete files, deplete system resources, or inject additional malicious code onto a computer. They can also steal data and install a backdoor, making it easy for attackers to gain control over a machine and its system settings.
Protection: Keep your operating system updated and make sure you are using a strong security software solution.14. Logic Bombs
Logic bombs are not a virus but inherently malicious like worms and viruses. It is a piece of code intentionally inserted (hidden) into a software program. The code is executed when certain criteria are met.
For example, a cracker can insert a Keylogger code inside any web browser extension. The code gets activated every time you visit a login page. It then captures all your keystrokes to steal your username and password.
Logic bombs can be inserted into existing software or into other forms of malware, such as worms, viruses, or Trojan horses. They then lie dormant until the trigger occurs, and can go undetected for years.
Protection: Periodically scan all files, including compressed ones, and keep your antivirus software updated.Frequently Asked Questions
When was the very first computer virus created?
The first-ever computer virus (named Creeper) was written by Bob Thomas at BBN Technologies in 1971. Creeper was an experimental self-replicating program that had no malicious intent. It only displayed a simple message: “I’m creeper. Catch me if you can!”
Who created the first PC virus?
In 1986, Amjad Farooq Alvi and Basit Farooq Alvi wrote a boot sector virus named ‘Brain’ to deter unauthorized copying of the software they had created. ‘Brain’ is considered to be the first computer virus for the IBM PC and compatibles.
Amjad Farooq and Basit Farooq made world’s first computer virus named “Brain Boot Sector Virus” in 1986. It was made for MS-DOS operating systems. The virus used to infect the boot sector of storage media formatted with the DOS File Allocation Table (FAT) file system. pic.twitter.com/MnOaJoDEDJ
— Rafay (@xgboostin) January 26, 2021
The first virus to specifically target Microsoft Windows was WinVir. It was discovered in 1992. The virus didn’t contain any Windows API calls. Instead, it relied on the DOS API.
What is the most expensive cyberattack of all time?
The most destructive malware to date is MyDoom. First sighted in January 2004, it became the fastest-spreading email worm ever. It created network openings that allowed attackers to access infected machines.
In 2004, nearly one-fourth of all emails had been infected by MyDoom. The virus caused over 38 billion in estimated damages.
Emerging cybersecurity trends that can help combat computer viruses
In recent years, we have witnessed several emerging trends and technologies in cybersecurity aimed at combating computer viruses. For example,
- Artificial Intelligence and Machine Learning models are being used to detect previously unseen threats
- Behavioral analytics can detect abnormal patterns that may go unnoticed by traditional signature-based methods
- Endpoint Detection and Response (EDR) solutions provide visibility into activities on individual devices, enabling faster response to potential threats
- Blockchain technology provides a decentralized and tamper-resistant way to store and verify security-related data
- Deception technology adds an extra layer of defense by deploying decoy assets and false data to mislead attackers
Cyber Security Market Size
According to Fortune Bussiness Insights, the global cyber security market size will exceed $424.97 billion by 2030, growing at a CAGR of 13.8%.
This growth is driven by several key factors, including the increasing sophistication of attacks, the widespread adoption of digital technologies, and regulatory compliance requirements for robust cybersecurity solutions.
Read More
Hi Varun,
Thanks for sharing the valuable information. Get huge information about different types virus from this post.
Glad, you find this helpful 🙂
Thanks for sharing knowledge to us….
Love from Nepal
Thanks a lot was so much more than I expected, it really helped me.