13 Different Types of Computer Viruses

A computer virus is a malware program that is written intentionally to gain access to a computer without its owner’s permission. These kinds of programs are primarily written to steal or destroy computer data. Most systems catch viruses due to program bugs, the vulnerability of operating systems, and poor security practices.

There are different types of computer viruses that can be categorized according to their origin, spreading capabilities, storage location, files they infect and destructive nature. Let’s elaborate on these kinds of viruses and see how they actually work.

Before we start, do you know the first-ever computer virus (named Creeper) was an experimental self-replicating program written by Bob Thomas at BBN Technologies in 1971?

1. Boot Sector Virus

Boot Sector virus infects the storage device’s master boot record (MBR). Any media, whether it is bootable or not can trigger this virus. These viruses inject their code to hard disk’s partition table. It then gets into the main memory once the computer restarts.

Booting problems, unstable system performance and inability to locate hard disk are common issues that may arise after getting infected. However, it has become rare since the decline in floppy disks. Modern operating systems come with an inbuilt boot sector safeguard which makes it difficult to find the MBR.

Can affect: Any file after getting into the main memory

Examples: Form, Disk Killer, Stone virus, Polyboot.B

Protection: Make sure that the disk you are using is write-protected. Do not start/restart the computer with unknown external disks connected.

2. Direct Action Virus

This virus quickly gets into the main memory, infects all programs/files/folder defined in Autoexec.bat path and then deletes itself. It can also destroy the data present in harddisk or USB attached to the computer.

While these viruses are found in hard disk’s root directory, they are capable of changing location on every execution. In most cases, they don’t delete system files but alter the system’s overall performance.

Can affect: All .exe and .com file extension

Example: VCL.428, created by the Virus Construction Laboratory

Protection: Use antivirus scanner. Direct action virus is easy to detect and all infected files can be restored completely.

3. Overwrite Virus

Overwrite viruses are very dangerous. They have affected a wide range of operating system including Windows, DOS, Macintosh, and Linux. They simply delete the data (partially or completely) and replace the old code with their own.

They replace the file content without changing its size. It is easy to detect as the original program stops working. Once the file gets infected, it can’t be restored and you will end up losing all data.

Can affect: Any file

Examples: Grog.377, Grog.202/456, Way, Loveletter

Protection: The only way to get rid of this virus is to delete all the infected files, so it’s better to keep your antivirus program updated, especially if you are using Windows.

4. Web Scripting Virus

A web scripting virus breaches web browser security and allows attackers to inject client-side scripting into the web page. They propagate quite faster than other conventional viruses.

It is used to attack large sites like social networking, user review or email. It has the potential to send a large amount of spam, fraud activity, and damage files on sever.

Can affect: Any web page by injecting hidden code in header, footer or root access file.

Examples: DDos, JS.fornight

Protection: Use malicious software removal tool in Windows, disable scripts, use cookie security or install real-time protection software for the web browser.

5. Directory Virus

Directory Virus (also known as Cluster virus) infects the file by changing the DOS directory information. In this case, DOS points to the virus code rather than pointing to the original program.

When you run a program, DOS first loads and executes the virus code before running the actual program code. It becomes very difficult to locate the original file after getting infected.

Can affect: The entire program in the directory

Example: Dir-2

Protection: Install the antivirus to relocate the misplaced files.

6. Polymorphic Virus

The polymorphic virus encodes themselves using different encryption keys and algorithms each time they infect a program or create a copy of itself. Because of different encryption keys, it becomes very difficult for the antivirus software to find them. In other words, it is a self-encrypted virus which is designed to avoid detection by scanners.

Can affect: Any file

Examples: Whale, Simile, SMEG engine, 1260

Protection: Install advanced, high-end antivirus

7. Memory Resident Virus

These viruses live in primary memory (RAM) and get activated whenever you switch on the computer. They affect all files currently running on the desktop. Basically, it allocates memory, blocks original scripts, and runs its own code when any program is executed.

Can affect: Any file running on PC and files that are being copied or renamed.

Examples: Randex, Meve, CMJ

Protection: Install strong antivirus software

8. Macro Virus

There are a few software such as a word processor that allows a macro program to embed in documents. This virus is written in the macro language, so it may run automatically when the document is opened and it can easily spread to other files too.

It depends on the application rather than the operating system. They are generally hidden in documents that are more likely shared via email.

Can affect: .mdb, .PPS, .Doc, .XLs files

Examples: Bablas, Concept and Melissa virus

Protection: Disable macros and Don’t open emails from unknown sources. Alternatively, you can install modern antivirus software that can detect marco virus easily.

9. Companion Virus

Companion Viruses were more popular during the MS-DOS era. Unlike traditional viruses, they do not modify the existing file. It creates a copy of a file with a different extension (usually .com) which runs in parallel with the actual program.

For example, if there is a file named abc.exe, this virus will create another hidden file named abc.com. And when the system calls a file ‘abc’, the .com (higher priority extension) runs before the .exe extension. It can perform malicious steps such as deleting the original files.

Can affect: All .exe files

Examples: Stator, Terrax.1096

Protection: Can be easily detected because of the presence of additional .com file. Install reliable antivirus software and avoid downloading attachments of unsolicited emails.

10. Multipartite virus

The Multipartite virus infects and spreads in multiple ways depending on the operating system. They usually stay in memory and infect the hard disk.

Once it gets into the system, it infects all drives by altering applications’ content. You will soon start noticing performance lag and low virtual memory available for user applications.

Can affect: Files and boot sector

Examples: Ghostball, Invader

Protection: Clean boot sector and entire disk before reloading the data. Do not open attachments from a non-trusted internet source and install quality antivirus software.

11. FAT Virus

FAT stands for file allocation table which is a section of storage disk that is used to store information, such as the location of all files, total storage capacity, available space, used space etc. A FAT virus alters the index and makes it impossible for the computer to allocate the file. It is powerful enough to force you to format the whole disk.

Can affect: Any file

Example: The link virus

Protection: Avoid downloading files from non-trusted sources, especially those identified as “attack site” by browser or search engine. Use robust antivirus software.

Other malware that are not Virus but are equally dangerous – 

12. Trojan Horse

Image credit: Wikimedia

Trojan Horse (or Trojan) is a non-replicating type of malware that looks legitimate. Users are typically tricked into loading and executing it on the system. It can destroy/modify all the files, crash the computer, modify the registry, and is strong enough to give hackers remote access to your PC.

Examples: ProRat, ZeroAccess, Beast, Netbus, Zeus

Protection: Use reliable high-end antivirus software and update it regularly

Read: 15 Worst Computer Viruses of all time | Explained

13. Wor

Worm is a standalone malware program that replicates itself in order to spread to other computers. It relies on networks (mostly emails) and security holes to travel from one system to another. Unlike viruses, it overloads the network by replicating or sending too much data (overusing bandwidth), forcing the hosts to shut down the server.

Example: Code red, ILOVEYOU, Morris, Nimda, Sober, WANK

Protection: Use antivirus and anti-spyware software.

Read: 20 Best Free Antivirus and Anti-malware Android Apps

Logic Bombs

They are not a virus but inherently malicious like worms and viruses. It is a piece of code intentionally inserted (hidden) into a software tool. This code is executed after certain criteria are met.

For example, a cracker can insert a Keylogger code inside any web browser extension. The code gets activated whenever you visit a login page and then captures the keystrokes that you entered while filling your username and passwords. These malicious codes are known as Logic Bombs.