What is a computer virus?

Most viruses require a host to replicate. These hosts tend to be executable files that run virus code when opened. If that happens, the virus can infect local apps and connected devices. This makes it vital to monitor downloads and scan files before opening them.

Types of computer viruses

"Computer virus" is a broad cybersecurity category, and security professionals must counter many varieties. Robust security should scan for all types of computer viruses, leaving no vulnerabilities for attackers to exploit.

Common computer virus types include:

• Direct action viruses: Direct action viruses work extremely quickly. They attack a system's memory via the autoexec.bat file path and immediately delete themselves. In the process, these viruses corrupt or damage all executable files in the same directory, potentially wiping out USB or hard drives.
• Resident viruses: This virus type infects system files and remains "resident" on the targeted device. Resident viruses infect applications that users open. They often use stealth measures to make detection difficult.
• Multipartite viruses: These viruses employ many techniques to infect targets. For example, a multipartite virus program could target a victim's boot sector, operating system, and executable apps. This approach makes removal more complicated due to multiple infection vectors.
• Polymorphic viruses: These advanced viruses change their code following each infection. This creates a different signature, complicating the task of antivirus software. Extreme forms known as metamorphic viruses completely change their code between infections.
• Boot sector virus: This virus program infects the boot sector and operating system of a targeted device. Boot sector viruses usually compromise the master boot record, hard disk partitions, and the computer's memory. Infections can slow down boot-up processes, compromise hard disk performance, and damage general system functionality.
• Overwrite viruses: This computer virus type deletes data and replaces it with versions determined by the virus program. Targets cannot rename overwritten data, rendering documents or software unusable.
• Macro viruses: These viruses resemble Microsoft Excel or Word macros. Attackers embed virus code into credible documents. The virus executes when victims open the document, often without their knowledge.
• Email viruses: Email viruses take the form of email attachments, often alongside phishing emails. The virus runs when users open the attachment, making email scanning and download protection tools vital.
• Browser hijacker viruses: Browser hijackers infect web browsers. They change browser settings, for example by altering home pages or default searches. Victims cannot restore their browser settings, while the virus harvests data or sends pop-ups to their device. Hijackers are linked to malicious extensions, making download protection essential.
• Web scripting viruses: Scripting viruses are browser-based viruses that inject malicious code into web pages. The malicious code executes when users visit affected sites and use text entry fields or click download links, allowing the virus to replicate and spread.
• Network viruses: As the name suggests, network viruses target networking infrastructure. This makes them serious threats to business networks. These viruses spread across all connected network devices via internet connections and emails. They may steal data or establish backdoors for malicious access while evading detection by copying legitimate network traffic.
• File infectors: These common viruses overwrite legitimate files or documents when activated, and generally affect .com or .exe files. Infectors operate quickly and can be devastating, although high-quality antivirus software provides an effective countermeasure.

The types of computer viruses listed above can take many forms. For instance, security teams may encounter Trojan viruses that mimic legitimate software and require user actions to replicate. Viruses may also launch ransomware attacks or link devices to botnets for secondary attacks.

What causes a computer virus?

There are many computer virus types, but all act by infecting target devices. So, how does the initial infection happen, and what can we do to make infection less likely? The first step is understanding the root causes.

The most common cause is downloading an infected virus program. Common vectors for virus infection include:

• Downloading infected email attachments
• Malicious software downloads from app marketplaces
• Drive-by downloads from unsafe websites
• Unscanned documents containing macro viruses
• Using untrusted browser extensions
• File transfers from compromised hardware (such as USB sticks)
• Infection via file-sharing tools, for example, P2P networks

The common theme is that viruses require victims to take action before they can execute. A virus program must pass from the attacker to the target or from a previously infected device.

Because of this, we can also say that weak antivirus security is a root cause of infection. With robust protection, security teams can safeguard critical assets and block most of the above threats. Without protection, networks are exposed to many virus attacks.

The Cryptolocker Ransomware virus shows how this works. Distributed via emails and seemingly safe downloads, this trojan-style virus encrypted user files until victims paid large crypto ransoms. The overall costs of Cryptolocker are unknown. However, security experts believe the creators earned over $3 million from their successful infections.

How do computer viruses spread?

Viruses are designed to replicate and spread. Replication is their core purpose, and advanced types do so with speed and stealth. As a result, it's essential to understand how viruses spread when putting in place countermeasures.

Infection processes vary slightly, but infection by common computer viruses usually follows a similar playbook.

1. Initial infection: The virus infects a host file. This could be an emailed document, a network app, or a web asset on download sites.
2. Download and activation: The target downloads the host file. Social engineering scams may convince them to execute a malicious attachment. Or the target could accidentally add a browser extension from an untrusted source. The virus becomes active when the target executes the host file.
3. Virus execution: When active, the virus carries out its pre-determined role. For example, it could overwrite or delete files, inject malicious code, log keystrokes, or send spam emails to user contacts. At this stage, the virus often passes from the host file to the target's operating system.
4. Replication: Following activation, the virus also spreads to connected software and devices. It replicates its harmful activity on every infected device, potentially leading to severe network damage.

Signs of a computer virus

Victims can usually tell when a computer virus is active on their system. Viruses produce several common symptoms that should immediately raise security concerns.

• Reduced system speeds: Computer viruses consume CPU resources and memory as they execute their tasks. They may execute background processes, congest network bandwidth, and compromise hard disk performance via disk thrashing. All of these processes tend to make systems run slower than normal.
• Self-executing programs: Programs that execute or close without user requests often indicate a virus infection. Similarly, programs that usually work seamlessly may fail to load via their desktop icons or the Windows Start Menu. Some viruses automatically execute during start-up, adding new system processes. Any unusual processes could be evidence of virus infections.
• Unwanted pop-up windows: Browser hijacker viruses deliver unwanted ads to internet users. Any unrequested browser windows could indicate infection, whether they are ads or security notifications.
• Unexpected user logouts: Viruses may force users to close applications and connected network services. Sudden spikes in connectivity issues across network devices can result from widespread virus infection.
• Hard disk anomalies: Viruses may access and edit files without user activity. If your hard disk shows activity during idle periods, a virus could be at work.
• Regular system crashes: Individual devices may repeatedly crash or fail to boot properly. This could be due to direct action by viruses or system overload as a secondary effect. Either way, viruses can make devices unusable.
• Webpage edits: Code injection viruses change the code on insecure web pages to enable replication. Unrequested webpage changes could be due to a virus infection.
• Automated email spam: Email viruses hijack user accounts to send spam messages to contacts. These emails are often part of convincing social engineering campaigns, making them hard to detect. Any unrequested outbound mail could be a virus symptom, especially messages with unusual email attachments.

Remember: when these symptoms emerge, the virus is embedded and active. Detection after the event is better than no detection at all. However, detection and prevention before infection occurs is much better.

How to avoid a computer virus

Proactive antivirus measures are critically important. Let's conclude by exploring the components of a robust antivirus strategy.

Use trusted and regularly updated antivirus software

Protect network endpoints with reliable antivirus software. Don't allow network users to choose their antivirus software. Enforce a list of acceptable vendors or directly provide virus-scanning tools to user devices.

Antivirus software also requires regular updates. Viruses change constantly, along with their viral signatures. Outdated antivirus software gradually loses the ability to recognize critical threats. Implement patch management policies to ensure all endpoints are updated and protected.

Protect against malicious files with download protection

Standard antivirus software struggles to scan email attachments and downloads via web browsers. To be completely secure, companies must scan all files entering the network before allowing users to execute them.

NordLayer's download protection feature can help. Download protection software scans all downloads for malware. It mobilizes threat intelligence to catch the latest computer virus types and operates in real time. There is no need for manual operation.

Train employees to understand the risks of email attachments

Computer virus infections often result from clicking on malicious links or downloading unsafe attachments. Ensure all staff understand the risks linked to unrequested emails and know how to detect phishing messages.

If necessary, explore email sandboxing tools. These tools create secure zones to contain documents or files before they enter the network environment. Anti-virus software can test attachments for viruses before allowing user access.

Strengthen your policies on external devices

Computer viruses often infect networks via external devices like USB drives or personal laptops. If you operate bring-your-own-device (BYOD) policies, employees must install antivirus tools and register their devices.

Use device posture security tools to check connected devices and identify unknown endpoints. Block unknown devices until users install appropriate protective software.

Enforce secure web browsing

Network users should always browse the web safely, especially when accessing workloads and sensitive data.

Secure enterprise browsers or DNS filtering products can help by blocking malicious pop-ups and access to potentially malicious websites before users can interact with them. Secure browsers scan for dangerous extensions and enforce security policies for all connected devices. This helps to prevent onward transmission if a user device suffers a computer virus infection.

Schedule regular data backups

Responsible organizations understand that computer virus infections are possible, even with robust security precautions. Regularly back up critical data and applications. This helps restore system availability during ransomware attacks and mitigates overwrite virus infections.

Secure your network against computer virus threats

Acquiring computer viruses is easy. At any moment, network users can open unsafe attachments, visit malicious sites, or attach compromised hardware. One bad decision can infect an entire network. That’s why _all c_ompanies need robust antivirus measures.

Viruses may never go away, but you can minimize data risks by following security best practices. Protect your data by using reliable antivirus software, applying regular updates, training staff, and implementing advanced download protection.