What is computer virus?
A computer virus is a type of malware that attaches to another program (like a document), which can replicate and spread after a person first runs it on their system. For instance, you could receive an email with a malicious attachment, open the file unknowingly, and then the computer virus runs on your computer. Viruses are harmful and can destroy data, slow down system resources, and log keystrokes.
Cybercriminals arenât creating new viruses all the time, instead they focus their efforts on more sophisticated and lucrative threats. When people talk about âgetting a virusâ on their computer, they usually mean some form of malwareâit could be a virus, computer worm, Trojan, ransomware or some other harmful thing. Viruses and malware continue to evolve, and often cybercriminals use the type that gives them the best return at that particular time.
âWhen people talk about âgetting a virusâ on their computer, they usually mean some form of malwareâit could be a virus, computer worm, Trojan, ransomware or some other harmful thing.â
Virus vs. malware – what is the difference?
The terms âvirusâ and âmalwareâ are often used interchangeably, but theyâre not the same thing. While a computer virus is a type of malware, not all malware are computer viruses.
The easiest way to differentiate computer viruses from other forms of malware is to think about viruses in biological terms. Take the flu virus, for example. The flu requires some kind of interaction between two peopleâlike a hand shake, a kiss, or touching something an infected person touched. Once the flu virus gets inside a personâs system it attaches to healthy human cells, using those cells to create more viral cells.
A computer virus works in much the same way:
- A computer virus requires a host program.
- A computer virus requires user action to transmit from one system to another.
- A computer virus attaches bits of its own malicious code to other files or replaces files outright with copies of itself.
Itâs that second virus trait that tends to confuse people. Viruses canât spread without some sort of action from a user, like opening up an infected Word document. Worms, on the other hand, are able to spread across systems and networks on their own, making them much more prevalent and dangerous.
Famously, the 2017 WannaCry ransomware worm spread around the world, took down thousands of Windows systems, and raked in an appreciable amount of untraceable Bitcoin ransom payments for the alleged North Korean attackers.
Computer viruses donât typically capture headlines like thatâat least not anymore. They are still a harmful type of malware, but they are not the only type of threat out there today, on your computer or mobile device.
Windows, Mac, Android, and iOS
Many computer viruses target systems running Microsoft Windows. Macs, on the other hand, have enjoyed a reputation as virus-proof super machines, but in Apple’s own admission, Macs do get malware. There are more Windows users in the world than Mac users and cybercriminals simply choose to write viruses for the operating system (OS) with the largest amount of potential victims.
Today, the “computer” in our pockets may be the one we use most often: our smartphones. Android and iOS are susceptible to various forms of malware, too. Fortunately, most cybersecurity companies like Malwarebytes offer protection for Windows, Mac, Android, and iOS today.
Computer virus examples
Sometimes to understand what something is, we have to examine what it isnât. Keeping that in mind, letâs play: Is It a Virus?
In the Is It a Virus game weâre going to take a look at examples of things people on the Internet commonly believe to be a virus and explain why it is or isnât. What fun!
Is a Trojan a virus? Trojans can be viruses. A Trojan is a computer program pretending to be something itâs not for the purposes of sneaking onto your computer and delivering some sort of malware. To put it another way, if a virus disguises itself then itâs a Trojan. A Trojan could be a seemingly benign file downloaded off the web or a Word doc attached to an email. Think that movie you downloaded from your favorite P2P sharing site is safe? What about that âimportantâ tax document from your accountant? Think twice, because they could contain a virus.
Is a worm a virus? Worms are not viruses, though the terms are sometimes used interchangeably. Even worse, the terms are sometimes used together in a strange and contradictory word salad; i.e. a âworm virus malware.â Itâs either a worm or a virus, but it canât be both, because worms and viruses refer to two similar but different threats. As mentioned earlier, a virus needs a host system to replicate and some sort of action from a user to spread from one system to the next.
A worm, conversely, doesnât need a host system and is capable of spreading across a network and any systems connected to the network without user action. Once on a system, worms are known to drop malware (often ransomware) or open a backdoor.
Is ransomware a virus? Ransomware can be a virus. Does the virus prevent victims from accessing their system or personal files and demands ransom payment in order to regain access Ă la ransomware? If so, then itâs a ransomware virus. In fact, the very first ransomware was a virus (more on that later). Nowadays, most ransomware comes as a result of computer worm, capable of spreading from one system to the next and across networks without user action (e.g. WannaCry).
Is a rootkit a virus? Rootkits are not viruses. A rootkit is a software package designed to give attackers ârootâ access or admin access to a given system. Crucially, rootkits cannot self-replicate and donât spread across systems.
Is a software bug a virus? Software bugs are not viruses. Even though we sometimes refer to a biological virus as a âbugâ (e.g. âI caught a stomach bugâ), software bugs and viruses are not the same thing. A software bug refers to a flaw or mistake in the computer code that a given software program is made up of. Software bugs can cause programs to behave in ways the software manufacturer never intended.
The Y2K bug famously caused programs to display the wrong date, because the programs could only manage dates through the year 1999. After 1999 the year rolled over like the odometer on an old car to 1900. While the Y2K bug was relatively harmless, some software bugs can pose a serious threat to consumers. Cybercriminals can take advantage of bugs in order to gain unauthorized access to a system for the purposes of dropping malware, stealing private information, or opening up a backdoor. This is known as an exploit.
How do I prevent computer viruses?
Preventing computer viruses from infecting your computer starts with situational awareness.
âSituational awareness is something law enforcement and militaries have practiced for decades. It refers to a police officer or a soldierâs ability to perceive threats and make the best decision possible in a potentially stressful situation,â said Malwarebytes Head of Security, John Donovan.
âAs it applies to cybersecurity, situational awareness is your first line of defense against cyberthreats. By staying on the lookout for phishing attacks and avoiding suspicious links and attachments, consumers can largely avoid most malware threats.â
Regarding email attachments and embedded links, even if the sender is someone you know: viruses have been known to hijack Outlook contact lists on infected computers and send virus laden attachments to friends, family and coworkers, the Melissa virus being a perfect example.
If an email reads oddly, itâs probably a phishing scam or malspam. When in doubt about the authenticity of an email, donât be afraid to reach out to the sender. A simple call or text message can save you a lot of trouble.
Next, invest in good cybersecurity software. Weâve made a distinction between computer viruses and malware, which now begs the question, âDo I need antivirus software or anti-malware software?â Weâve covered this topic before in great detail so checkout our article on antivirus vs. anti-malware. For now, though, hereâs a quick gloss on the subject.
Antivirus (AV) refers to early forms of cybersecurity software focused on stopping computer viruses. Just viruses. Anti-malware refers to all-encompassing threat protection designed to stop old-fashioned viruses as well as todayâs malware threats. Given a choice between traditional AV with limited threat detection technology and modern anti-malware with all the bells and whistles, invest in anti-malware and rest easy at night.
As mentioned previously in this piece, traditional AV solutions rely on signature-based detection. AV scans your computer and compares each and every file against a database of known viruses that functions a lot like a criminal database. If thereâs a signature match, the malicious file is thrown into virus jail before it can cause any damage.
The problem with signature-based detection is that it canât stop whatâs known as a zero-day virus; that is, a virus that cybersecurity researchers have never seen before and for which there is no criminal profile. Until the zero-day virus is added to the database, traditional AV canât detect it.
Malwarebytesâ Multi-Vector Protection, conversely, combines several forms of threat detection technology into one malware crushing machine. Amongst these many layers of protection, Malwarebytes uses whatâs called heuristic analysis to look for telltale malicious behavior from any given program. If it looks like a virus and behaves like a virus, then itâs probably a virus.
Use a VPN to protect your privacy online, especially when you’re on the public Wi-Fi network. A VPN app hides your IP address and tunnels your traffic through a secure connection. Read more about VPN here – What is VPN.
How do I remove computer viruses?
Going back to our virus analogy one final timeâremoving a virus from your body requires a healthy immune system. Same for your computer. A good anti-malware program is like having a healthy immune system. As your immune system moves through your body looking for and killing off invading viral cells, anti-malware scans for files and malicious code that donât belong on your system and gets rid of them.
The free version of Malwarebytes is a good place to start if you know or suspect your computer has a virus. Available for Windows and Mac, the free version of Malwarebytes will scan for malware infections and clean them up after the fact. Get a free premium trial of Malwarebytes for Windows or Malwarebytes for Mac to stop infections before they start. You can also try our Android and iOS apps free to protect your smartphones and tablets.
History of computer viruses
Todayâs malware authors owe a lot to the cybercriminals of yesteryear. All the tactics and techniques employed by cybercriminals creating modern malware were first seen in early viruses. Things like Trojans, ransomware, and polymorphic code. These all came from early computer viruses. To understand the threat landscape of today, we need to peer back through time and look at the viruses of yesteryear.
1949, John von Neumann and âself-reproducing machinesâ
It was in those salad days of computing that mathematician, engineer, and polymath John von Neumann delivered a lecture on the Theory and Organization of Complicated Automata in which he first argued that computer programs could âself-reproduce.â In an era where computers were the size of houses, and programs were stored on mile-long punch tapes, Neumannâs ideas mustâve sounded like something from a sci-fi pulp novel.
1982, The proto computer-virus
In 1982 a fifteen-year-old boy pranking his friends proved Neumannâs theory a reality. Rich Skrentaâs Elk Cloner is widely regarded as the first proto-computer virus (the term âcomputer virusâ didnât exist just yet). Elk Cloner targeted Apple II computers, causing infected machines to display a poem from Skrenta:
Elk Cloner: The program with a personality
It will get on all your disks
It will infiltrate your chips
Yes, itâs Cloner!
It will stick to you like glue
It will modify RAM too
Send in the Cloner!
Other notable firstsâElk Cloner was the first virus to spread via detachable storage media (it wrote itself to any floppy disk inserted into the computer). For many years to come, thatâs how viruses travelled across systemsâvia infected floppy disk passed from user to user.
1984, Computer virus, defined
In 1984 computer scientist Fred Cohen handed in his graduate thesis paper, Computer Viruses â Theory and Experiments in which he coined the term âcomputer virus,â which is great because âcomplicated self-reproducing automataâ is a real mouthful. In the same paper, Cohen also gave us our first definition of âcomputer virusâ as âa program that can âinfectâ other programs by modifying them to include a possibly evolved copy of itself.â
1984, Core War
Up to this point, most talk about computer viruses happened only in the rarified air of college campuses and research labs. But a 1984 Scientific American article let the virus out of the lab. In the piece, author and computer scientist A.K. Dewdney shared the details of an exciting new computer game of his creation called Core War. In the game, computer programs vie for control of a virtual computer.
The game was essentially a battle arena where computer programmers could pit their viral creations against each other. For two dollars Dewdney would send detailed instructions for setting up your own Core War battles within the confines of a virtual computer. What would happen if a battle program was taken out of the virtual computer and placed on a real computer system?
In a follow-up article for Scientific American, Dewdney shared a letter from two Italian readers who were inspired by their experience with Core War to create a real virus on the Apple II. Itâs not a stretch to think other readers were similarly inspired.
1986, the first PC virus
The Brain virus was the first to target Microsoftâs text-based Windows precursor, MS-DOS. The brainchild of Pakistani brothers and software engineers, Basit and Amjad Farooq, Brain acted like an early form of copyright protection, stopping people from pirating their heart monitoring software.
If the target system contained a pirated version of the brotherâs software, the âvictimâ would receive the on-screen message, âWELCOME TO THE DUNGEON . . . CONTACT US FOR VACCINATIONâ along with the brothersâ names, phone number, and business address in Pakistan. Other than guilt tripping victims in to paying for their pirated software, Brain had no harmful effects.
Speaking with F-Secure, Basit called Brain a âvery friendly virus.â Amjad added that todayâs viruses, the descendants of Brain, are âa purely criminal act.â
1986, Viruses go into stealth mode
Also in 1986, the BHP virus was the first to target the Commodore 64 computer. Infected computers displayed a text message with the names of the multiple hackers who created the virusâthe digital equivalent of scrawling â(your name) was hereâ on the side of a building. BHP also has the distinction of being the first stealth virus; that is, a virus that avoids detection by hiding the changes it makes to a target system and its files.
1988, Computer virus of the year
1988, one could argue, was the year computer viruses went mainstream. In September of that year, a story on computer viruses appeared on the cover of TIME magazine. The cover image depicted viruses as cute, googly eyed cartoon insects crawling all over a desktop computer. Up to this point, computer viruses were relatively harmless. Yes, they were annoying, but not destructive. So how did computer viruses go from nuisance threat to system destroying plague?
âViruses were all about peace and loveâuntil they started crashing peopleâs computers.â
1988, A message of peace goes haywire
Viruses were all about peace and loveâuntil they started crashing peopleâs computers. The MacMag virus caused infected Macs to display an onscreen message on March 2, 1988:
RICHARD BRANDOW, publisher of MacMag, and its entire staff
would like to take this opportunity to convey their
UNIVERSAL MESSAGE OF PEACE
to all Macintosh users around the world
Unfortunately, a bug in the virus caused infected Macs to crash well before Brandowâs day of âuniversal peace.â The virus was also designed to delete itself after displaying Brandowâs message but ended up deleting other user files along with it. One of the victims, a software executive working for Aldus Corp, inadvertently copied the virus to a pre-production version of Aldusâ Freehand illustration software. The infected Freehand was then copied and shipped to several thousand customers, making MacMag the first virus spread via legitimate commercial software product.
Drew Davidson, the person who actually coded the MacMag virus (Brandow wasnât a coder), told TIME he created his virus to draw attention to his programming skills.
âI just thought we’d release it and it would be kind of neat,â Davidson said.
1988, front page of The New York Times
A little over a month after the TIME magazine piece, a story about the âmost serious computer âvirusâ attackâ in US history appeared on the front page of The New York Times. It was Robert Tappan Morrisâ Internet worm, erroneously referred to as a âvirus.â In all fairness, no one knew what a worm was. Morrisâs creation was the archetype.
The Morris worm knocked out more than 6,000 computers as it spread across the ARPANET, a government operated early version of the Internet restricted to schools and military installations. The Morris worm was the first known use of a dictionary attack. As the name suggests, a dictionary attack involves taking a list of words and using it to try and guess the username and password combination of a target system.
Robert Morris was the first person charged under the newly enacted Computer Fraud and Abuse Act, which made it illegal to mess with government and financial systems, and any computer that contributes to US commerce and communications. In his defense, Morris never intended his namesake worm to cause so much damage. According to Morris, the worm was designed to test security flaws and estimate the size of the early Internet. A bug caused the worm to infect targeted systems over and over again, with each subsequent infection consuming processing power until the system crashed.
1989, Computer viruses go viral
In 1989 the AIDS Trojan was the first example of what would later come to be known as ransomware. Victims received a 5.25-inch floppy disk in the mail labelled âAIDS Informationâ containing a simple questionnaire designed to help recipients figure out if they were at risk for the AIDS virus (the biological one).
While an apt (albeit insensitive) metaphor, thereâs no indication the virusâ creator, Dr. Joseph L. Popp, intended to draw parallels between his digital creation and the deadly AIDS virus. Many of the 20,000 disk recipients, Medium reported, were delegates for the World Health Organization (WHO). The WHO previously rejected Popp for an AIDS research position.
Loading the questionnaire infected target systems with the AIDS Trojan. The AIDS Trojan would then lay dormant for the next 89 boot ups. When victims started their computer for the 90th time, theyâd be presented with an on-screen message ostensibly from âPC Cyborg Corporationâ demanding payment for âyour software lease,â similar to the Brain virus from three years earlier. Unlike the Brain virus, however, the AIDS Trojan encrypted the victimsâ files.
In an era before Bitcoin and other untraceable cryptocurrencies, victims had to send ransom funds to a PO box in Panama in order to receive the decryption software and regain access to their files. Funds, Popp claimed after his arrest, were destined for AIDS virus research.
1990s, Rise of the Internet
By 1990 ARPANET was decommissioned in favor of its public, commercially accessible cousin the Internet. And thanks to Tim Berners-Leeâs pioneering work on web browsers and web pages, the Internet was now a user-friendly place anyone could explore without special technical knowledge. There were 2.6 million users on the Internet in 1990, according to Our World in Data. By the end of the decade, that number would surpass 400 million.
With the rise of the Internet came new ways for viruses to spread.
1990, Mighty morphinâ 1260 virus
Cybersecurity researcher Mark Washburn wanted to demonstrate the weaknesses in traditional antivirus (AV) products. Traditional AV works by comparing the files on your computer with a giant list of known viruses. Every virus on the list is made of computer code and every snippet of code has a unique signatureâlike a fingerprint.
If a snippet of code found on your computer matches that of a known virus in the database, the file is flagged. Washburnâs 1260 virus avoided detection by constantly changing its fingerprint every time it replicated itself across a system. While each copy of the 1260 virus looked and acted the same, the underlying code was different. This is called polymorphic code, making 1260 the first polymorphic virus.
1999, âYouâve got mail (and also a virus)â
Think back to 1999. If someone you knew sent you an email that read âHere is the document you requested … donât show anyone else ;-),â you opened the attachment.
This was how the Melissa virus spread and it played on the publicâs naivetĂ© about how viruses worked up to that point. Melissa was a macro virus. Viruses of this type hide within the macro language commonly used in Microsoft Office files. Opening up a viral Word doc, Excel spreadsheet, etc. triggers the virus. Melissa was the fastest spreading virus up to that point, infecting approximately 250,000 computers, Medium reported.
2012, A full Shamoon over Saudi Arabia
By the turn of the 21st century, the roadmap for future malware threats had been set. Viruses paved the way for a whole new generation of destructive malware. Cryptojackers stealthily used our computers to mine cryptocurrencies like Bitcoin. Ransomware held our computers hostage. Banking Trojans, like Emotet, stole our financial information. Spyware and keyloggers shoulder surfed us from across the web, stealing our usernames and passwords.
Old-school viruses were, for the most part, a thing of the past. In 2012, however, viruses made one last grab at the worldâs attention with the Shamoon virus. Shamoon targeted computers and network systems belonging to Aramco, the state-owned Saudi Arabian oil company, in response to Saudi government policy decisions in the Middle East.
The attack stands as one of the most destructive malware attacks on a single organization in history, completely wiping out three-quarters of Aramcoâs systems, The New York Times reported. In a perfect example of what comes around goes around, cybersecurity researchers have suggested the attack started with an infected USB storage driveâthe modern equivalent of the floppy disks used to carry the very first virus, Elk Cloner.
Today, tech support scams
Decades have passed since computer viruses reached their destructive zenith but thereâs a related threat you should know about. Commonly referred to as a tech support scam or a virus hoax, this modern threat isnât a virus at all.
Hereâs how tech support scams work. The victim is served up a bogus pop-up ad after landing on a spoofed website or as a result of an adware infection. In a recent example, scammers used malvertising to link victims to malicious support sites after victims searched for things like cooking tips and recipes.
Weâve also seen hacked WordPress sites redirecting to support scam sites. The bogus ad is designed to look like a system alert generated by the operating system, and it may say something like, âSecurity alert: Your computer might be infected by harmful viruses,â along with contact information for âTechnical Support.â Thereâs no virus and no technical supportâjust scammers who will make it seem like you have a virus and demand payment to âfixâ it.
According to the Federal Trade Commission there were 143,000 reports about tech support scams in 2018, with total losses reaching $55 million. What makes this scam particularly insidious is that cybercriminals frequently target the most vulnerable part of the worldâs population. People 60-years-old and over were five times more likely to report being a victim of a tech support scam.
Is Chromium a virus?
As discussed above, a number of things that are called viruses are not actually viruses. Some of those, like ransomware or computer worms, are still malicious, but they are not computer viruses. Some things that are not malicious are sometimes suspected as viruses, and Chromium is a good example of this.
Chromium is not a virus. Chromium is a free open-source web browser project by Google. Much of the Chromium code serves as source code for Google Chrome, a legitimate and popular web browser. Just because you suddenly have Chromium on your computer doesn’t necessarily mean that itâs malware. You may have unwittingly installed a legitimate copy of Chromium that was bundled with other software.
Because Chromium is open-source, anyone can download Chromium and modify it to suit their needs. Bad actors could download Chromium and alter it to serve malicious purposes. WebNavigator Chromium browser is an example of a threat actor adapting Chromium code and using it as a search hijacker. However to reiterate, Chromium itself is not a virus.