What is a computer virus? How they spread and 5 signs you've been infected

Computer virus definition

A computer virus is a form of malicious software that piggybacks onto legitimate application code in order to spread and reproduce itself.

Like other types of malware, a virus is deployed by attackers to damage or take control of a computer. Its name comes from the method by which it infects its targets. A biological virus like HIV or the flu cannot reproduce on its own; it needs to hijack a cell to do that work for it, wreaking havoc on the infected organism in the process. Similarly, a computer virus isn't itself a standalone program. It's a code snippet that inserts itself into some other application. When that application runs, it executes the virus code, with results that range from the irritating to the disastrous.

In everyday conversation and the popular press, people often use virus and malware interchangeably. But strictly speaking a virus is a specific type of malware that fits the definition above. The two other main types are Trojans, which masquerade as harmless applications to trick users into executing them, and worms, which can reproduce and spread independently of any other application. The distinguishing feature of a virus is that it needs to infect other programs to operate.

What do computer viruses do?

Imagine an application on your computer has been infected by a virus. (We'll discuss the various ways that might happen in a moment, but for now, let's just take infection as a given.) How does the virus do its dirty work? Bleeping Computer provides a good high-level overview of how the process works. The general course goes something like this: the infected application executes (usually at the request of the user), and the virus code is loaded into the CPU memory before any of the legitimate code executes.

At this point, the virus propagates itself by infecting other applications on the host computer, inserting its malicious code wherever it can. (A resident virus does this to programs as they open, whereas a non-resident virus can infect executable files even if they aren't running.) Boot sector viruses use a particularly pernicious technique at this stage: they place their code in the boot sector of the computer's system disk, ensuring that it will be executed even before the operating system fully loads, making it impossible to run the computer in a "clean" way.

Once the virus has its hooks into your computer, it can start executing its payload, which is the term for the part of the virus code that does the dirty work its creators built it for. These can include all sorts of nasty things: Viruses can scan your computer hard drive for banking credentials, log your keystrokes to steal passwords, turn your computer into a zombie that launches a DDoS attack against the hacker's enemies, or even encrypt your data and demand a bitcoin ransom to restore access. (Other types of malware can have similar payloads, of course: there are ransomware worms and DDoS Trojans and so forth.)

How do computer viruses spread?

In the early, pre-internet days, viruses often spread from computer to computer via infected floppy disks. The SCA virus, for instance, spread amongst Amiga users on disks with pirated software. It was mostly harmless, but at one point as many as 40% of Amiga users were infected.

Today, viruses spread via the internet. In most cases, applications that have been infected by virus code are transferred from computer to computer just like any other application. Because many viruses include a logic bomb — code that ensures that the virus's payload only executes at a specific time or under certain conditions — users or admins may be unaware that their applications are infected and will transfer or install them with impunity. Infected applications might be emailed (inadvertently or deliberately — some viruses actually hijack a computer's mail software to email out copies of themselves); they could also be downloaded from an infected code repository or compromised app store.

One thing you'll notice that all of these infection vectors have in common is that they require the victim to execute the infected application or code. Remember, a virus can only execute and reproduce if its host application is running! Still, with email such a common malware dispersal method, a question that causes many people anxiety is: Can I get a virus from opening an email? The answer is that you almost certainly can't simply by opening a message; you have to download and execute an attachment that's been infected with virus code. That's why most security pros are so insistent that you be very careful about executing email attachments, and why most email clients and webmail services include virus scanning features by default.

Types of computer virus

Symantec has a good breakdown on the various types of viruses you might encounter, categorized in different ways. We've already met resident and non-resident viruses, boot sector viruses, web scripting viruses, and so on. There are a couple other types you mightwant to be aware of:

• A macro virus infects macro applications embedded in Microsoft Office or PDF files. Many people who are careful about never opening strange applications forget that these sorts of documents can themselves contain executable code. Don't let your guard down!
• A polymorphic virus slightly changes its own source code each time it copies itself to avoid detection from antivirus software.

Keep in mind that these category schemes are based on different aspects of a virus's behavior, and so a virus can fall into more than one category. A resident virus could also be polymorphic, for instance.

Computer virus protection

Antivirus software is the most widely known product in the category of malware protection products. CSO has compiled a list of the top antivirus software for Windows, Android, Linux and macOS, though keep in mind that antivirus isn't a be-all end-all solution. When it comes to more advanced corporate networks, endpoint security offerings provide defense in depth against malware. They provide not only the signature-based malware detection that you expect from antivirus, but anti-spyware, personal firewall, application control and other styles of host intrusion prevention.

One thing to keep in mind about viruses is that they generally exploit vulnerabilities in your operating system or application code in order to infect your systems and operate freely; if there are no holes to exploit, you can avoid infection even if you execute virus code. To that end, you'll want to keep all your systems patched and updated, keeping an inventory of hardware so you know what you need to protect, and performing continuous vulnerability assessments on your infrastructure.

Computer virus symptoms

How can you tell if a virus has slipped past your defenses? With some exceptions, like ransomware, viruses are not keen to alert you that they've compromised your computer. Just as a biological virus wants to keep its host alive so it can continue to use it as a vehicle to reproduce and spread, so too does a computer virus attempt to do its damage in the background while your computer still limps along. But there are ways to tell that you've been infected. Norton has a good list; symptoms include:

• Unusually slow performance
• Frequent crashes
• Unknown or unfamiliar programs that start up when you turn on your computer
• Mass emails being sent from your email account
• Changes to your homepage or passwords