What is a computer virus?
As defined by Malwarebytes Labs, a computer virus is “malware attached to another program (such as a document), which can replicate and spread after an initial execution on a target system where human interaction is required. Many viruses are harmful and can destroy data, slow down system resources, and log keystrokes.”
Most computer viruses target systems running Microsoft Windows. Macs, on the other hand, enjoy a reputation as virus-proof super machines. In reality, Macs are not inherently safer. There are more Windows users in the world than Mac users and cybercriminals simply choose to write viruses for the operating system (OS) with the largest amount of potential victims.
Whatever OS you choose, Windows or Mac, don’t worry too much, because viruses just aren’t a thing anymore. That may sound odd coming from a cybersecurity company but hear us out.
Cybercriminals aren’t creating new viruses, instead they are focusing their efforts on more sophisticated and lucrative threats. When people talk about “getting a virus” on their computer, they usually mean some form of malware—often a computer worm.
The terms “virus” and “malware” are often used interchangeably, but they’re not the same thing. While a computer virus is a type of malware, not all malware are computer viruses.
“Cybercriminals aren’t creating new viruses, instead they are focusing their efforts on more sophisticated and lucrative threats. When people talk about “getting a virus” on their computer, they usually mean some form of malware—often a computer worm.”
The easiest way to differentiate computer viruses from other forms of malware is to think about viruses in biological terms. Take the flu virus, for example. The flu requires some kind of interaction between two people—like a hand shake, a kiss, or touching something an infected person touched. Once the flu virus gets inside a person’s system it attaches to healthy human cells, using those cells to create more viral cells.
A computer virus works in much the same way:
- A computer virus requires a host program.
- A computer virus requires user action to transmit from one system to another.
- A computer virus attaches bits of its own malicious code to other files or replaces files outright with copies of itself.
It’s that second virus trait that tends to confuse people. Viruses can’t spread without some sort of action from a user, like opening up an infected Word document. Worms, on the other hand, are able to spread across systems and networks on their own, making them much more prevalent and dangerous.
Famously, the 2017 WannaCry ransomware worm spread around the world, took down thousands of Windows systems, and raked in an appreciable amount of untraceable Bitcoin ransom payments for the alleged North Korean attackers.
Computer viruses don’t capture headlines like that—at least not anymore.
To recap, the bad guys aren’t focused on creating new viruses and most of the really bad stuff is actually malware. Should we still take computer viruses seriously? Definitely, yes.
Continuing the virus analogy, if a given population stops receiving vaccinations for diseases thought to be eradicated, like the measles and polio, those diseases can and do come back. Likewise, it’s important to be proactive about cybersecurity and take some basic protective measures against computer viruses. Otherwise, computer viruses could make a comeback.
With that said, let’s take a look at computer viruses under the microscope.
Computer virus examples
Sometimes to understand what something is, we have to examine what it isn’t. Keeping that in mind, let’s play: Is It a Virus?
In the Is It a Virus game we’re going to take a look at examples of things people on the Internet commonly believe to be a virus and explain why it is or isn’t. What fun!
Is a Trojan a virus? Trojans can be viruses. A Trojan is a computer program pretending to be something it’s not for the purposes of sneaking onto your computer and delivering some sort of malware. To put it another way, if a virus disguises itself then it’s a Trojan. A Trojan could be a seemingly benign file downloaded off the web or a Word doc attached to an email. Think that movie you downloaded from your favorite P2P sharing site is safe? What about that “important” tax document from your accountant? Think twice, because they could contain a virus.
Is a worm a virus? Worms are not viruses, though the terms are sometimes used interchangeably. Even worse, the terms are sometimes used together in a strange and contradictory word salad; i.e. a “worm virus malware.” It’s either a worm or a virus, but it can’t be both, because worms and viruses refer to two similar but different threats. As mentioned earlier, a virus needs a host system to replicate and some sort of action from a user to spread from one system to the next. A worm, conversely, doesn’t need a host system and is capable of spreading across a network and any systems connected to the network without user action. Once on a system, worms are known to drop malware (often ransomware) or open a backdoor.
Is ransomware a virus? Ransomware can be a virus. Does the virus prevent victims from accessing their system or personal files and demands ransom payment in order to regain access à la ransomware? If so, then it’s a ransomware virus. In fact, the very first ransomware was a virus (more on that later). Nowadays, most ransomware comes as a result of computer worm, capable of spreading from one system to the next and across networks without user action (e.g. WannaCry).
Is a rootkit a virus? Rootkits are not viruses. A rootkit is a software package designed to give attackers “root” access or admin access to a given system. Crucially, rootkits cannot self-replicate and don’t spread across systems.
Is a software bug a virus? Software bugs are not viruses. Even though we sometimes refer to a biological virus as a “bug” (e.g. “I caught a stomach bug”), software bugs and viruses are not the same thing. A software bug refers to a flaw or mistake in the computer code that a given software program is made up of. Software bugs can cause programs to behave in ways the software manufacturer never intended. The Y2K bug famously caused programs to display the wrong date, because the programs could only manage dates through the year 1999. After 1999 the year rolled over like the odometer on an old car to 1900. While the Y2K bug was relatively harmless, some software bugs can pose a serious threat to consumers. Cybercriminals can take advantage of bugs in order to gain unauthorized access to a system for the purposes of dropping malware, stealing private information, or opening up a backdoor. This is known as an exploit.
Latest news on computer viruses
<a href="https://blog.malwarebytes.com/threat-analysis/2018/10/scammers-use-old-browser-trick-to-create-fake-virus-download/"target="blank">Scammers use old browser trick to create fake virus download</a>
Our computers, ourselves: digital vs. biological security
What is the history of computer viruses?
Today’s malware authors owe a lot to the cybercriminals of yesteryear. All the tactics and techniques employed by cybercriminals creating modern malware were first seen in early viruses. Things like Trojans, ransomware, and polymorphic code. These all came from early computer viruses. To understand the threat landscape of today, we need to peer back through time and look at the viruses of yesteryear.
1949, John von Neumann and “self-reproducing machines”
It was in those salad days of computing that mathematician, engineer, and polymath John von Neumann delivered a lecture on the Theory and Organization of Complicated Automata in which he first argued that computer programs could “self-reproduce.” In an era where computers were the size of houses, and programs were stored on mile-long punch tapes, Neumann’s ideas must’ve sounded like something from a sci-fi pulp novel.
1982, The proto computer-virus
In 1982 a fifteen-year-old boy pranking his friends proved Neumann’s theory a reality. Rich Skrenta’s Elk Cloner is widely regarded as the first proto-computer virus (the term “computer virus” didn’t exist just yet). Elk Cloner targeted Apple II computers, causing infected machines to display a poem from Skrenta:
Elk Cloner: The program with a personality
It will get on all your disks
It will infiltrate your chips
Yes, it’s Cloner!
It will stick to you like glue
It will modify RAM too
Send in the Cloner!
Other notable firsts—Elk Cloner was the first virus to spread via detachable storage media (it wrote itself to any floppy disk inserted into the computer). For many years to come, that’s how viruses travelled across systems—via infected floppy disk passed from user to user.
1984, Computer virus, defined
In 1984 computer scientist Fred Cohen handed in his graduate thesis paper, Computer Viruses – Theory and Experiments in which he coined the term “computer virus,” which is great because “complicated self-reproducing automata” is a real mouthful. In the same paper, Cohen also gave us our first definition of “computer virus” as “a program that can ‘infect’ other programs by modifying them to include a possibly evolved copy of itself.”
1984, Core War
Up to this point, most talk about computer viruses happened only in the rarified air of college campuses and research labs. But a 1984 Scientific American article let the virus out of the lab. In the piece, author and computer scientist A.K. Dewdney shared the details of an exciting new computer game of his creation called Core War. In the game, computer programs vie for control of a virtual computer. The game was essentially a battle arena where computer programmers could pit their viral creations against each other. For two dollars Dewdney would send detailed instructions for setting up your own Core War battles within the confines of a virtual computer. What would happen if a battle program was taken out of the virtual computer and placed on a real computer system? In a follow-up article for Scientific American, Dewdney shared a letter from two Italian readers who were inspired by their experience with Core War to create a real virus on the Apple II. It’s not a stretch to think other readers were similarly inspired.
1986, the first PC virus
The Brain virus was the first to target Microsoft’s text-based Windows precursor, MS-DOS. The brainchild of Pakistani brothers and software engineers, Basit and Amjad Farooq, Brain acted like an early form of copyright protection, stopping people from pirating their heart monitoring software. If the target system contained a pirated version of the brother’s software, the “victim” would receive the on-screen message, “WELCOME TO THE DUNGEON . . . CONTACT US FOR VACCINATION” along with the brothers’ names, phone number, and business address in Pakistan. Other than guilt tripping victims in to paying for their pirated software, Brain had no harmful effects.
Speaking with F-Secure, Basit called Brain a “very friendly virus.” Amjad added that today’s viruses, the descendants of Brain, are “a purely criminal act.”
1986, Viruses go into stealth mode
Also in 1986, the BHP virus was the first to target the Commodore 64 computer. Infected computers displayed a text message with the names of the multiple hackers who created the virus—the digital equivalent of scrawling “(your name) was here” on the side of a building. BHP also has the distinction of being the first stealth virus; that is, a virus that avoids detection by hiding the changes it makes to a target system and its files.
1988, Computer virus of the year
1988, one could argue, was the year computer viruses went mainstream. In September of that year, a story on computer viruses appeared on the cover of TIME magazine. The cover image depicted viruses as cute, googly eyed cartoon insects crawling all over a desktop computer. Up to this point, computer viruses were relatively harmless. Yes, they were annoying, but not destructive. So how did computer viruses go from nuisance threat to system destroying plague?
“Viruses were all about peace and love—until they started crashing people’s computers.”
1988, A message of peace goes haywire
Viruses were all about peace and love—until they started crashing people’s computers. The MacMag virus caused infected Macs to display an onscreen message on March 2, 1988:
RICHARD BRANDOW, publisher of MacMag, and its entire staff
would like to take this opportunity to convey their
UNIVERSAL MESSAGE OF PEACE
to all Macintosh users around the world
Unfortunately, a bug in the virus caused infected Macs to crash well before Brandow’s day of “universal peace.” The virus was also designed to delete itself after displaying Brandow’s message but ended up deleting other user files along with it. One of the victims, a software executive working for Aldus Corp, inadvertently copied the virus to a pre-production version of Aldus’ Freehand illustration software. The infected Freehand was then copied and shipped to several thousand customers, making MacMag the first virus spread via legitimate commercial software product.
Drew Davidson, the person who actually coded the MacMag virus (Brandow wasn’t a coder), told TIME he created his virus to draw attention to his programming skills.
“I just thought we'd release it and it would be kind of neat,” Davidson said.
1988, front page of The New York Times
A little over a month after the TIME magazine piece, a story about the “most serious computer ‘virus’ attack” in US history appeared on the front page of The New York Times. It was Robert Tappan Morris’ Internet worm, erroneously referred to as a “virus.” In all fairness, no one knew what a worm was. Morris’s creation was the archetype. The Morris worm knocked out more than 6,000 computers as it spread across the ARPANET, a government operated early version of the Internet restricted to schools and military installations. The Morris worm was the first known use of a dictionary attack. As the name suggests, a dictionary attack involves taking a list of words and using it to try and guess the username and password combination of a target system.
Robert Morris was the first person charged under the newly enacted Computer Fraud and Abuse Act, which made it illegal to mess with government and financial systems, and any computer that contributes to US commerce and communications. In his defense, Morris never intended his namesake worm to cause so much damage. According to Morris, the worm was designed to test security flaws and estimate the size of the early Internet. A bug caused the worm to infect targeted systems over and over again, with each subsequent infection consuming processing power until the system crashed.
1989, Computer viruses go viral
In 1989 the AIDS Trojan was the first example of what would later come to be known as ransomware. Victims received a 5.25-inch floppy disk in the mail labelled “AIDS Information” containing a simple questionnaire designed to help recipients figure out if they were at risk for the AIDS virus (the biological one).
While an apt (albeit insensitive) metaphor, there’s no indication the virus’ creator, Dr. Joseph L. Popp, intended to draw parallels between his digital creation and the deadly AIDS virus. Many of the 20,000 disk recipients, Medium reported, were delegates for the World Health Organization (WHO). The WHO previously rejected Popp for an AIDS research position.
Loading the questionnaire infected target systems with the AIDS Trojan. The AIDS Trojan would then lay dormant for the next 89 boot ups. When victims started their computer for the 90th time, they’d be presented with an on-screen message ostensibly from “PC Cyborg Corporation” demanding payment for “your software lease,” similar to the Brain virus from three years earlier. Unlike the Brain virus, however, the AIDS Trojan encrypted the victims’ files.
In an era before Bitcoin and other untraceable cryptocurrencies, victims had to send ransom funds to a PO box in Panama in order to receive the decryption software and regain access to their files. Funds, Popp claimed after his arrest, were destined for AIDS virus research.
1990s, Rise of the Internet
By 1990 ARPANET was decommissioned in favor of its public, commercially accessible cousin the Internet. And thanks to Tim Berners-Lee’s pioneering work on web browsers and web pages, the Internet was now a user-friendly place anyone could explore without special technical knowledge. There were 2.6 million users on the Internet in 1990, according to Our World in Data. By the end of the decade, that number would surpass 400 million.
With the rise of the Internet came new ways for viruses to spread.
1990, Mighty morphin’ 1260 virus
Cybersecurity researcher Mark Washburn wanted to demonstrate the weaknesses in traditional antivirus (AV) products. Traditional AV works by comparing the files on your computer with a giant list of known viruses. Every virus on the list is made of computer code and every snippet of code has a unique signature—like a fingerprint. If a snippet of code found on your computer matches that of a known virus in the database, the file is flagged. Washburn’s 1260 virus avoided detection by constantly changing its fingerprint every time it replicated itself across a system. While each copy of the 1260 virus looked and acted the same, the underlying code was different. This is called polymorphic code, making 1260 the first polymorphic virus.
1999, “You’ve got mail (and also a virus)”
Think back to 1999. If someone you knew sent you an email that read “Here is the document you requested ... don’t show anyone else ;-),” you opened the attachment. This was how the Melissa virus spread and it played on the public’s naiveté about how viruses worked up to that point. Melissa was a macro virus. Viruses of this type hide within the macro language commonly used in Microsoft Office files. Opening up a viral Word doc, Excel spreadsheet, etc. triggers the virus. Melissa was the fastest spreading virus up to that point, infecting approximately 250,000 computers, Medium reported.
2012, A full Shamoon over Saudi Arabia
By the turn of the 21st century, the roadmap for future malware threats had been set. Viruses paved the way for a whole new generation of destructive malware. Cryptojackers stealthily used our computers to mine cryptocurrencies like Bitcoin. Ransomware held our computers hostage. Banking Trojans, like Emotet, stole our financial information. Spyware and keyloggers shoulder surfed us from across the web, stealing our usernames and passwords.
Old-school viruses were, for the most part, a thing of the past. In 2012, however, viruses made one last grab at the world’s attention with the Shamoon virus. Shamoon targeted computers and network systems belonging to Aramco, the state-owned Saudi Arabian oil company, in response to Saudi government policy decisions in the Middle East. The attack stands as one of the most destructive malware attacks on a single organization in history, completely wiping out three-quarters of Aramco’s systems, The New York Times reported. In a perfect example of what comes around goes around, cybersecurity researchers have suggested the attack started with an infected USB storage drive—the modern equivalent of the floppy disks used to carry the very first virus, Elk Cloner.
Today, tech support scams
Decades have passed since computer viruses reached their destructive zenith but there’s a related threat you should know about. Commonly referred to as a tech support scam or a virus hoax, this modern threat isn’t a virus at all.
Here’s how tech support scams work. The victim is served up a bogus pop-up ad after landing on a spoofed website or as a result of an adware infection. In a recent example, scammers used malvertising to link victims to malicious support sites after victims searched for things like cooking tips and recipes. We’ve also seen hacked WordPress sites redirecting to support scam sites. The bogus ad is designed to look like a system alert generated by the operating system, and it may say something like, “Security alert: Your computer might be infected by harmful viruses,” along with contact information for “Technical Support.” There’s no virus and no technical support—just scammers who will make it seem like you have a virus and demand payment to “fix” it.
According to the Federal Trade Commission there were 143,000 reports about tech support scams in 2018, with total losses reaching $55 million. What makes this scam particularly insidious is that cybercriminals frequently target the most vulnerable part of the world’s population. People 60-years-old and over were five times more likely to report being a victim of a tech support scam.
How do I prevent computer viruses?
Preventing computer viruses from infecting your computer starts with situational awareness.
“Situational awareness is something law enforcement and militaries have practiced for decades. It refers to a police officer or a soldier’s ability to perceive threats and make the best decision possible in a potentially stressful situation,” said Malwarebytes Head of Security, John Donovan.
“As it applies to cybersecurity, situational awareness is your first line of defense against cyberthreats. By staying on the lookout for phishing attacks and avoiding suspicious links and attachments, consumers can largely avoid most malware threats.”
Regarding email attachments and embedded links, even if the sender is someone you know: viruses have been known to hijack Outlook contact lists on infected computers and send virus laden attachments to friends, family and coworkers, the Melissa virus being a perfect example.
If an email reads oddly, it’s probably a phishing scam or malspam. When in doubt about the authenticity of an email, don’t be afraid to reach out to the sender. A simple call or text message can save you a lot of trouble.
Next, invest in good cybersecurity software. We’ve made a distinction between computer viruses and malware, which now begs the question, “Do I need antivirus software or anti-malware software?” We’ve covered this topic before in great detail so checkout our article on antivirus vs. anti-malware. For now, though, here’s a quick gloss on the subject.
Antivirus (AV) refers to early forms of cybersecurity software focused on stopping computer viruses. Just viruses. Anti-malware refers to all-encompassing threat protection designed to stop old-fashioned viruses as well as today’s malware threats. Given a choice between traditional AV with limited threat detection technology and modern anti-malware with all the bells and whistles, invest in anti-malware and rest easy at night.
As mentioned previously in this piece, traditional AV solutions rely on signature-based detection. AV scans your computer and compares each and every file against a database of known viruses that functions a lot like a criminal database. If there’s a signature match, the malicious file is thrown into virus jail before it can cause any damage.
The problem with signature-based detection is that it can’t stop what’s known as a zero-day virus; that is, a virus that cybersecurity researchers have never seen before and for which there is no criminal profile. Until the zero-day virus is added to the database, traditional AV can’t detect it.
Malwarebytes’ Multi-Vector Protection, conversely, combines several forms of threat detection technology into one malware crushing machine. Amongst these many layers of protection, Malwarebytes uses what’s called heuristic analysis to look for telltale malicious behavior from any given program. If it looks like a virus and behaves like a virus, then it’s probably a virus.
How do I remove computer viruses?
Going back to our virus analogy one final time—removing a virus from your body requires a healthy immune system. Same for your computer. A good anti-malware program is like having a healthy immune system. As your immune system moves through your body looking for and killing off invading viral cells, anti-malware scans for files and malicious code that don’t belong on your system and gets rid of them.
The free version of Malwarebytes is a good place to start if you know or suspect your computer has a virus. Available for Windows and Mac, the free version of Malwarebytes will scan for malware infections and clean them up after the fact. Get a free premium trial of Malwarebytes for Windows or Malwarebytes for Mac to stop infections before they start.