Skip to content
Home » Common Types of Computer Viruses

Common Types of Computer Viruses

    A computer virus is a type of malicious software program capable of replicating itself and spreading from one computer to another. As technology has advanced, so have the techniques used by cyber criminals to disrupt computers and steal valuable data. This article will discuss some of the most prevalent types of computer viruses that have posed threats in recent years. Understanding the different categories can help users identify infections and take appropriate security measures.

    What is a Computer Virus?

    Before delving into specific virus types, it is helpful to understand the general characteristics that define a computer virus. At its most basic, a virus is a self-replicating program that attaches itself to other programs or files without the user’s consent [1]. When executed, a virus is designed to replicate and spread itself in an attempt to infect as many computers as possible.

    Viruses often carry a “payload” of harmful code intended to damage, disrupt, or gain unauthorized access to computer systems or data. Common goals of virus authors include deleting or corrupting files, stealing credentials, mining cryptocurrency without consent, or holding devices ransom in exchange for payment. Users unknowingly spread viruses further by opening infected email attachments or downloading malware-laced programs from untrusted sources.

    While not always intentionally destructive, viruses typically consume system resources that slow computer performance over time. Some variations simply use targets as unwitting nodes in illegal botnet operations. Regardless of their function, all viruses spread through unauthorized access and compromise user security, privacy, and control over their own devices. Understanding how common types operate can help protect against infection.

    Types of Computer Viruses

    Macro Viruses

    Macro viruses attach themselves to Microsoft Office documents and templates to execute malicious code when the file is opened. Early macro viruses like “Concept” and ” worms” proliferated in the late 1990s by exploiting vulnerabilities in Microsoft Word and Excel macros. User-enabled macros allowed the self-replication that defined viruses at the time [2].

    Today, newer macro viruses target updated Office versions and continually evolve evasion techniques. The Agent.btz worm spread through Word document macros in 2011 and installed a backdoor for remote access. In 2020, Interpol linked the VBALoader macro dropper to campaigns targeting European government institutions [3]. Macros remain a popular infection vector, so users should disable or carefully review emails containing Office files from unknown senders.

    File Infection Viruses

    File infection viruses embed themselves directly within the code of .exe, .dll or other executable program files. When an infected application launches, the virus activates to replicate using system APIs or by attaching to additional host files during normal functions like file copying or movement.

    Some notorious file infection viruses of the past included Stoned (aka “Joshi”), which spread to .exe files on floppy disks in 1987. In the 1990s, major “macro” viruses like Concept and Dir-II also used file infection to spread [4]. As operating systems advanced security, file infection rates declined for a time. However, “fileless” malware now allows similar viral activity through memory instead of persistent code changes [5].

    Boot Sector Viruses

    Boot sector viruses infect the boot sector of storage devices like hard disks or floppy disks. They modify the master boot record (MBR) or partition boot record (PBR) code run during early system initialization before the OS loads. Boot sector viruses activate at startup to spread themselves during partition access prior to full protection from anti-malware tools.

    A notorious early example was the Pakistani brain ” CIH” virus, which spread through floppy disk boot sectors in 1998 [6]. Modern threats rely less on physical media due to cloud storage, but remain a risk if an infected portable drive autosplays upon connection [7]. Vigilance against unknown or untrusted removable media can help thwart this infection path.

    Polymorphic Viruses

    Polymorphic viruses are uniquely designed to evade signature-based antivirus tools through code mutation algorithms. Each replicated copy of the virus mutates itself slightly to generate new, distinct binary versions recognized by antivirus as different threats. This avoids detection by signature scanning which looks for exact byte patterns [8].

    One of the first known polymorphic viruses was the Venezuelan brain in 1988, which encrypted its code and mutated decryption routines each time. More advanced variants like the phylogenetic “Nimda” worm in 2001 could generate over 2 billion potential variants [9]. While advanced detection mitigates them today, polymorphism still poses risks from continually mutating malware families.

    Stealth Viruses

    So-called “stealth” or “camouflage” viruses deploy techniques to intentionally avoid detection by user security tools or administrators. Common tactics include decrypting viral code only in memory, modifying system files and restoring them before inspection, or hiding in alternate data streams and encrypted containers [10].

    Early stealth viruses in the 1980s and 1990s simply deployed boot sector infection or encryption to bypass primitive detection. Now more advanced threats dynamically calculate checksums to stealthily replace antivirus files or sabotage behavioral analysis tools through undetectable rootkits [11]. Constant security upgrades aim to outpaces evolving stealth malware.


    Ransomware has emerged as one of the most prevalent and costly virus categories today. Unlike traditional “payload” malware seeking only to spread, modern criminal ransomware encrypts files on infected systems and demands payment, often in cryptocurrency, for a software key to restore the data [12].

    Some high-profile examples delivering ransom demands include “WannaCry” in 2017 which crippled the UK’s NHS health system, and variants profiting from lockdowns by encrypting work-from-home files [13]. More targeted variants geared for maximum disruption now infiltrate networks through email phishing and stolen remote access credentials [14].

    While some pay demands due to lack of adequate backups, the FBI advises victims never to pay ransom, as funds often support unrelated criminal or terrorist activities. Prioritizing backups, multi-factor authentication, and limiting remote access reduces ransomware risk and impact [15].


    Computer “worms” represent a unique malware category able to spread independently without infecting other files. Instead of carrying a “payload,” worms rely entirely on self-replication through network shares, email protocols like SMTP, or software vulnerabilities to propagate. Some worms cause damage through consumption of bandwidth or computer resources required for rapid spread rather than discreet payloads.

    Historic worms demonstrating this included 1988’s “Morris worm,” considered the first Internet-wide worm to slow dozens of universities and bring early ARPANET crashes. In 2001, the prolific “Code Red” and “Nimda” worms each rapidly infecting millions likely due to unpatched vulnerabilities in Microsoft IIS web servers and other programs. Modern botnets now act similarly at larger scales globally [16].

    While less prevalent today due to improved defenses, worms capable of exploiting zero-day vulnerabilities remain a persistent risk vectors in the modern threat landscape if left unaddressed. Regular patching helps prevent re-emergence of damaging Internet worms.


    As demonstrated by these common categories, computer viruses have evolved significantly from their early experiments in microbial code. Understanding the general tactics, goals and techniques employed by malware families outlined provides valuable context for assessing emerging threats. While detection and remedies advance as well, effective preventative measures remain the best defense against future viral strains and criminal malware targeting vulnerable systems or outdated protections unpatched. Maintaining comprehensive security best practices helps safeguard devices and data from authorized access against a continually adapting cyber threat universe.

    To summarize the key types according the information provided:

    • Macro viruses spread through Microsoft Office documents and templates
    • File infection viruses directly modify executable files during copying or movement
    • Boot sector viruses infect early system boot code on storage devices
    • Polymorphic viruses mutate with each replication to evade signature detection
    • Stealth viruses intentionally avoid detection through camouflage techniques
    • Ransomware encrypts and holds files for ransom payment
    • Computer worms replicate independently to spread rapidly across networks

    Understanding prevalent virus categories supports taking proactive security like enabling macro security hardening, caution with external drives, monitoring storage devices at startup, utilizing advanced multi-layered detection, and generally practicing cyber hygiene through user education and vigilance around evolving threats. With awareness and diligence, individuals can help prevent the unauthorized damage and disruption malware authors design computer viruses to enable.