The Enemy You Can’t See: How to Defend Yourself Against Computer Viruses

A single email changed everything. On a sticky morning in May 2000, inboxes around the world lit up with a simple, yet tantalizing subject line: ILOVEYOU.  

One click was all it took to set off chaos, with JPEG files and Office documents being overwritten and a trojan unleashed. The click felt around the world paralyzed communications at the Army’s largest command and brought down email servers of multinational banks, corporations, and factories. In all, ILOVEYOU cost the world economy $10 billion in damages. 

Ultimately, a global hunt for the perpetrator led to a 23-year-old computer science student in the Philippines - and a dead end. Beneath it all, however, pulsed the deeper question: How are viruses like this created? And just as important – why do people fall for them? 

How are computer viruses made? 

A computer virus can attach to your files, programs, or hard drive boot sector. 

Like its biological cousin, the virus has an infection mechanism. 

This is how it enters your system. It can be through an email attachment, download, or infected USB drive. 

The virus also has a trigger, which activates a payload at a set time or when an action is performed. This could be on a specific day or when you open a file. 

Finally, the payload executes a malicious action. This can be delivering ransomware or transferring your data to a command-and-control (C2) server. 

In Onel de Guzman’s case, his ILOVEYOU virus had a Trojan payload, set to steal Internet dial-up passwords from infected computers. 

A student at AMA Computer College at the time, de Guzman couldn’t afford the dialup fees. So, he decided to steal other people’s passwords.  

As a computer science major, he knew a thing or two about coding. But this time, he needed something more. 

To spread his virus, de Guzman used a combination of obfuscation and social engineering. The virus was written in VBScript and sent as the attachment "LOVE-LETTER-FOR-YOU.TXT.vbs.” 

At the time, however, Windows hid .vbs extensions by default, so users only saw “LOVE-LETTER-FOR-YOU.TXT” and assumed it was a harmless text file.  

Many people didn’t realize ILOVEYOU was both a virus and a worm. As a virus, it needed a trigger i.e. a victim to open the attachment. Once opened, ILOVEYOU automatically propagated by emailing itself to all contacts (classic worm behavior). 

Today, virus creation has been amplified by AI tools like Polymorpher-AI (which can generate thousands of viral variants) and WormGPT (which can mass-generate phishing emails in a dozen languages). But, as always, the most dangerous tool still isn’t code. It’s the carefully crafted assault that preys on your fears, curiosity, and trust. 

In the end, de Guzman leveraged that most basic of human instincts – the need for love – to get what he believed was his due: free internet access. Today, the United Nations agrees with him, calling universal connectivity the new human right. 

As for de Guzman, he’s since admitted his guilt and remains incredulous at how much damage ILOVEYOU actually caused, which brings us to a question we’re often asked. 

How many types of computer viruses are there really? 

The truth? The total number is hard to pin down. 

While it isn’t impossible to determine how many types of viruses exist, the number is constantly evolving due to new variants.  

So, security experts typically categorize viruses into several major types: 

Virus type	Examples	How it works + how to protect against it
Overwrite virus	Grog.377, Grog.202/456, ILOVEYOU	Overwrites files with virus code Infected files can’t be replaced Affects Windows, DOS, Linux, and Apple systems Protections: Frequent backups Use email filtering tools like Mimecast, TitanHQ, and Proofpoint to block suspicious attachments Use robust antivirus software and keep it updated
Boot sector virus	Disk Killer, Stone virus, Michelangelo	Targets a computer’s master boot record (MBR) Loads into main memory on boot Michelangelo virus only activates once per year (March 6, Michelangelo’s birthday) Protections: Enable boot sector protections, such as Secure Boot in Windows 11 Keep antivirus updated
Polymorphic virus	UPolyX, Virlock, Vobfus	Encrypts its code with a new key each time Uses mutation engines to create new decryption routines (code that unlocks the virus) every time it replicates Thus, the virus looks different with each infection but preserves its harmful functionality. Protections: Regular updates For businesses, deploy an XDR tool, which combines EDR (endpoint detection & response), UEBA (user & entity behavior analysis), NTA (network traffic analysis), and antivirus functionality in one solution
Macro virus	Concept, Melissa virus, Bablas	Written in macro languages like Word and Excel Spreads via email attachments Activates on opening documents Protections: Use trusted antivirus solutions Avoid opening attachments from unknown sources
Multipartite virus	Ghostball, Invader, Polyboot.B	Targets boot sector and program files simultaneously Also known as a hybrid virus Can spread through infected executable files and email attachments Protections: Use trusted antivirus solutions Avoid opening attachments from untrusted sources Clean boot sector and entire disk before storing new data
Memory resident virus	Chernobyl virus, CMJ	Stays active in RAM (random access memory), which means it remains even after the infected program or app is terminated Once there, the virus can infect any files the user opens Appears in 3 modes: fast infector (highly aggressive), slow infector (infects files only when copied or moved), and stealth (hides presence from antivirus software) Protections: Keep OS and apps updated with the latest security patches Avoid downloading/opening unknown attachments Use strong antivirus with memory scanning such as Bitdefender Antivirus Plus or Malwarebytes Premium
FAT virus	Link virus	Corrupts the FAT (file allocation table) on the hard drive, which keeps track of file locations Disrupts the mapping between filenames and their actual disk locations Can completely prevent the accessing of files, which leads to data loss Protections: Download trusted files only Use strong antivirus software Keep browser and OS updated
Direct action virus	VCL.428	Typically attaches to executable files, such as .exe or .com files, in emails Can lie dormant until a specific action is taken Can delete or corrupt files as soon as the executable is run Protections: Use strong antivirus solutions like Bitdefender or Malwarebytes that can run real-time and on-demand scans Run trusted files only
Web scripting virus	JS.fornight	Spreads with the help of infected ads Targets social networking sites Inserts malicious code into a website’s HTML or scripts Malicious scripts run in the browser when victim visits infected site Malicious scripts can redirect to phishing sites and enable the stealing of session cookies Protections: Use browser extensions to block pop-ups and scripts from untrusted sites Be cautious about clicking links that direct to unfamiliar sites Keep browsers updated For SMB (small and medium sized) businesses, Sucuri Site Check is a free tool that scans website source code for malware & viruses. Sucuri paid plans offer a web application firewall, continuous security scans, and malware removal.

What is the difference between a virus and worm? 

Both are malicious software, but here’s the big difference: A virus needs you to open or execute a program to spread. 

A worm, on the other hand, is self-replicating. It can spread across your network on its own, without any action on your part.  

Think about the ILOVEYOU virus, which exhibited the hybrid characteristics of a worm and virus. 

Worms spread without needing to attach themselves or embed to a host file. ILOVEYOU didn’t embed. It was the file, i.e. the .vbs file was the worm itself. Once someone opened the attachment, it automatically emailed itself to every contact in the user’s address book. This is classic worm behavior. 

ILOVE YOU also acted like a virus: It required user action to activate the payload, and it overwrote files.  

What is the difference between a computer virus and malware? 

Malware is an umbrella term for all malicious software. This includes viruses, worms, trojan horses, ransomware, spyware, and more. 

So, viruses are just one type of malware. 

How to know if your computer has a virus  

If you’re wondering how to tell if your computer has a virus, here are the top signs: 

• A rise in unexpected pop-up windows 

• Constant redirects to seedy sites 

• The sudden lag in device performance 

• Frequent system crashes 

• Malfunctioning or disabled antivirus programs 

• Corrupted or inaccessible files 

• The appearance of new apps you didn’t install 

• Unexplained changes to your browser’s homepage 

• Reduced battery life 

Do Apple or Mac computers get viruses? 

The answer is yes. The myth that Macs are immune may have originated from the 2006 “Get a Mac” ad featuring a “healthy” Mac and “sickly” PC.  

The ad set off a chain of Apple ads claiming that PCs had 114,000 known viruses, while Apple had none. 

Although macOS malware is less prevalent than Windows or Linux malware, 11% of all detections (identification of threats) on Macs in 2023 came from variants of malware. This included ransomware, trojans, info stealers, worms, and viruses (proving that Macs aren’t off-limits to attackers). 

How to get rid of virus on Mac  

Is your Mac behaving strangely? Perhaps, there’s been a sudden drop in performance. 

Before you act, ask yourself: Could an overflowing Downloads folder be the reason for the lag? If so, use a tool such as Avast Cleanup to scan your machine and delete unnecessary files. 

If, however, the drop in performance is accompanied by redirects to strange sites, the appearance of unfamiliar apps, and a flood of pop-up ads, your Mac may be infected with a virus. 

Here's what you need to do to regain control of your device: 

1. First, isolate your device from the network by disconnecting from the internet.  
   
   
2. Reboot in Safe Mode so the virus has fewer points of attack. 
   
   
3. View the Activity Monitor to identify unfamiliar processes running in the background, especially if they’re consuming unusually high CPU, disk, network, or memory resources. Then, force-quit them. 
   
   
4. Next, uninstall any unwanted applications from the Applications folder.   
   
   
5. Run a full system scan with a trusted Mac virus cleaner like Avast Security for Mac. If the scan finds any viruses, Avast will remove them before attempting to repair any infected files. 
   
   
6. If your browser has been redirecting you to strange sites, clearing the cache may help fix issues caused by cached redirects. You may also want to delete unwanted browser extensions and reset your browser settings to default. If you have Chrome (for macOS 12 Monterey and up), resetting restores settings like the home page, search engine, and content preferences that may have been modified by the virus. Your bookmarks and passwords will remain unaffected. 
   
   
7. If issues persist, you may want to consider a full factory reset of your Mac. However, be sure to back up all your important files beforehand. 

How to get rid of virus on PC  

1. First, start with Microsoft’s built-in antivirus protection: Microsoft Defender. 

• Click the “Start” menu. 

• Go to Setting > Update & Security > Windows Security 

• Click “Virus & Threat Protection.” 

• Select “Quick Scan” for a fast check or Scan Options > Microsoft Defender Offline Scan for a deeper scan that restarts your PC. This will take about 15 minutes. Note: Offline scans can detect more persistent viruses because they run before Windows fully loads. 

2. Use the Microsoft Malicious Software Removal Tool (MSRT). It can remove viruses from devices running on Windows 7, 8.1, 10, and 11.  

• You can download MSRT from the official Microsoft page or, if you’ve turned on Automatic Updates, you can run it by pressing Win + R to open the “Run Box,” typing “mrt,” and pressing “Enter.” 

• You’ll still need an antivirus even if you use MSRT. Here’s why: MSRT removes malware from an already-infected computer. Meanwhile, an antivirus tool blocks malware from running on your PC. You’ll need both tools. 

• Also, MSRT focuses on the detection and removal of malware such as viruses, worms, and Trojan horses only. It doesn’t remove spyware: You’ll need an antivirus tool like TotalAV or Avast for that. 

How can I protect myself against fake antiviruses? 

As if viruses aren’t enough, you now have fake antivirus alerts to watch for. Here’s how you can stay safe. 

How to identify a fake antivirus alert	What it means for you	What to remember
It demands immediate payment	Scammers are after your payment info.	Real alerts never ask for money up front.
It asks you to make a call immediately.	Scammers hope you’ll: Share your banking or account details when you call Grant remote access so they can hijack your PC and access your personal info	Genuine warnings don’t require calls or remote access.
It contains panic-inducing language and over-the-top warnings.	They’re playing on your emotions to get quick action from you.	Legitimate alerts use calm, clear messages.
The alert appears as a browser pop-up or full-page takeover.	This is a bold attempt to invade your space and attack your sense of security.	Real alerts show inside your antivirus app or through trusted system notifications, not your browser.
It asks you to click on a link to download updates.	You’re being sent to a phishing site so they can harvest any personal info you enter.	Only trust your antivirus tool for updates.
The pop up comes from an unknown source.	Unknown sources can put your data and bank accounts at risk.	Only trust warnings from your antivirus tool.

 

Remember, the best defense against fake antivirus pop up alerts is: Don’t panic, don’t click, and above all, don’t pay. 

Related articles 

• What Is Malware?

• Understanding the Difference Between Malware and Viruses

• Understanding Trojan Viruses and How to Protect Your Devices

Protect your digital life with LastPass

In a worst-case scenario, the scammers manage to hijack your computer and steal your master password (the key to your LastPass vault). 

What do you do now? 

Most people would panic. But if you’re a LastPass customer, you rest easy. 

Without a second factor of authentication, such as one-time codes via the LastPass Authenticator or FIDO2 MFA options like passkeys or hardware security keys, the scammers stay locked out. 

And that’s not all. With LastPass, you get a layered defense: 

• Strong, unique passwords for every site: This means hackers can’t use the “one password fits all” trick to access your accounts.  

• Encrypted vault URLs: Even if the scammers manage to get in, they can’t see the nature of the accounts linked to your credentials. Without that information, they are powerless to act. 

• Smart autofill that works only on legitimate sites: This means you save time logging in AND never accidentally hand over your credentials to phishing sites trying to steal your info. 

• Instant breach alerts and 24/7 Dark Web Monitoring: If your info shows up on Dark Web forums, this means you get immediate alerts so you can update your passwords before the scammers act. 

• Seamless cross-device sync: With LastPass, you get access to your data anytime, anywhere, and on any device of your choosing. 

As an award-winning Secure Access provider, we want you to experience the effortless security enjoyed by millions of our happy customers. That’s why we’re giving you a 30-day free trial of LastPass today (no credit card required). 

And that’s not all: Should you choose, a free trial also gives you the opportunity to sign up for our passkeys beta. By joining, you can test out passkeys and share your feedback to help us make it even better.    

With LastPass, you enjoy greater peace of mind knowing your data is secure and always within reach.    

LastPass is one of those "set it and forget it" systems I love. It works perfectly to keep your passwords secure, and you never have to remember your passwords again, since it does everything for you. Since I started using LastPass I increased my security, and I have [not] had to recover my password in systems and apps because LastPass remembers all passwords for me (verified G2 user in computer software)

 

Additional Sources: 

1) https://www.uscybersecurity.com/blogs/overwrite-virus  

2) https://www.f-secure.com/v-descs/diskkill.shtml 

3) https://www.pandasecurity.com/en/security-info/223/Michelangelo/ 

4) https://threat.media/definition/what-is-a-polymorphic-virus/ 

5) https://whyy.org/segments/iloveyou-how-a-students-email-virus-exploited-human-nature/  

6) https://www.techtarget.com/searchsecurity/definition/Melissa-virus 

7) https://cloudmersive.com/article/What-is-a-Multipartite-Virus%3F 

8) https://smartermsp.com/tech-time-warp-ghostball-virus-haunts-pc-users-in-1989/ 

9) https://bootcampsecurity.com/blog/what-is-a-resident-virus-works-examples-prevention-tips/  

10) https://spamlaws.com/protecting-against-the-fat-virus/