In the modern digital world, few threats are as persistent, damaging, and constantly evolving as computer viruses and malware. Since the earliest days of personal computing, malicious software has shadowed legitimate technology development, with creators of harmful programs matching — and sometimes outpacing — the efforts of security professionals working to defend against them. What began as curiosity-driven experiments by hobbyist programmers in the 1970s and 1980s has evolved into a sophisticated, globally organized criminal enterprise causing trillions of dollars in damage each year.
The term “computer virus” is frequently used as a catch-all term for any form of malicious software, though technically a virus is a specific type of malware with distinct characteristics — particularly the ability to replicate itself by attaching to legitimate files or programs. The broader category of malicious software, or malware, encompasses viruses alongside dozens of other threat types including worms, trojans, ransomware, spyware, adware, and rootkits, each with its own mechanisms, objectives, and methods of propagation. Understanding the distinctions between these categories is an important step in building effective digital defenses.
The scale of the global cybersecurity threat is staggering. Cybercrime is estimated to cost the global economy over $8 trillion annually as of 2023, a figure projected to reach $10.5 trillion by 2025 according to Cybersecurity Ventures. A new malware sample is detected approximately every 0.4 seconds, with over 450,000 new malicious programs identified daily by security researchers worldwide. Ransomware attacks alone increased by over 93 percent in 2021 compared to the previous year, and the average cost of a data breach reached $4.45 million in 2023 according to IBM’s annual Cost of a Data Breach Report — the highest figure ever recorded.
The motivations behind malicious software have evolved significantly since the early days of computing. Early viruses were often created for curiosity, technical challenge, or notoriety rather than financial gain. Today, the overwhelming majority of malware is financially motivated, created by organized criminal groups, state-sponsored actors, or individual hackers seeking profit through data theft, ransomware payments, financial fraud, or the sale of compromised system access on dark web markets. The following 30 types represent the full spectrum of malicious software threats that individuals, businesses, and governments face in the contemporary digital landscape.
1. File Infector Virus
File infector viruses are among the oldest and most classic forms of computer malware, attaching themselves to executable files — programs with extensions such as .exe or .com — and activating whenever the infected file is run. When an infected program executes, the virus code runs first, potentially infecting other executable files on the system, corrupting data, or delivering a destructive payload. Early file infectors spread primarily through shared floppy disks, but modern variants propagate through downloaded software, email attachments, and shared network drives. Some file infectors overwrite portions of the host file, while others append or prepend their code, making them more or less detectable by antivirus software.
2. Boot Sector Virus
Boot sector viruses infect the master boot record or volume boot record of a storage device — the critical area of a hard drive or removable disk that contains the code executed by the computer’s firmware at startup, before the operating system loads. By installing themselves in this pre-OS location, boot sector viruses load into memory before any security software can activate, giving them a significant advantage over detection and removal attempts. The Michelangelo virus of the early 1990s was one of the most feared boot sector viruses, programmed to overwrite critical disk sectors on March 6 — the artist’s birthday — causing widespread media panic in 1992.
3. Macro Virus
Macro viruses exploit the macro programming functionality built into document-based software such as Microsoft Word and Excel, embedding malicious macro code within document files that executes when the document is opened. Unlike traditional viruses that target executable programs, macro viruses spread through data files — documents, spreadsheets, and presentations — that users routinely share via email and file-sharing services, making them an exceptionally effective propagation vector. The Melissa virus of 1999 was one of the most destructive macro viruses in history, spreading via infected Word documents emailed to the first 50 contacts in each victim’s Outlook address book and causing an estimated $80 million in damage.
4. Polymorphic Virus
Polymorphic viruses are sophisticated malware that actively changes its own code — typically through encryption with a variable decryption routine — each time it replicates, producing a different binary signature with every new infection. This constant self-mutation is specifically designed to evade signature-based antivirus detection, which works by comparing file code against a database of known malware signatures. A polymorphic virus produces thousands or millions of distinct variants of itself, making signature matching effectively impossible. The Storm Worm and Conficker are among the most famous examples of polymorphic malware, the latter infecting an estimated 9 to 15 million computers worldwide in 2008 and 2009.
5. Metamorphic Virus
Metamorphic viruses represent the most technically sophisticated form of self-modifying malware, going beyond the encryption tricks of polymorphic viruses to actually rewrite their own entire code base with each replication cycle. Rather than simply encrypting a fixed payload, a metamorphic virus uses a code transformation engine to restructure its instructions, substitute equivalent operations, reorder independent code blocks, and insert meaningless dummy instructions — producing functionally identical but structurally completely different code variants. This extreme degree of self-modification makes metamorphic viruses among the most difficult of all malware to detect and analyze, requiring behavioral analysis rather than simple signature matching.
6. Resident Virus
Resident viruses install themselves permanently in a computer’s RAM (random access memory) during execution, remaining active in memory after the original infected program has closed and continuing to intercept and infect programs, files, or disk operations as they occur. This persistent memory residency gives resident viruses a significant operational advantage over non-resident types, as they do not need to be actively running from an infected file to cause harm — they operate from memory, invisible to the casual user, intercepting system calls and spreading to new files automatically. The Randex, CMJ, and Meve viruses are well-known examples of resident virus families.
7. Non-Resident Virus
Non-resident viruses operate differently from their resident counterparts, finding and infecting host files immediately upon execution rather than installing themselves into memory for persistent operation. Each time an infected program runs, the virus searches the file system for new targets to infect, then ceases active operation when the host program terminates. While non-resident viruses are generally simpler and somewhat easier to detect and remove than resident types, they can still spread extensively through a file system before detection, particularly when users frequently run programs and share files across networks or removable media.
8. Network Virus
Network viruses — also commonly called network worms when they can propagate without human interaction — spread specifically through computer networks, exploiting shared drives, network file systems, email systems, and network vulnerabilities to move from computer to computer without requiring the manual copying of infected files on physical media. In the era of always-connected computing and large organizational networks, network viruses can propagate with extraordinary speed. The ILOVEYOU virus of 2000 — technically a worm — spread via email to over 50 million computers within 10 days of its release, causing an estimated $10 billion in damages worldwide.
9. Ransomware
Ransomware is arguably the most financially devastating form of modern malware, encrypting the victim’s files or locking access to their entire system and demanding payment — typically in cryptocurrency — in exchange for the decryption key. Ransomware attacks have grown exponentially in frequency and severity over the past decade, targeting everyone from individual home users to hospitals, schools, government agencies, and major corporations. The WannaCry ransomware attack of May 2017 infected over 200,000 computers in 150 countries within a single day, causing total damages estimated at $4 to $8 billion and bringing the UK’s National Health Service to a near standstill, forcing the cancellation of thousands of appointments and operations.
10. Trojan Horse
A Trojan horse — named after the legendary wooden horse used by Greek soldiers to infiltrate Troy — is malware that disguises itself as a legitimate, useful, or desirable program to deceive users into installing it voluntarily. Unlike viruses, Trojans do not self-replicate; they rely entirely on social engineering to achieve installation. Once active, a Trojan may perform a wide range of malicious activities depending on its purpose — creating backdoors for remote access, downloading additional malware, logging keystrokes, stealing credentials, or corrupting files. Trojans are the most common form of malware detected by security software, accounting for a significant majority of all malware incidents globally.
11. Worm
Computer worms are self-replicating malware that spread across networks and systems without requiring any human interaction or host file to attach to — distinguishing them from traditional viruses, which require a host file or program. Worms exploit security vulnerabilities in operating systems, network protocols, or software applications to propagate automatically, consuming network bandwidth, installing additional malware, creating backdoors, or causing direct damage to the systems they infect. The Morris Worm of 1988 — widely considered the first internet worm — infected approximately 6,000 computers, representing around 10 percent of the entire internet at the time, and led directly to the creation of the world’s first Computer Emergency Response Team (CERT).
12. Spyware
Spyware is malicious software designed to covertly monitor a user’s activity — recording keystrokes, capturing screenshots, tracking browsing activity, logging passwords, and transmitting the collected data to the attacker without the victim’s knowledge or consent. Spyware is frequently bundled with apparently legitimate free software, installed through malicious websites, or delivered via phishing emails, and many victims remain unaware of its presence for extended periods. Spyware is a significant component of identity theft, corporate espionage, and state-sponsored surveillance operations. The Pegasus spyware developed by the Israeli NSO Group gained global attention after revelations that it had been used to surveil journalists, activists, and political leaders worldwide.
13. Adware
Adware is software that automatically displays or downloads advertising material to the user’s device, typically generating revenue for its creator through advertising networks. While many adware programs occupy a legal gray area — bundled with free software in terms and conditions users rarely read — malicious adware installs without meaningful consent, is difficult or impossible to remove, hijacks browser settings, redirects search queries, and can serve as a delivery mechanism for more dangerous malware. Adware is among the most commonly encountered forms of potentially unwanted software, with billions of devices affected globally at any given time.
14. Rootkit
Rootkits are among the most dangerous and technically sophisticated forms of malware, designed specifically to conceal their own presence and the presence of other malicious software by modifying the underlying operating system, kernel, drivers, or firmware. By operating at or below the operating system level, rootkits can intercept and manipulate system calls to hide malicious processes, files, registry entries, and network connections from standard security tools. The Sony BMG rootkit scandal of 2005 — in which Sony music CDs automatically installed a rootkit on Windows computers to enforce digital rights management — exposed millions of computers to security vulnerabilities and resulted in significant legal and reputational consequences for the company.
15. Keylogger
Keyloggers are software programs that record every keystroke made on an infected device, capturing passwords, credit card numbers, messages, emails, and any other information typed by the user. The captured data is typically stored in a hidden log file and transmitted to the attacker at regular intervals. Keyloggers are used extensively in financial fraud, identity theft, corporate espionage, and credential theft operations. Some keyloggers also capture clipboard contents, take periodic screenshots, and record audio or video from device microphones and cameras, providing attackers with a comprehensive surveillance capability far beyond simple keystroke recording.
16. Botnet Malware
Botnet malware transforms infected computers into remotely controlled “bots” or “zombies” — part of a network of compromised machines that can be directed simultaneously by an attacker through a command-and-control server. Botnets are used for a wide range of malicious purposes including sending spam email, conducting distributed denial-of-service (DDoS) attacks, mining cryptocurrency, distributing additional malware, and credential stuffing attacks. The Mirai botnet of 2016 — which infected hundreds of thousands of Internet of Things (IoT) devices and launched one of the largest DDoS attacks in internet history — demonstrated the escalating scale and impact of modern botnet infrastructure.
17. Fileless Malware
Fileless malware represents a particularly challenging threat for traditional security tools because it operates entirely in a computer’s RAM, using legitimate system tools and processes — such as PowerShell, Windows Management Instrumentation, or macOS scripting components — to carry out its malicious activities without ever writing files to disk. Because there are no malicious files to scan, signature-based antivirus software is ineffective against fileless attacks, which leave minimal forensic traces. Fileless malware attacks increased by over 900 percent between 2017 and 2020 according to WatchGuard Technologies, reflecting the growing sophistication of the threat landscape.
18. Logic Bomb
A logic bomb is malicious code secretly inserted into a legitimate software system, programmed to execute a destructive payload when specific predefined conditions are met — such as a particular date being reached, a specific user account being deleted, or a certain program being run. Logic bombs are particularly dangerous because they can lie dormant and undetected within critical systems for months or years before triggering. They are frequently employed as acts of sabotage by disgruntled current or former employees with system access. A programmer at Fannie Mae was convicted in 2008 of planting a logic bomb designed to destroy data across the company’s entire server network — approximately 4,000 servers — on a specific date.
19. Time Bomb
A time bomb is a specific variant of the logic bomb concept in which the trigger condition is purely time-based — the malicious payload activates on a predetermined date or time. The Michelangelo virus, mentioned earlier in the context of boot sector viruses, was also one of the most famous time bombs, programmed to overwrite critical disk sectors on March 6 of each year. Time bombs are challenging to detect in advance because the code responsible for checking the date and triggering the payload may be entirely dormant and show no unusual behavior until the trigger date is reached.
20. Browser Hijacker
Browser hijackers are malware that takes control of the victim’s web browser, modifying the default homepage, default search engine, new tab page, and other browser settings without authorization. The victim is typically redirected to specific websites — often fake search engines that deliver sponsored results — generating advertising revenue for the attacker. Browser hijackers are frequently bundled with free software downloads and browser extensions, and many users are unaware that their browser has been compromised. Beyond the immediate nuisance of unwanted redirects, browser hijackers can expose users to further malware through the compromised search results and pages they force users to visit.
21. Cryptojacker
Cryptojacking malware secretly uses the processing power of an infected computer to mine cryptocurrency on behalf of the attacker, consuming electricity and degrading system performance without the owner’s knowledge or consent. The infected device becomes an unwilling participant in generating cryptocurrency income for criminals, with victims noticing only that their computer has become slow, hot, and unresponsive. Cryptojacking surged in popularity from 2017 onward as cryptocurrency values increased dramatically, and browser-based cryptojacking — where mining scripts run silently in web pages visited by users — became particularly widespread. At its peak in 2018, cryptojacking affected over 55 percent of organizations globally according to Check Point Research.
22. Man-in-the-Middle Malware
Man-in-the-middle (MITM) malware positions itself invisibly between a user’s device and the services they communicate with — intercepting, reading, and potentially modifying data in transit without either the user or the service being aware of the interception. MITM attacks can be used to steal login credentials, financial information, and sensitive communications, to inject malicious content into legitimate web pages, or to silently modify financial transactions. Banking trojans frequently incorporate MITM capabilities, intercepting communications between banking applications and bank servers to steal credentials and manipulate displayed account information while the underlying attack proceeds invisibly.
23. Backdoor Virus
Backdoor malware creates a hidden, persistent access point in a compromised system that allows attackers to remotely access and control the infected machine at will, bypassing normal authentication mechanisms. Backdoors can be installed through viruses, trojans, or exploited software vulnerabilities and are frequently deployed as a secondary payload alongside other malware. State-sponsored hacking groups make extensive use of custom backdoors to maintain persistent access to high-value targets in government, defense, research, and critical infrastructure organizations. Once a backdoor is established in a network, it can remain active and undetected for months or years — the average time to detect a breach was 204 days in 2023 according to IBM’s Cost of a Data Breach Report.
24. Multipartite Virus
Multipartite viruses are particularly versatile and dangerous malware that attack a computer system through multiple vectors simultaneously — typically infecting both the boot sector and executable files at the same time. This dual-front attack strategy makes multipartite viruses considerably more difficult to detect and remove than single-method viruses, as cleaning the infected executable files while leaving the boot sector contaminated — or vice versa — allows the virus to immediately reinfect the cleaned portions of the system. The Ghostball virus, discovered in 1989, was the first identified multipartite virus, and the category has remained one of the more persistent and challenging in the malware landscape.
25. Stealth Virus
Stealth viruses are malware specifically engineered to evade detection by antivirus and security software through active deception — intercepting operating system calls that access files or system areas where the virus is hiding and returning falsified information that conceals the infection. When antivirus software attempts to scan an infected file, the stealth virus intercepts the scan request and returns the original, clean version of the file from memory, making the file appear uninfected. Stealth viruses require sophisticated detection techniques that look for behavioral anomalies rather than relying on direct file examination, and they were among the first malware types to force significant innovation in antivirus technology.
26. Overwrite Virus
Overwrite viruses are a relatively simple but destructive form of malware that replaces the contents of infected files with their own malicious code, destroying the original file content entirely rather than appending or prepending code to the host file as more sophisticated viruses do. The original file functionality is completely lost, making the infection immediately obvious to users who find that programs no longer work correctly after infection. While the unsophisticated overwrite mechanism makes this virus type easier to detect than stealth or polymorphic types, the irreversible destruction of file contents means that recovery requires restoring from clean backups rather than simply cleaning the virus from the file.
27. Phishing Malware
Phishing malware encompasses a range of malicious tools used in conjunction with phishing attacks — fraudulent communications designed to trick recipients into revealing credentials, installing malware, or transferring funds. Spear phishing attacks — highly targeted phishing campaigns directed at specific individuals or organizations using personalized information — have become the entry point for the majority of major corporate and government data breaches. The 2016 Democratic National Committee breach, which had significant political consequences in the United States presidential election, began with a spear phishing email that successfully deceived a campaign official into revealing his Google account credentials. Phishing was the most common cybercrime reported to the FBI in 2022, with over 300,000 incidents logged.
28. Mobile Malware
Mobile malware encompasses the full spectrum of malicious software targeting smartphones and tablet devices running iOS, Android, and other mobile operating systems. As mobile devices have become the primary computing platform for billions of people worldwide — global smartphone users exceeded 6.9 billion in 2023 — they have become an increasingly attractive target for malware developers. Android devices are disproportionately affected due to the platform’s more open application distribution model, with malicious apps frequently distributed through third-party app stores and occasionally slipping through official store review processes. Mobile banking trojans, stalkerware, and SMS-based fraud malware are among the most commonly encountered mobile threats.
29. IoT Malware
Internet of Things (IoT) malware targets the rapidly growing ecosystem of internet-connected devices beyond traditional computers — including smart home devices, security cameras, routers, industrial control systems, medical devices, and connected appliances. Most IoT devices run stripped-down embedded operating systems with minimal security features, are rarely updated with security patches, and are often deployed with default or weak passwords, making them easy targets for exploitation. The number of IoT devices globally exceeded 15 billion in 2023 and is projected to exceed 29 billion by 2030 — a vast and rapidly expanding attack surface that malware developers are actively exploiting for botnet construction, espionage, and infrastructure disruption.
30. Wiper Malware
Wiper malware is among the most destructive categories of malicious software, designed with the singular purpose of permanently destroying data on infected systems rather than seeking financial gain, installing backdoors, or engaging in espionage. Wipers overwrite files, partition tables, master boot records, and other critical system structures to render affected computers completely inoperable and their data unrecoverable. Wiper attacks have been used extensively as tools of cyberwarfare and geopolitical disruption — the NotPetya attack of 2017, which initially appeared to be ransomware but was in fact a destructive wiper, caused an estimated $10 billion in global damages, making it the most costly cyberattack in history, with Maersk, Merck, and FedEx among the most severely affected organizations.