Simple Virus
A simple virus is activated when a user launches an infected program. The virus then takes control of the computer and attaches to another program file. These viruses are easy to detect, since they make an exact copy of themselves. To find such a virus, anti-virus software simply scans for its specific sequence of bytes, known as a signature.

Encrypted Virus
In an encrypted virus, the signature is scrambled, so the scanner cannot detect it. The virus signature changes from program to program. However, the decryption routine stays the same, so anti-virus software scans for a repeating decryption routine instead of the signature. In addition to simple and encrypted viruses, there are four major types of malicious code-- polymorphic viruses, macro viruses, worms, and Trojan horses.

Polymorphic Virus
Polymorphic computer viruses are intentionally difficult to detect, though anti-virus programs can easily find and remedy this type of virus. Authors of polymorphic viruses encrypt both the body of the virus and the decryption routine. No two infections look alike, so no single anti-virus definition can be created to conquer all of them. Anti-virus solution providers use their virus protection technology to create generic decryption routines that expose the virus.

Macro Virus
Macro viruses are among the most commonly and easily created viruses. They also tend to be the least damaging. Macro viruses use an application macro language (such as Visual Basic or VBScript) to infect and replicate documents and templates. They are platform independent, but are typically associated with Microsoft Office programs. These viruses use the Microsoft programming environment to auto-execute viral macro code. Once an infected document is opened, the virus is executed and will infect the user's application templates. Macros can insert unwanted words, numbers, or phrases into documents or alter command functions. According to some estimates, 75% of all viruses today are macro viruses. Once a macro virus infects a user's machine, it can embed itself in all future documents created with the application. For example, if the "normal.dot" template in Microsoft Word – the default document template in that program – is infected with a macro virus, every new document created in Word will carry a copy of the macro virus.

Trojan Horse
A Trojan horse is a malicious program that is disguised as a benign program, such as a screen saver, archiving application, game, or even a program to find and destroy viruses. However, the program actually performs a malicious task without the user's knowledge or consent. It does not replicate itself like a true virus, does not make copies of itself like a worm, and is usually propagated through e-mail or Internet downloads. Trojan horse payloads vary widely; they can steal passwords, infect a machine with a virus, or even act as a tool for others to "spy" on users by recording keystrokes and transmitting them to a third party via TCP/IP.

Worms
A worm is a program that propagates itself, usually over a network via e-mail, TCP/IP, or disk drive, reproducing itself as it goes. A worm is not technically a "virus" because it can propagate independently. Many malicious programs that are worms are falsely called viruses. For example, ILOVEYOU was a worm, not a virus. Worms are extremely dangerous to the network and are more difficult to control because they do not require user propagation. A worm can spread itself to hundreds of thousands of machines very quickly. In the ILOVEYOU example, the worm was typically received by users in e-mail as a file attachment consisting of a VBScript-based program. If the attachment was executed, several processes were spawned automatically, which caused the worm to be copied (propagated) and sent as an e-mail attachment to every individual in the user's Microsoft Outlook address book. The worm also deleted and replaced certain types of files on the user's hard drive, so that if any of these files were opened, its self-propagation routine would run again. Imagine a corporate network where several users received and activated the worm, and it is easy to imagine the network grinding to a halt within just a few hours from the heavy e-mail traffic being spawned by the worm, in addition to the loss of data from damaged files. And since the worm was propagated primarily by e-mail, it could easily infect other networks within a very short period of time.