Malware authors use obfuscation techniques to make their code harder to detect or analyse by antivirus software and security researchers. This includes methods such as code packing, where the malware is compressed and only unpacks during runtime, making it harder for scanners to read. Encryption of the payload ensures the malicious code is not easily visible in static analysis. Polymorphic malware changes its code slightly every time it infects a new system, while maintaining its functionality, making signature-based detection ineffective. Metamorphic malware goes a step further by rewriting its own code entirely, often using different algorithms or instructions, while preserving its original behaviour. Obfuscation can also involve hiding code within seemingly harmless files, splitting code into small fragments that only assemble during execution, or disguising file types and extensions. These techniques delay detection, reduce the chances of being quarantined, and allow malware to persist longer on infected systems.

A botnet is a network of computers, often called “bots” or “zombies,” that have been infected with malware and are controlled remotely by an attacker, usually via a command and control (C&C) server. Trojans are commonly used to create botnets by tricking users into installing a seemingly safe application that secretly opens a backdoor into their system. Once the Trojan is installed, it connects to the attacker’s server and awaits instructions. The infected computer becomes part of a larger botnet that can be used for various malicious activities, such as sending spam emails, performing distributed denial-of-service (DDoS) attacks, mining cryptocurrency, or harvesting personal data. Botnets are highly valuable because they provide attackers with a large pool of computing power and anonymity. Detection is often difficult because individual bots may behave normally, and users might not notice anything unusual. Trojans are ideal for this because of their stealth and ability to avoid suspicion during installation.

In enterprise environments, worms can cause significantly more damage than in home settings due to the scale, interconnectedness, and complexity of corporate networks. Worms exploit vulnerabilities in services like file sharing, email servers, and outdated operating systems. In a business setting, a single infected machine can quickly lead to widespread compromise across departments, servers, and remote sites. This can lead to downtime, loss of access to critical systems, disruption of operations, and damage to business continuity. Additionally, worms can steal or delete sensitive data, leading to legal consequences, reputational damage, and violations of data protection laws. Enterprises often have layered security, but a single misconfiguration or unpatched system can serve as an entry point. In contrast, home users typically have smaller, less connected environments with limited data of interest, reducing both the scope and impact. However, worms can still consume bandwidth and slow devices for home users, though the consequences are generally less severe.

Yes, malware can infect mobile devices, but the infection vectors and behaviours often differ due to the nature of mobile operating systems. On platforms like Android, malware commonly spreads through malicious apps that users download from third-party stores or, in some cases, even the official Google Play Store. These apps may act as Trojans by appearing useful while carrying hidden malicious code. Mobile malware can also spread through malicious links in SMS messages (smishing), fake updates, or compromised websites. Unlike traditional computers, mobile systems are sandboxed, meaning each app runs in its own environment, which limits malware’s ability to spread between apps. However, privilege escalation exploits can break these restrictions. On iOS, strict app vetting makes malware rarer, but jailbroken devices are highly vulnerable. Mobile malware can steal personal data, record audio, track GPS location, or send premium-rate SMS messages, resulting in financial loss or identity theft. The infection methods are different but equally dangerous.

Macro viruses remain relevant because they exploit features in widely used office productivity software, especially Microsoft Word and Excel, which still support macros for legitimate automation. These viruses are embedded in documents and execute when a user opens the file and enables macros, often prompted by misleading messages such as “Enable content to view this document properly.” Despite security warnings and default macro blocking, users can be socially engineered into enabling them. Macro viruses can run commands, download additional malware, or manipulate system files. They are particularly effective in phishing campaigns, where attackers send fake invoices, CVs, or contracts as email attachments. Organisations that rely on macro-enabled templates or scripts may also have weaker protections, making them targets. Furthermore, macro viruses can bypass some traditional antivirus solutions by hiding in legitimate documents and exploiting the trust users place in familiar file types. Their persistence shows the importance of ongoing user education and secure default settings.