|
What
is
a
Computer
Virus?
A
Computer
Virus
is
a
program
(a
block
of
executable
code)
which
attaches
itself
to,
overwrites
or
otherwise
replaces
another
program
in
order
to
reproduce
itself
without
the
knowledge
of
the
PC
user.
In
other
words,
a
computer
virus
is
a
code
fragment
(not
an
independent
program)
that
reproduces
by
attaching
to
another
program.
It
may
damage
data
directly,
or
it
may
degrade
system
performance
by
taking
over
system
resources,
which
are
then
not
available
to
authorized
users.
Most
viruses
are
comparatively
harmless,
and
may
be
present
for
years
with
no
noticeable
effect;
some,
however,
may
cause
random
damage
to
data
files
(sometimes
insidiously,
over
a
long
period)
or
attempt
to
destroy
files
and
disks.
Others
cause
unintended
damage.
Even
benign
viruses
(apparently
non-destructive
viruses)
cause
significant
damage
by
occupying
disk
space
and/or
main
memory,
by
using
up
CPU
processing
time
and
by
the
time
and
expense
wasted
in
detecting
and
removing
them.
[Top]
What
is
a
Trojan
Horse
program?
A
type
of
program
that
is
often
confused
with
viruses
is
a
'Trojan
horse'
program.
This
is
not
a
virus,
but
simply
a
program
(often
harmful)
that
pretends
to
be
something
else.
For
example,
you
might
download
what
you
think
is
a
new
game;
but
when
you
run
it,
it
deletes
files
on
your
hard
drive.
Or
the
third
time
you
start
the
game,
the
program
E-mails
your
saved
passwords
to
another
person.
For
example,
DLoader-L
arrives
in
an
email
attachement
and
claims
to
be
an
urgent
update
from
Microsoft
for
Windows
XP.
If
you
run
it,
it
downloads
a
program
that
uses
your
computer
to
connect
to
certain
websites,
in
an
attempt
to
overload
them
(this
is
called
a
denial
of
service
attack).
Note:
simply
downloading
a
file
to
your
computer
won't
activate
a
virus
or
Trojan
horse;
you
have
to
execute
the
code
in
the
file
to
trigger
it.
This
could
mean
running
a
program
file,
or
opening
a
Word/Excel
document
in
a
program
(such
as
Word
or
Excel)
that
can
execute
any
macros
in
the
document.
[Top]
What
is
a
Computer
Worm?
A
worm
is
a
self-replicating
program
that
does
not
alter
files
but
resides
in
active
memory
and
duplicates
itself
by
means
of
computer
networks.
Worms
are
very
similar
to
viruses
in
that
they
are
computer
programs
that
replicate
themselves
and
that
often,
but
not
always,
contain
some
functionality
that
will
interfere
with
the
normal
use
of
a
computer
or
a
program.
But
unlike
a
virus,
it
does
not
attach
itself
to
a
host
program.
[Top]
A
brief
History
1950s
Bell
Labs
develop
an
experimental
game
in
which
players
use
malicious
programs
to
attack
each
other’s
computers.
1975
Sci-fi
author
John
Brunner
imagines
a
computer
“worm”
spreading
across
networks.
1984
Fred
Cohen
introduces
the
term
“computer
virus”
in
a
thesis
on
such
programs.
1986
The
first
computer
virus,
Brain,
is
allegedly
written
by
two
brothers
in
Pakistan.
1987
The
Christmas
tree
worm
paralyses
the
IBM
worldwide
network.
1988
The
Internet
worm
spreads
through
the
US
DARPA
internet.
1992
There
is
worldwide
panic
about
the
Michelangelo
virus,
although
very
few
computers
are
infected.
1994
Good
Times,
the
first
major
virus
hoax,
appears.
1995
The
first
document
virus,
Concept,
appears.
1998
CIH
or
Chernobyl
becomes
the
first
virus
to
paralyse
computer
hardware.
1999
Melissa,
a
virus
that
forwards
itself
by
email,
spreads
worldwide.
Bubbleboy,
the
first
virus
to
infect
a
computer
when
email
is
viewed,
appears.
2000
Love
Bug
becomes
the
most
successful
email
virus
yet.
The
first
virus
appears
for
the
Palm
operating
system,
although
no
users
are
infected.
2001
A
virus
claiming
to
contain
pictures
of
tennis
player
Anna
Kournikova
infects
hundreds
of
thousands
of
computers
worldwide.
2002
David
L
Smith,
the
author
of
Melissa,
is
sentenced
to
20
months
in
prison
by
US
courts.
2003
The
Blaster
worm
spreads
itself
across
the
internet
via
a
security
weakness
in
Microsoft
software.
Together
with
the
Sobig
email
virus,
it
makes
August
2003
the
worst
month
ever
for
virus
incidents.
2004
The
creators
of
the
Netsky
and
Beagle
series
of
worms
compete
to
see
which
can
have
the
greater
impact.
[Top]
What
kinds
of
files
can
be
infected
by
viruses?
Viruses
can
attach
themselves
to
any
code
that
runs
on
your
computer:
programs,
documents,
or
the
files
that
start
up
the
operating
system.
Programs:
Some
viruses
infect
programs.
When
you
start
the
infected
program,
the
virus
is
launched
first.
This
type
of
virus
appeared
early
in
virus
history
but
still
poses
a
threat,
as
the
internet
makes
it
easy
to
distribute
programs.
Documents:
Word
processing
or
spreadsheet
applications
often
use
“macros”
to
automate
tasks.
Some
viruses
take
the
form
of
a
macro
that
can
spread
from
one
document
to
another.
If
you
open
a
document
that
contains
the
virus,
it
copies
itself
into
the
application’s
startup
files
and
infects
other
documents
you
open
with
that
application.
Boot
sectors:
When
you
switch
on
your
computer,
it
accesses
a
part
of
the
disk
called
the
“boot
sector”and
runs
a
program
that
starts
the
operating
system.
The
earliest
viruses
replaced
this
boot
sector
with
their
own,
modified
version.
If
the
user
started
up
their
computer
from
an
infected
disk,
the
virus
became
active.
Since
virus
code
must
be
executed
to
have
any
effect,
files
that
the
computer
treats
as
pure
data
are
safe.
This
includes
graphics
and
sound
files
such
as
.gif,
.jpg,
.mp3,
.wav,
etc.,
as
well
as
plain
text
in
.txt
files.
[Top]
How
do
viruses
spread?
Viruses
can
reach
your
computer
via
all
the
routes
shown
here.
You
can
read
more
details
on
the
pages
that
follow.
Programs
and
Documents:
Programs
and
documents
can
be
infected
with
viruses.
When
you
share
them
with
other
users,
by
putting
them
on
your
network
or
intranet,
or
by
sending
them
out,
the
infection
can
spread.
Email:
Email
can
include
infected
attachments.
If
you
doubleclick
on
an
infected
attachment,
you
risk
infecting
your
machine.
Some
emails
even
include
malicious
scripts
that
run
as
soon
as
you
preview
the
mail
or
read
the
body
text.
The
Internet:
You
may
download
programs
or
documents
that
are
infected.
Security
vulnerabilities
in
your
operating
system
can
network
or
intranet,
also
allow
viruses
to
or
by
sending
them
infect
your
computer
via
the
internet
connection,
without
your
having
to
do
anything
at
all.
CDs
and
Floppies:
Floppy
disks
can
have
a
virus
in
the
boot
sector.
They
can
also
hold
infected
programs
or
documents.
CDs
may
also
hold
infected
items.
[Top]
What
can
viruses
do?
Slow
down
Email:
Viruses
that
spread
by
email,
such
as
Sobig,
can
generate
so
much
email
traffic
that
servers
slow
down
or
crash.
Even
if
this
doesn't
happen,
companies
may
react
to
the
risk
by
shutting
down
servers
anyway.
Steal
confidential
data:
The
Bugbear-D
worm
records
the
user's
keystrokes,
including
passwords,
and
gives
the
virus
writer
access
to
them.
Use
your
computer
to
attack
websites:
MyDoom
used
infected
computers
to
flood
a
software
company
named
SCO's
website
with
data,
making
the
site
unusable
(a
denial
of
service
attack).
Let
other
users
hijack
your
computer:
Some
viruses
place
“backdoor
Trojans”
on
the
computer,
allowing
the
virus
writers
to
connect
to
your
computer
and
use
it
for
their
own
purpose.
Corrupt
data:
The
Compatable
virus
makes
changes
to
the
data
in
Excel
spreadsheets.
Delete
data:
The
Sircam
worm
may
attempt
to
delete
or
overwrite
the
hard
disk
on
a
certain
day.
Play
pranks:
The
Netsky-D
worm
made
computers
beep
sporadically
for
several
hours
one
morning.
Display
messages:
Cone-F
displays
a
political
message
if
the
month
is
May.
Damage
your
credibility:
If
a
virus
forwards
itself
from
your
computer
to
your
customers
and
business
partners,
they
may
refuse
to
do
business
with
you,
or
demand
compensation.
Cause
you
embrarrassment:
For
example,
PolyPost
places
your
documents
and
your
name
on
sex
related
newsgroups.
Note
that
viruses
can't
do
any
damage
to
hardware:
they
won't
melt
down
your
CPU,
burn
out
your
hard
drive,
cause
your
monitor
to
explode,
etc.
Warnings
about
viruses
that
will
physically
destroy
your
computer
are
usually
hoaxes,
not
legitimate
virus
warnings.
[Top]
What
is
the
connection
between
viruses
and
Emails?
Emails
are
the
number
one
sources
of
virus
infection
throughout
the
world.
You
also
probably
receive
lots
of
mail
each
day,
much
of
it
unsolicited
and
containing
unfamiliar
but
plausible
return
addresses.
Some
of
this
mail
uses
social
engineering
to
tell
you
of
a
contest
that
you
may
have
won
or
the
details
of
a
product
that
you
might
like.
The
senders
are
trying
to
encourage
you
to
open
the
letter,
read
its
contents,
and
interact
with
them
in
some
way
that
is
financially
beneficial
-
to
them.
Even
today,
many
of
us
open
letters
to
learn
what
we've
won
or
what
fantastic
deal
awaits
us.
Since
there
are
few
consequences,
there's
no
harm
in
opening
them.
Email-borne
viruses
and
worms
operate
much
the
same
way,
except
there
are
consequences,
sometimes
significant
ones.
Malicious
email
often
contains
a
return
address
of
someone
we
know
and
often
has
a
provocative
Subject
line.
This
is
social
engineering
at
its
finest
–
something
we
want
to
read
from
someone
we
know.
You
have
to
watch
out
for
are
encoded
messages
containing
embedded
executable
code
(i.e.,
JavaScript
in
an
HTML
message)
or
messages
that
include
an
executable
file
attachment
(i.e.,
an
encoded
program
file
or
a
Word
document
containing
macros).
In
order
to
activate
a
virus
or
Trojan
horse
program,
your
computer
has
to
execute
some
type
of
code.
This
could
be
a
program
attached
to
an
E-mail,
a
Word
document
you
downloaded
from
the
Internet,
or
something
received
on
a
floppy
disk.
[Top]
What
can
I
do
to
reduce
the
chance
of
getting
viruses
from
E-mail?
Email
viruses
and
worms
are
common.
If
you've
not
received
one,
chances
are
you
will.
Here
are
steps
you
can
use
to
help
you
decide
what
to
do
with
every
email
message
with
an
attachment
that
you
receive.
You
should
only
read
a
message
that
passes
all
of
these
tests.
1.
The
Know
test:
Is
the
email
from
someone
that
you
know?
2.
The
Received
test:
Have
you
received
email
from
this
sender
before?
3.
The
Expect
test:
Were
you
expecting
email
with
an
attachment
from
this
sender?
4.
The
Sense
test:
Does
email
from
the
sender
with
the
contents
as
described
in
the
Subject
line
and
the
name
of
the
attachment(s)
make
sense?
For
example,
would
you
expect
the
sender
–
let's
say
your
Mother
–
to
send
you
an
email
message
with
the
Subject
line
"Here
you
have,
;o)"
that
contains
a
message
with
attachment
–
let's
say
AnnaKournikova.jpg.vbs?
A
message
like
that
probably
doesn't
make
sense.
In
fact,
it
happens
to
be
an
instance
of
the
Anna
Kournikova
worm,
and
reading
it
can
damage
your
system.
5.
The
Virus
test:
Does
this
email
contain
a
virus?
To
determine
this,
you
need
to
install
and
use
an
anti-virus
program.
You
should
apply
these
five
tests
–
KRESV
–
to
every
piece
of
email
with
an
attachment
that
you
receive.
If
any
test
fails,
toss
that
email.
If
they
all
pass,
then
you
still
need
to
exercise
care
and
watch
for
unexpected
results
as
you
read
it.
[Top]
Can
I
get
a
virus
just
by
reading
email?
You
don’t
have
to
open
an
attachment
to
become
infected
via
email.
Just
viewing
your
mail
is
a
risk.
Some
viruses,
such
as
Kakworm
and
Bubbleboy,
can
infect
users
as
soon
as
they
read
email.
They
look
like
any
other
message
but
contain
a
hidden
script
that
runs
as
soon
as
you
open
the
email,
or
even
look
at
it
in
the
preview
pane
(as
long
as
you
are
using
Outlook
with
the
right
version
of
Internet
Explorer).
This
script
can
change
system
settings
and
send
the
virus
to
other
users
via
email.
Microsoft
issue
patches
that
eliminate
this
security
weakness
and
others
like
it.
To
find
out
which
patches
you
need,
visit
windowsupdate.microsoft.com
To
keep
informed
about
future
patches,
you
can
subscribe
to
a
mailing
list
at
http://www.microsoft.com/technet/security/bulletin/notify.mspx
[Top]
Some
general
tips
on
avoiding
virus
infections:
| 1 |
Install
Anti-Virus
software
from
a
well
known,
reputable
company,
UPDATE
it
regularly,
and
USE
it
regularly.
New
viruses
come
out
every
single
day;
an
Anti-Virus
program
that
hasn't
been
updated
for
several
months
will
not
provide
much
protection
against
current
viruses.
|
| 2 |
In
addition
to
scanning
for
viruses
on
a
regular
basis,
install
an
'on
access'
scanner
(included
in
most
good
Anti
Virus
software
packages)
and
configure
it
to
start
automatically
each
time
you
boot
your
system.
This
will
protect
your
system
by
checking
for
viruses
each
time
your
computer
accesses
an
executable
file.
|
| 3 |
Anti-virus
programs
aren't
very
good
at
detecting
Trojan
horse
programs,
so
be
extremely
careful
about
opening
binary
files
and
Word/Excel
documents
from
unknown
or
'dubious'
sources.
This
includes
posts
in
binary
newsgroups,
downloads
from
web/ftp
sites
that
aren't
well
known
or
don't
have
a
good
reputation,
and
executable
files
unexpectedly
received
as
attachments
to
E-mail
or
during
an
on-line
chat
session.
|
| 4 |
If
your
E-mail
or
news
software
has
the
ability
to
automatically
execute
JavaScript,
Word
macros,
or
other
executable
code
contained
in
or
attached
to
a
message,
we
strongly
recommend
that
you
disable
this
feature.
|
| 5 |
Exercise
caution
when
downloading
files
from
the
Internet.
Ensure
that
the
source
is
a
legitimate
and
reputable
one.
Verify
that
an
anti-virus
program
checks
the
files
on
the
download
site.
If
you're
uncertain,
don't
download
the
file
at
all
or
download
the
file
to
a
floppy
and
test
it
with
your
own
anti-virus
software.
|
| 6 |
Be
extremely
careful
about
accepting
programs
or
other
files
during
on-line
chat
sessions:
this
seems
to
be
one
of
the
more
common
means
that
people
wind
up
with
virus
or
Trojan
horse
problems.
And
if
any
other
family
members
(especially
younger
ones)
use
the
computer,
make
sure
they
know
not
to
accept
any
files
while
using
chat.
|
| 7 |
Do
regular
backups.
Some
viruses
and
Trojan
horse
programs
will
erase
or
corrupt
files
on
your
hard
drive,
and
a
recent
backup
may
be
the
only
way
to
recover
your
data.
Ideally,
you
should
back
up
your
entire
system
on
a
regular
basis.
If
this
isn't
practical,
at
least
backup
files
that
you
can't
afford
to
lose
or
that
would
be
difficult
to
replace:
documents,
bookmark
files,
address
books,
important
E-mail,
etc.
|
| 8 |
When
in
doubt,
always
err
on
the
side
of
caution
and
do
not
open,
download,
or
execute
any
files
or
email
attachments.
Not
executing
is
the
more
important
of
these
caveats.
Check
with
your
product
vendors
for
updates
which
include
those
for
your
operating
system
web
browser,
and
email.
One
example
is
the
security
site
section
of
Microsoft
located
at
http://www.microsoft.com/security
|
[Top]
Dealing
with
Virus
Infections:
| 1 |
If
you
haven't
used
a
good,
up-to-date
Anti-virus
program
on
your
computer,
do
that
first.
Many
problems
blamed
on
viruses
are
actually
caused
by
software
configuration
errors
or
other
problems
that
have
nothing
to
do
with
a
virus.
|
| 2 |
If
your
computer
does
get
infected
by
a
virus,
follow
the
directions
in
your
anti-virus
program
for
cleaning
it.
If
you
have
backup
copies
of
the
infected
files,
use
those
to
restore
the
files.
Check
the
files
you
restore
to
make
sure
your
backups
weren't
infected.
|
| 3 |
For
assistance,
check
the
web
site
and
support
services
for
your
anti-virus
software.
|
[Top]
Helpful
Links
Please
follow
the
links
below
for
more
information
about
Latest
Virus
Threats,
Security
Advises,
Virus
Definitions
and
Removal
Tools
:
[Top]
Top
Virus
List
(Last
updated:
Wednesday,
Aug
20,
2004)
- Trivial.818
- W32.Beagle.AP@mm
- W32.Neveg.B@mm
- X97M.Ainesey.B
- WSteal.Bancos.K
- WSteal.Bancos.J
- W32.Lovgate.AN@mm
- W32.Amus.A@mm
- Backdoor.Brador.A
- W32.Myfip.A
Source:
Compiled
from
various
sources.
|
