Viruses are the most widely known security threats,
because they often garner extensive press coverage.
Computer viruses are defined as a set of instructions
that attaches itself to other computer programs,
usually in the computer’s operating system.
Viruses are written by devious programmers and
are designed to replicate themselves and infect
computers when triggered by a specific event.
In most cases, the corrupted programs continue
to perform their intended functions, but surreptitiously
execute the virus’ instructions as well.
A virus is usually designed to execute when
it is loaded into the computer’s memory.
Upon execution, the virus instructs its host
program to copy the viral code into, or “infect,”
any number of other programs and files stored
in the computer. The infection can then transfer
itself to files and code itself on other computers
through magnetic disks or other memory-storage
devices, computer networks, or online systems.
There are different types of viruses and their
Boot Sector Viruses
Overwrite the original boot sector of the disk
(which contains code that is executed when the
system is booted) with its own code so that
the virus is always loaded into memory before
anything else. Every time you start your computer,
the virus is run. Once in memory, the virus
can make your startup disk unusable, or can
spread to other disks.
Master Boot Sector Viruses
Overwrite the master boot sector of the disk
(partition table). These viruses are difficult
to detect because many disk examination tools
do not let you see the partition sector, which
is the first sector on a hard drive.
Written in the macro language of specific computer
programs, such as a word processor or spreadsheet.
Macro viruses infect files (not the boot sector
or partition table), and can become memory resident
when executed. They can be run when a program
document is accessed, or triggered by user actions,
such as certain keystrokes or menu choices.
Macro viruses can be stored in files with any
extension and are spread through file transfers,
Attach themselves to (or replace) *.COM and
*.EXE files, although in some cases, they can
infect files with .SYS, .DRV, .BIN, .OVL and
.OVY extensions. The most common file viruses
are resident viruses, which reside in the memory
of your computer at the time the first copy
is run, and take clandestine control of the
computer. Such viruses commonly infect additional
programs as you run them. However, there are
many non-resident viruses, too, which simply
infect one or more files whenever an infected
file is run. These viruses often change the
file attribute information and the file size,
time, and date information.
Combine the characteristics of memory resident,
file, and boot sector viruses.
Similar to viruses in that they make copies
of themselves, but different, in that they do
not need to attach to particular files or sectors
at all. Once a worm is executed, it seeks other
systems, rather than parts of systems, to infect,
then copies its code to them.
Hides the modifications it has made in the file
or boot record. Usually by monitoring the system
functions used by programs to read files or
physical blocks from storage media, and forging
the results of such system functions so that
programs which try to read these areas see the
original uninfected form of the file instead
of the actual infected form. However, in order
to do this, the virus must be resident in memory
when the antivirus program is executed.
Produces varied (yet fully operational) copies
of itself, in the hope that virus scanners will
not be able to detect all instances of the virus.
A program that performs some unexpected or unauthorized,
(usually malicious) actions, such as
displaying messages, erasing files, or formatting
a disk. A Trojan horse doesn’t infect
other host files.
Written in script programming languages, such
of Microsoft’s Windows Scripting Host
(WHS) to activate themselves and infect other
files. Since WHS is available on Windows 98
and Windows 2000, the viruses can be activated
simply by double clicking the *.vbs or *.js
file from the Windows Explorer.
Trigger condition or date
Indicates the condition or date on which the
virus’ payload will be triggered. Please
note that date-activated viruses may infect
your computer 365 days a year. Also, your computer
may be infected by these viruses prior to the
Web sites have come alive through the development
of such software applications as ActiveX and
Java Applets. These devices enable animation
and other special effects to run, making Web
sites more attractive and interactive. However,
the ease with which these applications can be
downloaded and run has provided a new vehicle
for inflicting damage. A vandal is a software
application or applet that causes destruction
of varying degrees. A vandal can destroy just
a single file or a major portion of a computer
Innumerable types of network attacks have been
documented, and they are commonly classified
in three general categories: reconnaissance
attacks, access attacks, and denial of service
• Reconnaissance attacks are essentially
information gathering activities by which hackers
collect data that is used to later compromise
networks. Usually, software tools, such as sniffers
and scanners, are used to map out network resources
and exploit potential weaknesses in the targeted
networks, hosts, and applications. For example,
software exists that is specifically designed
to crack passwords. Such software was created
for network administrators to assist employees
who have forgotten their passwords or to determine
the passwords of employees who have left the
company without telling anyone what their passwords
were. Placed in the wrong hands, however, this
software can become a very dangerous weapon
• Access attacks are conducted to exploit
vulnerabilities in such network areas as authentication
services and File Transfer Protocol (FTP) functionality
in order to gain entry to e-mail accounts, databases,
and other confidential information
• DoS attacks prevent access to part or
all of a computer system. They are usually achieved
by sending large amounts of jumbled or otherwise
unmanageable data to a machine that is connected
to a corporate network or the Internet, blocking
legitimate traffic from getting through. Even
more malicious is a Distributed Denial of Service
attack (DDoS) in which the attacker compromises
multiple machines or hosts
Data transmitted via any type of network can
be subject to interception by unauthorized parties.
The perpetrators might eavesdrop on communications
or even alter the data packets being transmitted.
Perpetrators can use various methods to intercept
the data. IP spoofing, for example, entails
posing as an authorized party in the data transmission
by using the Internet Protocol (IP) address
of one of the data recipients.
Social engineering is the increasingly prevalent
act of obtaining confidential network security
information through non-technical means. For
example, a social engineer might pose as a technical
support representative and make calls to employees
to gather password information. Other examples
of social engineering include bribing a coworker
to gain access to a server or searching a colleague’s
office to find a password that has been written
in a hidden spot.
Spam is the commonly used term for unsolicited
electronic mail or the action of broadcasting
unsolicited advertising messages via e-mail.
Spam is usually harmless, but it can be a nuisance,
taking up the recipient’s time and storage