Documente Academic
Documente Profesional
Documente Cultură
Examples of common human diseases caused by viruses include the common cold,
influenza, chickenpox, diarrhea and cold sores. Serious diseases such as Ebola, AIDS,
avian influenza and SARS are caused by viruses. The relative ability of viruses to
cause disease is described in terms of virulence. Viruses have different mechanisms
by which they produce disease in an organism, which largely depends on the species.
Mechanisms at the cellular level primarily include cell lysis, the breaking open and
subsequent death of the cell. In multicellular organisms, if enough cells die the whole
organism will start to suffer the effects. Although viruses cause disruption of healthy
homeostasis, resulting in disease, they may exist relatively harmlessly within an
organism. An example would include the ability of the herpes simplex virus, which
cause cold sores, to remain in a dormant state within the human body. This is called
latency, and is a characteristic of the herpes viruses including the Epstein-Barr virus,
which causes glandular fever, and the Varicella zoster virus, which causes chicken
pox. Latent chickenpox infections return in later life as the disease called shingles.
Some viruses can cause life-long or chronic infections, where the viruses continue to
replicate in the body despite the hosts' defense mechanisms, for examples the
infections by HIV and hepatitis C virus. Viral infections in human and animal hosts
usually result in an immune response and disease. Often, a virus is completely
eliminated by the immune system. Antibiotics have no effect on viruses, but antiviral
drugs have been developed to treat life-threatening infections. Vaccines that produce
lifelong immunity can prevent viral infections.
Biologists debate whether or not viruses are living organisms. Some consider them
non-living as they do not meet all the criteria used in the common definitions of life.
For example, unlike most organisms, viruses do not have cells. However, viruses have
genes and evolve by natural selection. Others have described them as organisms at
the edge of life.
List of viruses
Enteric Adenoviruses
ProxVirus
Computer virus
A computer virus is a computer program that can copy itself and infect a computer
without permission or knowledge of the user. The term "virus" is also commonly used,
albeit erroneously, to refer to many different types of malware and adware programs.
The original virus may modify the copies, or the copies may modify themselves, as
occurs in a metamorphic virus. A virus can only spread from one computer to another
when its host is taken to the uninfected computer, for instance by a user sending it
over a network or the Internet, or by carrying it on a removable medium such as a
floppy disk, CD, or USB drive. Meanwhile viruses can spread to other computers by
infecting files on a network file system or a file system that is accessed by another
computer. Viruses are sometimes confused with computer worms and Trojan horses.
A worm can spread itself to other computers without needing to be transferred as
part of a host, and a Trojan horse is a file that appears harmless. Worms and Trojans
may cause harm to either a computer system's hosted data, functional performance,
or networking throughput, when executed. In general, a worm does not actually harm
either the system's hardware or software, while at least in theory, a Trojan's payload
may be capable of almost any type of harm if executed. Some can't be seen when the
program is not running, but as soon as the infected code is run, the Trojan horse
kicks in. That is why it is so hard for people to find viruses and other malware
themselves and why they have to use spyware programs and registry processors.
Most personal computers are now connected to the Internet and to local area
networks, facilitating the spread of malicious code. Today's viruses may also take
advantage of network services such as the World Wide Web, e-mail, Instant
Messaging and file sharing systems to spread, blurring the line between viruses and
worms. Furthermore, some sources use an alternative terminology in which a virus is
any form of self-replicating malware.
1999
The Melissa virus, W97M/Melissa, executes a macro in a document attached to
an email, which forwards the document to 50 people in the user's Outlook
address book. The virus also infects other Word documents and subsequently
mails them out as attachments. Melissa spread faster than any previous virus,
infecting an estimated 1 million PCs.
Bubble Boy is the first worm that does not depend on the recipient opening an
attachment in order for infection to occur. As soon as the user opens the email,
Bubble Boy sets to work.
Tristate is the first multi-program macro virus; it infects Word, Excel, and
PowerPoint files.
2000
The Love Bug, also known as the ILOVEYOU virus, sends itself out via Outlook,
much like Melissa. The virus comes as a VBS attachment and deletes files,
including MP3, MP2, and .JPG. It also sends usernames and passwords to the
virus's author.
W97M.Resume.A, a new variation of the Melissa virus, is determined to be in
the wild. The “resume” virus acts much like Melissa, using a Word macro to
infect Outlook and spread itself.
The “Stages” virus, disguised as a joke email about the stages of life, spreads
across the Internet. Unlike most previous viruses, Stages is hidden in an
attachment with a false “.txt” extension, making it easier to lure recipients into
opening it. Until now, it has generally been safe to assume that text files are
safe.
“Distributed denial-of-service” attacks by hackers knock Yahoo, eBay, Amazon,
and other high profile web sites offline for several hours.
2001
Shortly after the September 11th attacks, the Nimda virus infects hundreds of
thousands of computers in the world. The virus is one of the most sophisticated
to date with as many as five different methods of replicating and infecting
systems. The “Anna Kournikova” virus, which mails itself to persons listed in the
victim's Microsoft Outlook address book, worries analysts who believe the
relatively harmless virus was written with a “tool kit” that would allow even the
most inexperienced programmers to create viruses. Worms increase in
prevalence with Sircam, CodeRed, and BadTrans creating the most problems.
Sircam spreads personal documents over the Internet through email. CodeRed
attacks vulnerable webpages, and was expected to eventually reroute its attack
to the White House homepage. It infected approximately 359,000 hosts in the
first twelve hours. BadTrans is designed to capture passwords and credit card
information.
2002
Author of the Melissa virus, David L. Smith, is sentenced to 20 months in
federal prison. The LFM-926 virus appears in early January, displaying the
message “Loading.Flash.Movie” as it infects Shockwave Flash (.swf) files.
Celebrity named viruses continue with the “Shakira,” “Britney Spears,” and
“Jennifer Lopez” viruses emerging. The Klez worm, an example of the
increasing trend of worms that spread through email, overwrites files (its
payload fills files with zeroes), creates hidden copies of the originals, and
attempts to disable common anti-virus products. The Bugbear worm also makes
it first appearance in September. It is a complex worm with many methods of
infecting systems.
2003
In January the relatively benign “Slammer” (Sapphire) worm becomes the
fastest spreading worm to date, infecting 75,000 computers in approximately
ten minutes, doubling its numbers every 8.5 seconds in its first minute of
infection. The Sobig worm becomes the one of the first to join the spam
community. Infected computer systems have the potential to become spam
relay points and spamming techniques are used to mass-mail copies of the
worm to potential victims.
2004
In January a computer worm, called MyDoom or Novarg, spreads through
emails and file-sharing software faster than any previous virus or worm.
MyDoom entices email recipients to open an attachment that allows hackers to
access the hard drive of the infected computer. The intended goal is a “denial of
service attack” on the SCO Group, a company that is suing various groups for
using an open-source version of its Unix programming language. SCO offers a
$250,000 reward to anyone giving information that leads to the arrest and
conviction of the people who wrote the worm.
An estimated one million computers running Windows are affected by the fast-
spreading Sasser computer worm in May. Victims include businesses, such as
British Airways, banks, and government offices, including Britain's Coast Guard.
The worm does not cause irreparable harm to computers or data, but it does
slow computers and cause some to quit or reboot without explanation. The
Sasser worm is different than other viruses in that users do not have to open a
file attachment to be affected by it. Instead, the worm seeks out computers
with a security flaw and then sabotages them. An 18-year-old German high
school student confessed to creating the worm. He's suspected of releasing
another version of the virus.
Virus Origins
Computer viruses are called viruses because they share some of the traits of
biological viruses. A computer virus passes from computer to computer like a
biological virus passes from person to person.
Unlike a cell, a virus has no way to reproduce by itself. Instead, a biological virus
must inject its DNA into a cell. The viral DNA then uses the cell's existing machinery
to reproduce itself. In some cases, the cell fills with new viral particles until it bursts,
releasing the virus. In other cases, the new virus particles bud off the cell one at a
time, and the cell remains alive.
A computer virus shares some of these traits. A computer virus must piggyback on
top of some other program or document in order to launch. Once it is running, it can
infect other programs or documents. Obviously, the analogy between computer and
biological viruses stretches things a bit, but there are enough similarities that the
name sticks.
Virus History
Traditional computer viruses were first widely seen in the late 1980s, and they came
about because of several factors. The first factor was the spread of personal
computers (PCs). Prior to the 1980s, home computers were nearly non-existent or
they were toys. Real computers were rare, and they were locked away for use by
"experts." During the 1980s, real computers started to spread to businesses and
homes because of the popularity of the IBM PC (released in 1982) and the Apple
Macintosh (released in 1984). By the late 1980s, PCs were widespread in businesses,
homes and college campuses.
Virus Evolution
As virus creators became more sophisticated, they learned new tricks. One important
trick was the ability to load viruses into memory so they could keep running in the
background as long as the computer remained on. This gave viruses a much more
effective way to replicate themselves. Another trick was the ability to infect the boot
sector on floppy disks and hard disks. The boot sector is a small program that is the
first part of the operating system that the computer loads. It contains a tiny program
that tells the computer how to load the rest of the operating system. By putting its
code in the boot sector, a virus can guarantee it is executed. It can load itself into
memory immediately and run whenever the computer is on. Boot sector viruses can
infect the boot sector of any floppy disk inserted in the machine, and on college
campuses, where lots of people share machines, they could spread like wildfire.
In general, neither executable nor boot sector viruses are very threatening any
longer. The first reason for the decline has been the huge size of today's programs.
Nearly every program you buy today comes on a compact disc. Compact discs
(CDs) cannot be modified, and that makes viral infection of a CD unlikely, unless the
manufacturer permits a virus to be burned onto the CD during production. The
programs are so big that the only easy way to move them around is to buy the CD.
People certainly can't carry applications around on floppy disks like they did in the
1980s, when floppies full of programs were traded like baseball cards. Boot sector
viruses have also declined because operating systems now protect the boot sector.
Infection from boot sector viruses and executable viruses is still possible. Even so, it
is a lot harder, and these viruses don't spread nearly as quickly as they once did. Call
it "shrinking habitat," if you want to use a biological analogy. The environment of
floppy disks, small programs and weak operating systems made these viruses
possible in the 1980s, but that environmental niche has been largely eliminated by
huge executables, unchangeable CDs and better operating system safeguards.
• You should make sure that Macro Virus Protection is enabled in all
Microsoft applications, and you should NEVER run macros in a document
unless you know what they do. There is seldom a good reason to add
macros to a document, so avoiding all macros is a great policy.
The Computer Virus & Unauthorized Computer Access Countermeasures Group (VUAC)
receives reports about detections and damage caused by intrusive computer viruses. The
VUAC operates Anti-Computer-Virus Committee, whose members are representatives from
associations of IT industries and academies.
They analyze the accumulated incident reports and endeavor in devising countermeasures.
The results of their investigations as well as recommendations are publicized monthly
through the media such as newspapers and magazines.
In 2002, 20,352 reports were submitted to IPA, and the number decreased slightly
compared from 2001 having 24,261 reports. W32/Klez had the worst number
reported for 9 consecutive months, having 9,648 reports (approximately 50% of
total), which made a single virus to have the worst number of reports ever for a
year. This was followed by W32/Badtrans having 3,336 reports and W32/Hybris having
870 reports.
For more information, please refer to "Computer Virus Detection Incident Reports in 2002"
In December, 1,135 reports were submitted to IPA (November: 1,408 reports). The top
number of viruses reported were W32/Klez having 465 reports with new variants
having subjects such as "Happy Christmas" and "Happy New year", W32/Bugbear
having 133 reports, and W32/Opaserv and VBS/Redlof, having 67 reports.
In addition, an alert was announced for a massive spread of virus mail during the year
change period since there was a concern, but there was no serious viral damage.
*Infected computer will record the virus program in the body of the sending e-mail
, hence spreads the infection.
*Infects HTML and other files on the computer, and when the infected file is uploaded on
the web page without noticing this, infection will spread to people who browse the
web page.
Especially, there are more cases where one gets infected through browsing a web page,
so caution is necessary.
There are various ways for virus infection to happen. The most common type is obtained
through attached file on the e-mail, such as W32/Klez and W32/Bugbear. But there
are infections obtained from browsing a web page, such as W32/Nimda and
VBS/Redlof, and infections obtained from shared network, such as W32/Opaserv.
The pie charts show the result of analysis of the computer virus damage cases reported in
2001.
ISEC hosts Information security seminars all over Japan in every year. In 2001, 13
seminars were held from Hokkaido to Okinawa, in which computer virus countermeasures,
and unauthorized computer access countermeasures.
The VUAC conducts the following activities to promote computer virus prevention
measures.
= Help Desk (Tel, Fax,E-mail)
= Exhibition at computer-related shows
= Distribution of anti-virus brochures and CD-ROMs
= Anti-virus WEB site
= Anti-virus articles on magazines and papers
= Information exchange with anti-virus software vendors
The VUAC conducts a questionnaire survey to estimate the actual status of damage due to
computer virus in Japan.
Investigation of number of damaged bodies
1995 1996 1997 1998 1999 2000
Resident Viruses
This type of virus is a permanent which dwells in the RAM memory. From there it can
overcome and interrupt all of the operations executed by the system: corrupting files
and programs that are opened, closed, copied, renamed etc.
Overwrite Viruses
Virus of this kind is characterized by the fact that it deletes the information contained
in the files that it infects, rendering them partially or totally useless once they have
been infected.
The only way to clean a file infected by an overwrite virus is to delete the file
completely, thus losing the original content.
Boot Virus
This type of virus affects the boot sector of a floppy or hard disk. This is a crucial part
of a disk, in which information on the disk itself is stored together with a program
that makes it possible to boot (start) the computer from the disk.
The best way of avoiding boot viruses is to ensure that floppy disks are write-
protected and never start your computer with an unknown floppy disk in the disk
drive.
Macro Virus
Macro viruses infect files that are created using certain applications or programs that
contain macros. These mini-programs make it possible to automate series of
operations so that they are performed as a single action, thereby saving the user
from having to carry them out one by one.
Directory Virus
Directory viruses change the paths that indicate the location of a file. By executing a
program (file with the extension .EXE or .COM) which has been infected by a virus,
you are unknowingly running the virus program, while the original file and program
have been previously moved by the virus.
This makes it impossible for anti-viruses to find them using string or signature
searches (because they are different in each encryption) and also enables them to
create a large number of copies of themselves.
File Infectors
This type of virus infects programs or executable files (files with an .EXE or .COM
extension). When one of these programs is run, directly or indirectly, the virus is
activated, producing the damaging effects it is programmed to carry out. The majority
of existing viruses belong to this category, and can be classified depending on the
actions that they carry out.
Companion Viruses
Companion viruses can be considered file infector viruses like resident or direct action
types. They are known as companion viruses because once they get into the system
they "accompany" the other files that already exist. In other words, in order to carry
out their infection routines, companion viruses can wait in memory until a program is
run (resident viruses) or act immediately by making copies of themselves (direct
action viruses).
FAT Virus
The file allocation table or FAT is the part of a disk used to connect information and is
a vital part of the normal functioning of the computer.
This type of virus attack can be especially dangerous, by preventing access to certain
sections of the disk where important files are stored. Damage caused can result in
information losses from individual files or even entire directories.
Worms
A worm is a program very similar to a virus; it has the ability to self-replicate, and
can lead to negative effects on your system and most importantly they are detected
and eliminated by antiviruses.
Logic Bombs
They are not considered viruses because they do not replicate. They are not even
programs in their own right but rather camouflaged segments of other programs.
Their objective is to destroy data on the computer once certain conditions have been
met. Logic bombs go undetected until launched, and the results can be destructive.
Antivirus
Antivirus software are computer programs that attempt to identify, neutralize or
eliminate malicious software. The term "antivirus" is used because the earliest
examples were designed exclusively to combat computer viruses; however most
modern antivirus software is now designed to combat a wide range of threats,
including worms, phishing attacks, rootkits, trojan horses and other malware.
Antivirus software typically uses two different approaches to accomplish this:
The second approach is called heuristic analysis. Such analysis may include data
captures, port monitoring and other methods.
Most commercial antivirus software uses both of these approaches, with an emphasis
on the virus dictionary approach. Although some people consider network firewalls to
be a type of antivirus software, this categorization is not correct
In the virus dictionary approach, when the antivirus software looks at a file, it refers
to a dictionary of known viruses that the authors of the antivirus software have
identified. If a piece of code in the file matches any virus identified in the dictionary,
then the antivirus software can take one of the following actions:
1. attempt to repair the file by removing the virus itself from the file,
2. quarantine the file (such that the file remains inaccessible to other programs
and its virus can no longer spread), or
3. delete the infected file.
To achieve consistent success in the medium and long term, the virus dictionary
approach requires periodic (generally online) downloads of updated virus dictionary
entries. As civically-minded and technically-inclined users identify new viruses "in the
wild", they can send their infected files to the authors of antivirus software, who then
include information about the new viruses in their dictionaries.
Proprietary
• eScan AntiVirus
• ArcaVir by arcabit.com
• avast!
• Avira
• AVG Anti-Virus
• BitDefender
• BullGuard
• CA Anti-Virus
• Cisco Security Agent
• Dr.Web
• DriveSentry (antivirus, antispyware and HIPS technologies)
• eSafe
• Fortinet FortiClient End Point Security
• F-PROT
• F-Secure
• G DATA AntiVirus
• IKARUS antivirus
• INCA Internet
• Kaspersky Anti-Virus
• LinuxShield
• McAfee VirusScan
• Mks vir
• NOD32
• Norman ASA
• Norton AntiVirus
• Panda Security
• PC Tools AntiVirus
• Rising AntiVirus
• Sophos Anti-Virus
• Trend Micro Internet Security
• TrustPort Antivirus -AEC
• Vba32 AntiVirus
• Virus Chaser
• Windows Live OneCare
• ZoneAlarm
Freeware
Open
• Clam AntiVirus
• ClamWin
• OpenAntiVirus
• Winpooch
• Untangle
Abandonware
Comparisons
on- on- Signature Signature False Proactiv
Anti-Virus Windows Mac OS Linux FreeBSD Unix License
demand access Detection Detection Positives Detectio
Software X
scan scan count[1] %[1] [1]
(HIPS)
Avira AntiVir
Personal -
Yes No Yes Yes Yes Freeware Yes Yes 1,020,627 99.6% 1 Good
Free
Antivirus
Avira AntiVir Proprietary
Yes No Yes Yes Yes Yes Yes 1,020,627 99.6% 1 Good
Premium (commercial)
AOL Active
Yes No No No No Freeware Yes Yes
Virus Shield
Proprietary
Avast! Yes Yes Yes No No Yes Yes 1,018,204 99.4% 2 Satisfacto
(commercial)
Freeware
Avast! Home Yes Yes Yes No No Yes Yes 1,018,204 99.4% 2 Satisfacto
(commercial)
AVG Anti- Proprietary
Yes No Yes Yes No Yes Yes 1,005,006 98.1% 1 Satisfacto
Virus (commercial)
Freeware
AVG Anti-
Yes No Yes No No (commercial) Yes Yes 1,005,006 98.1% 1 Satisfacto
Virus Free
(Nagware)
AVK 2008 Proprietary
Yes No No No No Yes Yes 1,022,418 99.8% 2 Good
(G DATA) (Commercial)
Proprietary
BitDefender Yes No Yes Yes No Yes Yes 1,003,902 98.0% 2 Very Goo
(Commercial)
BitDefender Yes (with
Yes No No No No Freeware Yes 1,003,902 98.0% 2 Very Goo
Free Edition Winpooch)
Proprietary
BullGuard Yes No No No No Yes Yes
(Commercial)
see
Clam see see KlamAV
Yes Yes GPL Yes No 791,505 77.3% 3 Poor
AntiVirus ClamWin ClamXav and
ClamTk
Yes (with
ClamWin Yes No No No No GPL Yes 791,505 77.3% 3 Poor
Winpooch)
Command
729,233 71.2% 1 Poor
AntiVirus
Comodo
Yes Freeware Yes Yes
AntiVirus
Dr Web 887,736 86.7% 2 Good
eTrust-VET 566,161 55.3% 0 Poor
Fortinet
FortiClient Proprietary
Yes No No No No Yes Yes 957,558 93.5% >3 Very Goo
End Point (commercial)
Security
F-Prot Yes No Yes Yes Yes Proprietary Yes Yes 1,003,731 96.3% 1 Poor
Yes
Kaspersky Yes (SMB
Yes No No Proprietary Yes Yes 1,003,470 98.0% 2 Good
Anti-Virus (BETA) and
ENT)
McAfee Proprietary
Yes Yes Yes Yes Yes Yes Yes 959,919 93.7% 0 Good
VirusScan (commercial)
Proprietary
Metascan Yes No No Yes Yes Yes Yes
(commercial)
Moon Secure
Yes No No No No GPL Yes Yes
AntiVirus
Proprietary
NOD32 Yes No Yes Yes No Yes Yes 953,936 93.1% 1 Very Goo
(commercial)
Norton
AntiVirus Yes Yes Yes Yes No Proprietary Yes Yes 1,006,849 98.3% 0 Good
(Symantec)
Panda Proprietary
Yes No Yes No No Yes Yes 979,409 95.6% 2 Very Goo
Antivirus (commercial)
PC Tools Proprietary
Yes Yes No No No Yes Yes
AntiVirus (commercial)
Protector Proprietary
Yes No No No No Yes Yes
Plus (commercial)
Sophos Anti-
Yes Yes Yes Yes Yes Proprietary Yes Yes 1,001,655 97.8% 1 Very Goo
Virus
Signature
on- on- Signature Proactiv
Anti-Virus Mac OS Detection False
Windows Linux FreeBSD Unix License demand access Detection Detectio
Software X on- Positives
scan scan %[1] (HIPS)[
demand
From July 2008 onwards, the Top Twenty will be composed using data generated by
Kaspersky Security Network (KSN), a new technology implemented in the 2009
personal product line. This data not only makes it possible for Kaspersky Lab to get
timely information about threats and to track their evolution, but also makes it
possible for us to detect unknown threats, and roll out that protection to users, as
quickly as possible.
The 2009 personal products haven't been officially launched in all countries, e.g. in
Russian and the USA. The data presented in this report therefore provides an
objective reflection of the threat landscape in the majority of European and Asian
countries. However, in the near future, such reports will include data provided by
users in other countries of the world.
The data received from KSN in July 2008 has been used to compile the following
rankings.
The first is a ranking of the most widespread malicious, advertising, and potentially
unwanted programs. The figures given are a percentage of the number of computers
on which threats were detected.
Position Name
1 Trojan.Win32.DNSChanger.ech
2 Trojan-Downloader.WMA.Wimad.n
3 Trojan.Win32.Monderb.gen
4 Trojan.Win32.Monder.gen
5 not-a-virus:AdWare.Win32.HotBar.ck
6 Trojan.Win32.Monderc.gen
7 not-a-virus:AdWare.Win32.Shopper.v
8 not-a-virus:AdTool.Win32.MyWebSearch.bm
9 Trojan.Win32.Agent.abt
10 Worm.VBS.Autorun.r
11 Trojan.Win32.Agent.rzw
12 Trojan-Downloader.Win32.CWS.fc
13 not-a-virus:AdWare.Win32.Mostofate.cx
14 Trojan-Downloader.JS.Agent.bi
15 Trojan-Downloader.Win32.Agent.xvu
16 not-a-virus:AdWare.Win32.BHO.ca
17 Trojan.Win32.Agent.sav
18 Trojan-Downloader.Win32.Obitel.a
19 Trojan.Win32.Chifrax.a
20 Trojan.Win32.Agent.tfc
As the rating is only compiled using data received during the course of a single
month, it's very hard to make any predictions. However, future reports will include
such forecasts.
Clearly, most of the time, victim machines are attacked by a wide range of Trojan
programs.
Overall, in July 2008, there were 20704 unique malicious, advertising, and potentially
unwanted programs detected on users' computers. Our data indicates that out of
these, approximately 20000 of them were found in the wild. The second Top Twenty
provides figures on the most common malicious programs among all infected objects
detected.
Position Name
1 Trojan.Win32.DNSChanger.ech
1 Virus.Win32.Virut.q
2 Worm.Win32.Fujack.ap
3 Net-Worm.Win32.Nimda
4 Virus.Win32.Hidrag.a
5 Virus.Win32.Neshta.a
6 Virus.Win32.Parite.b
7 Virus.Win32.Sality.z
8 Virus.Win32.Alman.b
9 Virus.Win32.Virut.n
10 Virus.Win32.Xorer.du
11 Worm.Win32.Fujack.aa
12 Worm.Win32.Otwycal.g
13 Worm.Win32.Fujack.k
14 Virus.Win32.Parite.a
15 Trojan-Downloader.WMA.GetCodec.d
16 Virus.Win32.Sality.l
17 Virus.Win32.Sality.s
18 Worm.Win32.Viking.ce
19 Worm.VBS.Headtail.a
20 Net-Worm.Win32.Allaple.b
The majority of the programs listed above are able to infect files. The figures given
are interesting as they indicate the spread of threats which need to be disinfected,
rather than simply dealt with by deleting infected objects.
Change
Proactive
Position in Name Percentage
Detection Flag
position
1. 0 Email-Worm.Win32.NetSky.q Trojan.generic 23.12
2. +1 Email-Worm.Win32.NetSky.y Trojan.generic 9.70
3. +2 Email-Worm.Win32.Scano.gen Trojan.generic 9.63
4. +4 Email-Worm.Win32.Nyxem.e Trojan.generic 6.75
5. -3 Email-Worm.Win32.NetSky.d Trojan.generic 6.27
6. Return Email-Worm.Win32.NetSky.x Trojan.generic 4.44
7. -1 Email-Worm.Win32.NetSky.aa Trojan.generic 3.74
8. Return Email-Worm.Win32.NetSky.b Trojan.generic 3.26
9. -5 Email-Worm.Win32.Bagle.gt Trojan.generic 2.75
10. Return Net-Worm.Win32.Mytob.u Worm.P2P.generic 2.60
11. +6 Net-Worm.Win32.Mytob.c Trojan.generic 2.40
12. 0 Email-Worm.Win32.Scano.bn Trojan.generic 2.09
13. Return Email-Worm.Win32.NetSky.r Trojan.generic 1.98
14. +4 Email-Worm.Win32.NetSky.t Trojan.generic 1.94
15. Return Net-Worm.Win32.Mytob.bi Trojan.generic 1.65
16. -5 Email-Worm.Win32.Bagle.gen Trojan.generic 1.39
17. -4 Email-Worm.Win32.Mydoom.l Worm.P2P.generic 1.19
18. Return Net-Worm.Win32.Mytob.t Worm.P2P.generic 1.08
19. -3 Email-Worm.Win32.NetSky.c Trojan.generic 0.97
20. New! Net-Worm.Win32.Mytob.cg Worm.P2P.generic 0.90
Other malicious programs 12.15
The May 2008 Email Top Twenty is a short one; this is explained by the well-known
fact that virus writers take a break over the summer months. The complete absence
of any epidemics in mail traffic, which is obvious from even a cursory glance at this
month's rankings, bears this out.
In fact, the only significant change to the rankings was caused by the re-entry of a
few worms which have been in circulation for several years now.
The Warezov and Zhelatin worms have not reappeared since dropping out of the Top
Twenty back in February. The authors have stopped sending out the executable
components of the worms by email, confining themselves to distributing the code via
links on infected websites.
This does mean that the threat posed by malicious code in email has declined.
However, phishing and spam continue to pose very real threats and have the potential
to create just as big a problem for the end user.
The Top Twenty countries which acted as sources of infected emails in May are shown
below:
Position Change Country Percentage
1 0 USA 21.72
2 +5 Poland 13.18
3 -1 South Korea 7.88
4 -1 Spain 5.85
5 -1 China 5.15
6 0 France 4.07
7 +1 Germany 3.54
8 -1 Brazil 3.49
9 0 United 2.83
Kingdom
10 -2 India 2.82
11 -1 Italy 2.66
12 -1 Isreal 1.80
13 0 Japan 1.66
14 +5 Canada 1.15
15 +2 The 1.07
Netherlands
16 -1 Turkey 1.05
17 -1 Australia 1.03
18 -4 Argentina 1.02
19 +1 Russia 0.99
20 New! Austria 0.91
Other Countries 16.13
Summary
Conclusions
There are lots of viruses in the world and new viruses are coming up every day. There are new anti-
virus programs and techniques developed too. It is good to be aware of viruses and other malware
and it is cheaper to protect you environment from them rather then being sorry.
There might be a virus in your computer if it starts acting differently. There is no reason to panic if
the computer virus is found.
It is good to be a little suspicious of malware when you surf in the Internet and download files. Some
files that look interesting might hide a malware.
A computer virus is a program that reproduces itself and its mission is to spread out. Most viruses are
harmless and some viruses might cause random damage to data files.
A trojan horse is not a virus because it doesn't reproduce. The trojan horses are usually masked so
that they look interesting. There are trojan horses that steal passwords and formats hard disks.
Marco viruses spread from applications which use macros. Macro viruses spreads fast because
people share so much data, email documents and use the Internet to get documents. Macros are also
very easy to write.
Some people want to experiment how to write viruses and test their programming talent. At the same
time they do not understand about the consequences for other people or they simply do not care.
Viruses mission is to hop from program to other and this can happen via floppy disks, Internet FTP
sites, newsgroups and via email attachments. Viruses are mostly written for PC-computers and DOS
environments.
Viruses are not any more something that just programmers and computer specialist have to deal with.
Today everyday users have to deal with viruses.