A virus is a program written with malicious intent and sent by attackers. The virus is transferred to another computer through email, file transfers, and instant messaging. The virus hides by attaching itself to computer code, software, or documents on the computer. When the file is accessed, the virus executes and infects the computer. A virus has the potential to corrupt or even delete files on your computer, use your email to spread itself to other computers, prevent the computer from booting, cause applications to not load or operate correctly, or even erase your entire hard drive. If the virus is spread to other computers, those computers could continue to spread the virus.
Some viruses can be exceptionally dangerous. One of the most damaging types of virus is used to record keystrokes. Attackers can use these viruses to harvest sensitive information, such as passwords and credit card numbers. The virus sends the data that it collects back to the attacker. Viruses can also alter or destroy information on a computer. Stealth viruses can infect a computer and lay dormant until summoned by the attacker.
A worm is a self-replicating program that is harmful to networks. A worm uses the network to duplicate its code to the hosts on a network, often without user intervention. A worm is different from a virus because it does not need to attach to a program to infect a host. Worms typically spread by automatically exploiting known vulnerabilities in legitimate software.
A Trojan is malicious software that is disguised as a legitimate program. A Trojan threat is hidden in software that appears to do one thing, but behind the scenes it does another. The Trojan program can reproduce like a virus and spread to other computers. Computer data damage, exposed login information, and production loss could be significant. A technician might be needed to perform repairs, and employees might lose or have to replace data. An infected computer could be sending critical data to competitors, while at the same time infecting other computers on the network.
Virus Protection Software
Virus protection software, also known as antivirus software, is designed to detect, disable, and remove viruses, worms, and Trojans before they infect a computer. However, antivirus software becomes outdated quickly, and it is the responsibility of the technician to apply the most recent updates, patches, and virus definitions as part of a regular maintenance schedule. Many organizations establish a written security policy stating that employees are not permitted to install any software that is not provided by the company. Organizations also make employees aware of the dangers of opening email attachments that may contain a virus or a worm.
A rootkit is a malicious program that gains full access to a computer system. Often, a direct attack on a system using a known vulnerability or password is used to gain Administrator-account level access. Because the rootkit has this privileged access, the program is able to hide the files, registry edits, and folders that it uses from detection by typical virus or spyware programs. It is very difficult to detect the presence of a rootkit because it has the rights to control and modify security programs that may otherwise be able to detect a malicious software installation. Special rootkit removal software can be used to remove some rootkits, but sometimes a re-installation of the operating system is necessary to ensure that the rootkit is completely removed.
NOTE: Do not assume that email attachments are safe, even when they are sent from a trusted contact. The sender’s computer may be infected by a virus that is trying to spread itself. Always scan email attachments before opening them.