This page highlights the types of malicious computer programs (MCP's). Please use this as a reference to the Antivirus Software Distribution page, which describes in detail Clemson University's license for antivirus software. If you need additional information about a specific virus, you can go to Trend-Micro's web site. Trend-Micro has an encyclopedia for viruses and hoaxes which is updated frequently.
There are four basic types of MCPs that are prevelent:
Examples: Bagle, MyDoom, Nimda
Computer Viruses are small programs which become imbedded in or "infect" files. Once infected, they either prohibit standard functions or execute functions which are malicious in nature. A virus primarily attacks executables or applications - so if an user runs an infected application, the virus program runs in addition to the normal operation, usually something unwanted. Data files may also be infected, although most traditional viruses require an executable to do damage (see Macro Viruses for exception to that rule).
Examples of virus effects are as follows:
Most viruses have code which allows them to propagate themselves to files on your computer or others. It is "infecting" code that gives the MCP the analogy to the biological viruses. Viruses can infect other computers by infected files being transferred by disks and other removable media, networked servers and unsecured sites on the Internet. They can reside in a computer's memory and lay dormant until a certain time or date.
There are software products, such as Trend-Micro OfficeScan, which provides some protection for most viruses. Note: new viruses are discovered almost daily, these products are as good as their last update. So updating virus protection is essential to remaining protected. If a virus is discovered on a computer, this software performs a "clean" of the virus, where it removes all traces of the virus and attempts to repair problems with the files.
Examples: BugBear, MSBlaster/Lovesan, Sasser
Worms are MCPs which are very similar to viruses and their results can be even more damaging. The difference is they don't alter programs directly, but rather replace a document or application with the worm's code file for a user's data file, and use that code replicates itself over a computer network or file system. They are usually transmitted through a payload which 'tricks" the user into unknowingly activating the worm. Where viruses can for the most part be cleaned, worms often replace files in process to replicate and thus the deleted files are not recoverable.
In May 2000, the Love Bug's payload was initially an email message. Happy.99 and ExploreZip were worms which infected campus computers in the last few years. However worm don';t have to be email-based. In august 2003, MSBlaster/Lovesan worm infected Windows computers which don't have the latest critical patch installed.
Examples: SDBot, Spybot
Trojan Horses are applications which perform malicious actions on a computer. They are named because they typically "disguise" themselves as useful programs in an attempt to trick a user into running them, (See Odyssey and Trojan War). Since they are applications, they are confined to certain platforms and only do harm unless they are executed. Trojan Horses are different from viruses and worms since they don't attempt to replicate on the computer. Some trojan horses can even provide access to the computer or its files to a remote user (BackOrifice) without the computer's owner knowing.
Examples: Concept, W97.Melissa.A
Macros are a set of commands which typically allow a user of a specific application to repeat actions with a key stroke or under conditions (i.e. when you save a file). They are written in Macro languages which can be very extensive, not just allowing the ability to control actions in the application, but also control other applications and the operating system on the computer. Useful macros can save time and effort by making repetitive tasks easier.
Macro Viruses are macros which are written for malicious purposes. Once considered a type of virus and relative minor threat, Macro viruses have grown in number from less than 10 in 1996 to thousands of variations in May 2000. They can have the same results as traditional viruses, depending how powerfully the macro language is. For example, if the Macro language allows a user to write and/or delete files, then a malicious person could write a macro virus to delete all documents.
Although many of early macros viruses affected Microsoft Office applications (Word, Excel and others), these viruses can strike any application with a macro language including some operating systems. Another added problem with macro viruses is since many applications with macro languages are cross platform, these viruses can "travel" from platform to platform; Windows to MacOS computers.
At first, since they are part of the standard format of the Word/Excel document, standard Antivirus software had no ability to find and remove them. Since then, they have been discovered and now many Antivirus applications now scan and remove them.
With so many variants of MCPs on in the Internet, prevention or at least taking prudent steps is important to avoid attacks and infections from worms, viruses, and trojan horses. Here are some steps users can follow to minimize their risk:
Further questions and inquiries can be sent to Customer Support Services via email at ITHELP@clemson.edu.