||ActiveX controls are software
modules based on Microsoft's Component Object Model (COM) architecture.
They add functionality to software applications by seamlessly incorporating
pre-made modules with the basic software package. Modules can be interchanged
but still appear as parts of the original software.
On the Internet, ActiveX controls can be linked to Web pages and downloaded by an ActiveX-compliant browser. ActiveX controls turn Web pages into software pages that perform like any other program launched from a server.
ActiveX controls can have full system access. In most instances this access is legitimate, but one should be cautious of malicious ActiveX applications.
||A sequence of steps needed
to solve logical or mathematical problems.
Certain cryptographic algorithms are used to encrypt or decrypt data files and messages and to sign documents digitally.
attack, disable or infect specific anti-virus software. Also: Retrovirus
||Anti-virus software scans
a computer's memory and disk drives for viruses. If it finds a virus, the
application informs the user and may clean, delete or quarantine any files,
directories or disks affected by the malicious code. Also: Anti-virus Scanner
||Antivirus viruses specifically
look for and remove other viruses.
||Any miniature application
transported over the Internet, especially as an enhancement to a Web page.
Authors often embed applets within the HTML page as a foreign program type.
Java applets are usually only allowed to access certain areas of the user's system. Computer programmers often refer to this area as the sandbox.
||An armored virus tries
to prevent analysts from examining its code. The virus may use various methods
to make tracing, disassembling and reverse engineering its code more difficult.
||American Standard Code
for Information Interchange. Usually refers to coding system that assigns
numerical values to characters such as letter, numbers, punctuation, and
Basic ASCII allows only 7 bits per character (for a total of 128 characters). The first 32 characters are "unprintable" (line feed, form feed, etc.). Extended ASCII adds an additional 128 characters that vary between computers, programs and fonts. Computers use these extra characters for accented letters, graphical characters or other special symbols.
||ASCII files are usually
text files consisting of only ASCII characters. With effort, it is possible
to write program files consisting only of printable characters (See: EICAR
Standard Anti-virus Test File). Windows batch (BAT) files and Visual Basic
Script (See Also: Batch Files, VBS) files are also typically pure text,
and program files.
Because of the danger macro viruses can pose, using ASCII files in e-mail communications may by less risky. While it is possible for ASCII files to contain program code, and thus to contain viruses, ASCII files let you control both content and layout exactly, ensuring your e-mail is legible by the most e-mail programs.
||An attempt to subvert
or bypass a system's security. Attacks may be passive or active. Active
attacks attempt to alter or destroy data. Passive attacks try to intercept
or read data without changing it. See Also: Brute Force Attack, Denial of
Service, Hijacking, Password Attacks, Password Sniffing
to all files and directories. Attributes include: Read Only, Archive, Hidden
||A feature programmers
often build into programs to allow special privileges normally denied to
users of the program. Often programmers build back doors so they can fix
bugs. If hackers or others learn about a back door, the feature may pose
a security risk. Also: Trapdoor.
||Back Orifice is a program
developed and released by The Cult of the Dead Cow (cDc). It is not a virus;
it is a remote administration tool with potential for malicious misuse.
If installed by a hacker, it has the ability to give a remote attacker full
system administrator privileges to your system. It can also 'sniff' passwords
and confidential data and quietly e-mail them to a remote site. Back Orifice
is an extensible program--programmers can change and "enhance"
it over time. See Also: Password Sniffing
||A feature in some anti-virus
software to automatically scan files and documents as they are created,
opened, closed or executed.
||A task executed by the
system but generally remain invisible to the user. The system usually assigns
background tasks a lower priority than foreground tasks. Some malicious
software is executed by a system as a background task so the user does not
realize unwanted actions are occurring.
||n. A duplicate copy of
data made for archiving purposes or for protecting against damage or loss.
v. The process of creating duplicate data. Some programs backup data files while maintaining both the current version and the preceding version on disk. However, a backup is not considered secure unless it is stored away from the original.
||Text files containing
one MS-DOS command on each line of the file. When run, each line executes
in sequential order. The batch file AUTOEXEC.BAT is executed when the computer
is booted and loads a series of controls and programs. This file type has
the extension BAT.
||A bimodal virus infects
both boot records and files. Also: Bipartite; See Also: Boot Sector Infector,
File Virus, Multipartite
||Basic Input/Output System.
The part of the operating system that identifies the set of programs used
to boot the computer before locating the system disk.
The BIOS is located in the ROM (Read Only Memory) area of system and is usually stored permanently.
||To start (a cold boot)
or reset (warm boot) the computer so it is ready to run programs for the
user. Booting the computer executes various programs to check and prepare
the computer for use. See Also: Cold Boot, Warm Boot
||The program recorded in
the boot sector. This record contains information on the characteristics
and contents of the disk and information needed to boot the computer. If
a user boots a PC with a floppy disk, the system reads the boot record from
that disk. See Also: Boot Sector
||An area located on the
first track of floppy disks and logical disks that contain the boot record.
Boot sector usually refers to this specific sector of a floppy disk, whereas
the term Master Boot Sector usually refers to the same section of a hard
disk. See Also: Master Boot Record
|Boot Sector Infector
||A boot sector infector
virus places its starting code in the boot sector. When the computer tries
to read and execute the program in the boot sector, the virus goes into
memory where it can gain control over basic computer operations. From memory,
a boot sector infector can spread to other drives (floppy, network, etc.)
on the system. Once the virus is running, it usually executes the normal
boot program, which it stores elsewhere on the disk. Also: Boot Virus, Boot
Sector Virus, BSI.
|Brute Force Attack
||An attack in which each
possible key or password is attempted until the correct one is found. See
||See: Boot Sector Infector
||An unintentional fault
in a program that causes actions neither the user nor the program author
||A cavity virus overwrites
a part of its host file without increasing the length of the file while
also preserving the host's functionality.
||An identifying number
calculated from file characteristics. The slightest change in a file changes
||adj. A computer, file
or disk that is free of viruses.
v. To remove a virus or other malicious software from a computer, file or disk. Also: Disinfection.
||Cluster viruses modify
the directory table entries so the virus starts before any other program.
The virus code only exists in one location, but running any program runs
the virus as well. Because they modify the directory, cluster viruses may
appear to infect every program on a disk. Also: File System Virus
||To start the computer
by cycling the power. A cold boot using a rescue disk (a clean floppy disk
with boot instructions and virus scanning capabilities) is often necessary
to clean or remove boot sector infectors. See Also: Boot, Warm Boot
||A type of executable file
limited to 64 kb. These simple files are often used for utility programs
and small routines. Because COM files are executable, viruses can infect
them. This file type has the extension COM.
||Companion viruses use
a feature of DOS that allows software programs with the same name, but with
different extensions, to operate with different priorities. Most companion
viruses create a COM file which has a higher priority than an EXE file with
the same name.
Thus, a virus may see a system contains the file PROGRAM.EXE and create a file called PROGRAM.COM. When the computer executes PROGRAM from the command line, the virus (PROGRAM.COM) runs before the actual PROGRAM.EXE. Often the virus will execute the original program afterwards so the system appears normal.
||To access or disclose
information without authorization.
||Cookies are blocks of
to identify users who revisit the site.
Cookies might contain login or registration information, "shopping cart" information or user preferences. When a server receives a browser request that includes a cookie, the server can use the information stored in the cookie to customize the Web site for the user. Cookies can be used to gather more information about a user than would be possible without them.
||A password on a system
when it is first delivered or installed.
|Denial Of Service (DoS)
||An attack specifically
designed to prevent the normal functioning of a system and thereby to prevent
lawful access to the system by authorized users. Hackers can cause denial
of service attacks by destroying or modifying data or by overloading the
system's servers until service to authorized users is delayed or prevented.
See Also: Attack
|Direct Action Virus
||A direct action virus
works immediately to load itself into memory, infect other files, and then
to unload itself.
||Most anti-virus software
carries out disinfection after reporting the presence of a virus to the
user. During disinfection, the virus may be removed from the system and,
whenever possible, any affected data is recovered.
||A Microsoft Word Document
File. In the past, these files contained only document data, but with many
newer versions of Microsoft Word, DOC files also include small programs
called macros. Many virus authors use the macro programming language to
associate macros with DOC files. This file type has the extension DOC.
||Disk Operating System.
Generally any computer operating system, though often used as shorthand
for MS-DOS--the operating system used by Microsoft before Windows was developed.
||A dropper is carrier file
that installs a virus on a computer system. Virus author often use droppers
to shield their viruses from anti-virus software. The term injector often
refers to a dropper that installs a virus only in memory.
||European Institute of
Computer Anti-Virus Research. In conjunction with several anti-virus software
companies, EICAR has developed a test file for anti-virus software. See
Also: EICAR Standard Anti-Virus Test File
|EICAR Standard Anti-Virus Test File
||This text file consists
of one line of printable characters; if saved as EICAR.COM, it can be executed
and displays message: "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!" This
provides a safe and simple way of testing the installation and behavior
of anti-virus software without using a real virus.
||An encrypted virus's code
begins with a decryption algorithm and continues with scrambled or encrypted
code for the remainder of the virus. Each time it infects, it automatically
encodes itself differently, so its code is never the same. Through this
method, the virus tries to avoid detection by anti-virus software.
||Encryption is the scrambling
of data so it becomes difficult to unscramble and interpret.
||An executable file; as
contrasted with a document or data file. Usually, executed by double-clicking
its icon or a shortcut on the desktop, or by entering the name of the program
at a command prompt. Executable files can also be executed from other programs,
batch files or various script files.
The vast majority of known viruses infect program files. However, real-world infections by program-infecting viruses are much less common. Also: Program File
||A false negative error
occurs when anti-virus software fails to indicate an infected file is truly
infected. False negatives are more serious than false positives, although
both are undesirable. False negatives are more common with anti-virus software
because the may miss a new or a heavily modified virus. See Also: False
||A false positive error
occurs when anti-virus software wrongly claims a virus infects a clean file.
False positives usually occur when the string chosen for a given virus signature
is also present in another program. See Also: False Negative
||Fast infector viruses,
when active in memory, infect not only executed programs, but also those
that are merely opened. Thus running an application, such as anti-virus
software, which opens many programs but does not execute them, can result
in all programs becoming infected. See Also: Slow Infector
||File Allocation Table.
The under MS-DOS, Windows 3.x, 9x, and NT (in some cases), the FAT is located
in the boot sector of the disk and stores the addresses of all the files
contained on a disk. Viruses and other malicious programs, as well and normal
use and extended wear and tear, can damage the FAT. If the FAT is damaged
or corrupt, the operating system may be unable to locate files on the disk.
||If you have MS-DOS version
5.0 or later, the command FDISK /MBR can remove viruses which infect the
master boot sector but do not encrypt it. Using this command can produce
unexpected results and cause unrecoverable damage.
||File viruses usually replace
or attach themselves to COM and EXE files. They can also infect files with
the extensions SYS, DRV, BIN, OVL and OVY.
File viruses may be resident or non-resident, the most common being resident or TSR (terminate-and-stay-resident) viruses. Many non-resident viruses simply infect one or more files whenever an infected file runs.
Also: Parasitic Virus, Fire Infector, File Infecting Virus
||A firewall prevents computers
on a network from communicating directly with external computer systems.
A firewall typically consists of a computer that acts as a barrier through
which all information passing between the networks and the external systems
must travel. The firewall software analyzes information passing between
the two and rejects it if it does not conform to pre-configured rules.
||See: Virus Hoaxes
of a computer program by anti-virus software to identify a potential virus.
Often heuristic scanning produces false alarms when a clean program behaves
as a virus might. Also: Heuristic Scan
||An attack whereby an active,
established, session is intercepted and used by the attacker. Hijacking
can occur locally if, for example, a legitimate user leaves a computer unprotected.
Remote hijacking can occur via the Internet.
||Vulnerability in the design
software and/or hardware that allows circumvention of security measures.
||A term often used to describe
the computer file to which a virus attaches itself. Most viruses run when
the computer or user tries to execute the host file.
|In The Wild
||A virus is "in the
wild" if it is verified as having caused an infection outside a laboratory
situation. Most viruses are in the wild and differ only in prevalence. Also:
ITW; See Also: Zoo Virus
||The action a virus carries
out when it enters a computer system or storage device.
language that can run wherever there is a suitable script interpreter such
as Web browsers, Web servers, or the Windows Scripting Host. The scripting
||These are not viruses,
but may contain a virus if infected or otherwise altered. Also: Practical
||The Windows Registry uses
keys to store computer configuration settings. When a user installs a new
program or the configuration settings are otherwise altered, the values
of these keys change. If viruses modify these keys, they can produce damaging
||Library files contain
groups of often-used computer code that different programs can share. Programmers
who use library code make their programs smaller since they do not need
to include the code in their program. A virus that infects a library file
automatically may appear to infect any program using the library file.
In Windows systems, the most common library file is the Dynamic Link Library; its extension is DLL.
||A logic bomb is a type
of trojan horse that executes when specific conditions occur. Triggers for
logic bombs can include a change in a file, by a particular series of keystrokes,
or at a specific time or date. See: Time Bomb
||A macro is a series of
instructions designed to simplify repetitive tasks within a program such
as Microsoft Word, Excel or Access. Macros execute when a user opens the
associated file. Microsoft's latest macro programming language is simple
to use, powerful, and not limited to Word documents. Macros are in mini-programs
and can be infected by viruses. See Also: Macro Virus
||A macro virus is a malicious
macro. Macro viruses are written a macro programming language and attach
to a document file (such as Word or Excel). When a document or template
containing the macro virus is opened in the target application, the virus
runs, does its damage and copies itself into other documents. Continual
use of the program results in the spread of the virus.
||n. Excessively large e-mail
(typically many thousands of messages) or one large message sent to a user's
e-mail account, for the purpose of crashing the system, or preventing genuine
messages from being received.
v. To send a mailbomb.
||A piece of code designed
to damage a system or the data it contains, or to prevent the system from
being used in its normal manner.
||A generic term used to
describe malicious software such as: viruses, trojan horses, malicious active
||Network drives assigned
local drive letters and locally accessible. For example, the directory path
\\MAIN\JohnDoe\ might be mapped as drive G: on a computer.
|Master Boot Record
||The 340-byte program located
in the master boot sector. This program reads the partition table, determines
what partition to boot and transfers control to the program stored in the
first sector of that partition. There is only one master boot record on
each physical hard disk. Also: MBR, Partition Table; See Also: Boot Record
|Master Boot Sector
||The first sector of a
hard disk. This sector is located at sector 1, head 0, track 0. The sector
contains the master boot record. See Also: Master Boot Record
|Master Boot Sector Virus
||Master boot sector viruses
infect the master boot sector of hard disks, though they spread through
the boot record of floppy disks. The virus stays in memory, waiting for
DOS to access a floppy disk. It then infects the boot record on each floppy
disk DOS accesses. Also: Master Boot Record Virus; See Also: Boot Record
||See: Master Boot Record
||A memory-resident virus
stays in memory after it executes and infects other files when certain conditions
are met. In contrast, non-memory-resident viruses are active only while
an infected application runs.
||Moving Picture Experts
Group Audio Layer 3 File. MP3 files are highly compressed audio tracks,
and are very popular on the Internet. MP3 files are not programs, and viruses
cannot infect them. This file type has the extension MP3.
||The Microsoft Disk Operating
System. The operating system Microsoft developed for the IBM platform before
Windows. Windows 3.x, 95 and 98 rely heavily on MS-DOS and can execute most
||Multipartite viruses use
a combination of techniques including infecting documents, executables and
boot sectors to infect computers. Most multipartite viruses first become
resident in memory and then infect the boot sector of the hard drive. Once
in memory, multipartite viruses may infect the entire system.
Removing multipartite viruses requires cleaning both the boot sectors and any infected files. Before you attempt the repair, you must have a clean, write-protected Rescue Disk.
||A mutating virus changes,
or mutates, as it progresses through its host files making disinfection
more difficult. The term usually refers to viruses that intentionally mutate,
though some experts also include non-intentionally mutating viruses. See
Also: Polymorphic Virus
||An electronic forum where
readers post articles and follow-up messages on a specified topic. An Internet
newsgroup allows people from around the globe discuss common interests.
Each newsgroup name indicates the newsgroup's subject in terms of increasingly
narrow categories, such as alt.comp.virus.
|Not In The Wild
||Viruses "not in the
wild" are in real world but fail to spread successfully. See Also:
In The Wild, Zoo Virus
||NT File System; a Windows
NT file system used to organize and keep track of files. See Also: FAT
||A real-time virus scanner
that scans disks and files automatically and often in the background. An
on-access scanner scans files for viruses as the computer accesses the files.
||A virus scanner the user
starts manually. Most on-demand scanners allow the user to set various configurations
and to scan specific files, folders or disks.
||The operating system is
usually the underlying software that enables you to interact with the computer.
The operating system controls the computer storage, communications and task
management functions. Examples of common operating stems include: MS-DOS,
MacOS, Linux, Windows 98. Also: OS, DOS
||An overwriting virus copies
its code over its host file's data, thus destroying the original program.
Disinfection is possible, although files cannot be recovered. It is usually
necessary to delete the original file and replace it with a clean copy.
Also: Overwrite Virus
||A password attack is an
attempt to obtain or decrypt a legitimate user's password. Hackers can use
password dictionaries, cracking programs, and password sniffers in password
attacks. Defense against password attacks is rather limited but usually
consists of a password policy including a minimum length, unrecognizable
words, and frequent changes. See Also: Password Sniffer
||The use of a sniffer to
capture passwords as they cross a network. The network could be a local
area network, or the Internet itself. The sniffer can be hardware or software.
Most sniffers are passive and only log passwords. The attacker must then
analyze the logs later. See Also: Sniffer
||Refers to the effects
produced by a virus attack. Sometimes refers to a virus associated with
a dropper or Trojan horse.
||Pretty Good Privacy. Considered
the strongest program for encrypting data files and/or e-mail messages on
PCs and Macintosh computers. PGP includes authentication to verify the sender
of a message and non-repudiation to prevent someone denying they sent a
||To gain unauthorized access
to a system via an authorized user's legitimate connection.
||Polymorphic viruses create
varied (though fully functional) copies of themselves as a way to avoid
detection from anti-virus software. Some polymorphic virus use different
encryption schemes and requires different decryption routines. Thus, the
same virus may look completely different on different systems or even within
different files. Other polymorphic viruses vary instruction sequences and
use false commands in the attempt to thwart anti-virus software. One of
the most advanced polymorphic viruses uses a mutation-engine and random-number
generators to change the virus code and its decryption routine. See Also:
||A program infector virus
infects other program files once an infected application is executed and
the activated virus is loaded into memory.
||An anti-virus software
application that operates as a background task, allowing the computer to
continue working at normal speed, with no perceptible slowing. See Also:
||The action used by some
viruses to point a command to a different location. Often this different
location is the address of the virus and not the original file or application.
||The action by which a
user or program assigns a new name to a file. Viruses may rename program
files and take the name of the file so running the program inadvertently
runs the virus.
Anti-virus programs may rename infected files so the are unusable until they are manually cleaned or deleted.
||The process by which a
virus makes copies of itself in order to carry out subsequent infections.
Replication is one of major criteria separating viruses from other computer
||To restart a computer
without turning it off. Also: Warm Boot
||A resident virus loads
into memory and remains inactive until a trigger event. When the event occurs
the virus activates, either infecting a file or disk, or causing other consequences.
All boot viruses are resident viruses and so are the most common file viruses.
||A resident extension is
a memory-resident portion of a program that remains active after the program
ends. It essentially becomes an extension to the operating system. Many
viruses install themselves as resident extensions.
||A term the media use to
denote any program intended to damage programs or data, or to breach a system's
security. It includes Trojan Horse programs, logic bombs, viruses, and more.
||Rich Text Format File.
An alternative format to the DOC file type supported by Microsoft Word.
RTF files are ASCII text files and include embedded formatting commands.
RTF files do not contain macros and cannot be infected with a macro virus.
This makes RTF files a good document format for communicating with others via e-mail. However, some macro viruses attempt to intercept saving a file as an RTF file and instead save it as a DOC file with an RTF extension. Users can catch this trick by first reading the file in a simple text editor like Notepad. DOC files will be nearly unreadable, while RTF files will be readable. This file type has the extension RTF. See Also DOC File
||A virus detection program
that searches for viruses. See Also: Anti-virus Software, On-demand Scanner,
||See: Boot Sector Infector,
Master Boot Sector Virus
attempt to conceal themselves from anti-virus programs. Most anti-virus
programs attempt to find viruses by looking for certain patterns of code
(known as virus signatures) that are unique to each virus. Self-encrypting
viruses encrypt these text strings differently with each infection to avoid
detection. See Self-garbling Virus, Encrypted Virus
||A self-extracting file
decompresses part of itself into one or more parts when executed. Software
authors and others often use this file type to transmit files and software
via the Internet since the compressed files conserve disk space and reduce
download time. Some anti-virus products may not search self-extracting file
components. To scan these components, you must first extract the files and
then scan them.
||A self-garbling virus
attempts to hide from anti-virus software by garbling its own code. When
these viruses spread, they change the way their code is encoded so anti-virus
software cannot find them. A small portion of the virus code decodes the
garbled code when activated. See Also: Self-encrypting Virus, Polymorphic
||A disk drive available
to other computers on the network. Shared drives use the Universal Naming
Convention to differentiate themselves from other drives. See Also: Mapped
||Software distributed for
evaluation without cost, but that requires payment to the author for full
rights. If, after trying the software, you do not intend to use it, you
simply delete it. Using unregistered shareware beyond the evaluation period
||A search pattern, often
a simple string of characters or bytes, expected to be found in every instance
of a particular virus. Usually, different viruses have different signatures.
Anti-virus scanners use signatures to locate specific viruses. Also: Virus
||Slow infectors are active
in memory and only infect new or modified files. See Also: Fast Infector
||Simple Mail Transport
Protocol. The Internet e-mail delivery format for transmitting e-mail messages
||A software program that
monitors network traffic. Hackers use sniffers to capture data transmitted
via a network.
||A sparse infector viruses
use conditions before infecting files. Examples include files infected only
on the 10th execution or files that have a maximum size of 128kb. These
viruses use the conditions to infect less often and therefore avoid detection.
Also: Sparse Virus
||Stealth viruses attempt
to conceal their presence from anti-virus software. Many stealth viruses
intercept disk-access requests, so when an anti-virus application tries
to read files or boot sectors to find the virus, the virus feeds the program
a "clean" image of the requested item. Other viruses hide the
actual size of an infected file and display the size of the file before
Stealth viruses must be running to exhibit their stealth qualities. Also: Interrupt Interceptors
||A consecutive series of
letters, numbers, and other characters. "afsH(*&@~" is a string;
so is "The Mad Hatter". Anti-virus applications often use specific
strings, called virus signatures, to detect viruses. See Also: Signature
|System Boot Record
||See: Boot Record
||Certain applications use
template files to pre-load default configurations settings. Microsoft Word
uses a template called NORMAL.DOT to store information about page setup,
margins and other document information.
||Usually malicious action
triggered at a specific date or time. See Also: Logic Bomb
||The time of creation or
last modification recorded on a file or another object. Users can usually
find the timestamp in the Properties section of a file.
||Top of Memory. A design
limit at the 640kb-mark on most PCs. Often the boot record does not completely
reach top of memory, thus leaving empty space. Boot sector infectors often
try to conceal themselves by hiding around the top of memory. Checking the
top of memory value for changes can help detect a virus, though there is
also non-viral reasons this value change.
||An action built into a
virus set off by a specific condition. Examples include a message displayed
on a specific date or reformatting a hard drive after the 10th execution
of a program.
|Trojan Horse Program
||A Trojan horse program
is a malicious program that pretends to be a benign application; a Trojan
horse program purposefully does something the user does not expect. Trojans
are not viruses since they do not replicate, but Trojan horse programs can
be just as destructive.
Many people use the term to refer only to non-replicating malicious programs, thus making a distinction between Trojans and viruses. Also: Trojan
||Terminate and Stay Resident.
TSR programs stay in memory after being executed. TSR programs allow the
user to quickly switch back and forth between programs in a non-multitasking
environment, such as MS-DOS. Some viruses are TSR programs that stay in
memory to infect other files and program. Also: Memory-resident Program
||A virus technique designed
to prevent anti-virus applications from working correctly. Anti-virus programs
work by intercepting the operating system actions before the OS can execute
a virus. Tunneling viruses try to intercept the actions before the anti-virus
software can detect the malicious code. New anti-virus programs can recognize
many viruses with tunneling behavior.
||Universal Naming Convention.
This is the standard for naming network drives. For example, UNC directory
path has the following form: \\server\resource-pathname\subfolder\filename
||A technique of some anti-virus
programs to store information about files in order to notify the user about
file changes. Internal vaccines store the information within the file itself,
while external vaccines use another file to verify the original for possible
||A modified version of
a virus. Usually produced on purpose by the virus author or another person
amending the virus code. If changes to the original are small, most anti-virus
products will also detect variants. However, if the changes are large, the
variant may go undetected by anti-virus software.
||Visual Basic Script. Visual
Basic Script is a programming language that can invoke any system function--including
starting, using and shutting down other applications without--user knowledge.
VBS programs can be embedded in HTML files and provide active content via
the Internet. Since not all content is benign, users should be careful about
changing security settings without understanding the implications. This
file type has the extension VBS.
||A computer program file
capable of attaching to disks or other files and replicating itself repeatedly,
typically without user knowledge or permission. Some viruses attach to files
so when the infected file executes, the virus also executes. Other viruses
sit in a computer's memory and infect files as the computer opens, modifies
or creates the files. Some viruses display symptoms, and some viruses damage
files and computer systems, but neither symptoms nor damage is essential
in the definition of a virus; a non-damaging virus is still a virus.
There are computer viruses written for several operating systems including DOS, Windows, Amiga, Macintosh, Atari, and UNIX, and others. McAfee.com presently detects more than 57,000 viruses, Trojans, and other malicious software. (Note: The preferred plural is the English form: viruses)
See Also: Boot Sector Infector, File Viruses, Macro virus, Companion Virus, Worm
||Hoaxes are not viruses,
but are usually deliberate or unintentional e-messages warning people about
a virus or other malicious software program. Some hoaxes cause as much trouble
as viruses by causing massive amounts of unnecessary e-mail.
Most hoaxes contain one or more of the following characteristics:
If you receive an e-mail message about a virus, check with a reputable source to ensure the warning is real. Click here to learn about hoaxes and the damage they cause. Sometimes hoaxes start out as viruses and some viruses start as hoaxes, so both viruses and virus hoaxes should be considered a threat.
- Warnings about alleged new viruses and its damaging consequences,
- Demands the reader forward the warning to as many people as possible,
- Pseudo-technical "information" describing the virus,
- Bogus comments from officials: FBI, software companies, news agencies, etc.
||Restarting a computer
without first turning off the power. Using CTL+ALT+DEL or the reset button
on many computers can warm boot a machine. See Also: Cold Boot, Reset
||Windows Scripting Host
(WSH) is a Microsoft integrated module that lets programmers use any scripting
language to automate operations throughout the Windows desktop.
||Worms are parasitic computer
programs that replicate, but unlike viruses, do not infect other computer
program files. Worms can create copies on the same computer, or can send
the copies to other computers via a network. Worms often spread via IRC
(Internet Relay Chat).
||ZIP Archive File. A ZIP
archive contains compressed collections of other files. ZIP files are popular
on the Internet because users can deliver multiple files in a single container;
the compressed files also save disk space and download time. A ZIP file
can contain viruses if any of the files packaged in it contain viruses,
but the ZIP file itself is not directly dangerous. Other archive files include
RAR, and LHA files. This file type has the extension ZIP.
||A collection of viruses
used for testing by researchers. See Also: In The Wild, Zoo Virus
||A zoo virus exists in
the collections of researchers and has never infected a real world computer
system. See Also: In The Wild
Article reprinted with permission from McAfee, Inc.