Welcome to Blaisdell's Little Corner of the Web
Freeware | Freeware From A-Z | Security | Virus Information | Site Updated on 09/09/03
A programming error in a software program which can have unwanted side effects. Examples: Various web browser security problems, Y2K software problems.
Usually an email that gets mailed in chain letter fashion descibing some devastating highly unlikley type of virus, you can usually spot a hoax because there's no file attachment, no reference to a third party who can validate the claim and the general 'tone' of the message.
A harmless program that causes various benign activities to display on your computer (e.g., an unexpected sreen-saver).
A program that neither replicates or copies itself, but does damage or compromises the security of the computer. Typically it relies on someone emailing it to you, it does not email itself, it may arrive in the form of a joke program or software of some sort.
A program or code that replicates, that is infects another program, boot sector, partition sector or document that supports macros by inserting itself or attaching itself to that medium. Most viruses just replicate, a lot also do damage.
A program that makes copies of itself, for example from one disk drive to another, or by copying itself using email or some other transport mechanism. It may do damage and comprimise the security of the computer. It may arrive in the form of a joke program or software of some sort.
Causes system instability
This payload might cause the computer to crash or to behave in an unexpected fashion.
Compromises security settings
This payload might attempt to gain access to passwords or other system-level security settings. It might also search for openings in the Internet processing components of the computer to install a program on that system that could be controlled remotely by someone over the Internet.
The damage component measures the amount of harm that a given threat might inflict. This measurement includes triggered events, clogging email servers, deleting or modifying files, releasing confidential information, performance degradation, errors in the virus code, compromising security settings, and ease by which the damage might be fixed.
This payload slows computer operations. This might involve allocating available memory, creating files that consume disk space, or causing programs to load or execute more slowly.
This payload deletes various files on the hard disk. The number and type of files that might be deleted vary among viruses.
This component measures how quickly a threat is able to spread itself.
A virus that uses encryption to hide itself from virus scanners. That is, it jumbles up it's program code to make it difficult to detect.
This measures the range of separate geographic locations where infections have been reported. The measures are high (global threat), medium (threat present in a few geographic regions), and low (localized or non-wild threat).
This is the size, in bytes, of the viral code that is inserted into a program by the virus. If this is a worm or Trojan horse the length represents the size of the file.
Large scale e-mailing
This type of payload involves sending emails out to large numbers of people. This is usually done by accessing a local address book and sending emails to a certain number of people within that address book.
Code (software) that is transferred from a host to a client (or another host computer) to be executed (run). When we talk about malicious mobile code we may use a Worm as an example.
This payload changes the contents of files on the computer and might corrupt files.
Name of attachment
Most worms are spread as attachments to emails. This field indicates the usual name or names that the attachment might be called.
Number of countries
This is a measure of the number of countries where infections are known to have occurred.
Number of infections
This measures the number of computers that are known to be infected.
Number of sites
This measures the number of locations with infected computers. This normally refers to organizations such as companies, government offices, and the like.
This is the malicious activity that the virus performs. Not all viruses have payloads, but there are some that perform destructive actions.
This is the condition that causes the virus to activate or drop its destructive payload. Some viruses trigger their payloads on a certain date. Others might trigger their payload based on the execution of certain programs or the availability of an Internet connection.
A virus that has the ability to change is byte pattern when it replicates thereby avoiding detection by simple string scanning techniques.
This field indicates the TCP/IP ports that the threat might attempt to use.
Releases confidential information
This payload might attempt to gain access to important data stored on the computer such as credit card numbers.
This measures the skill level needed to remove the threat from a given computer. Removal sometimes involves deleting files and modifying registry entries. The three levels are difficult (requires an experienced technician), moderate (requires some expertise), and easy (requires little or no expertise).
This field indicates whether or not the threat will attempt to replicate itself through mapped drives or other server volumes to which the user might be authenticated.
Size of attachment
This field indicates the size of the file that is attached to the infected email.
Subject of email
Some worms spread by sending themselves to other people through email. This field indicates the subject of the email that is sent by the worm.
Target of infection
This field indicates the types of files that might be infected by the virus.
This section describes the specific details of the infection such as registry entry modifications and files that are manipulated by the virus.
This is a severity rating of the virus, worm or Trojan horse. It includes the damage that this threat causes, how quickly it can spread to other computers (distribution), and how widespread the infections are known to be (wild).
This is a measure of how well current antivirus technology can keep this threat from spreading. As a general rule, older virus techniques are generally well-contained; new threat types or highly complex viruses can be more difficult to contain, and are correspondingly more a threat to the user community. The measures are high (the threat is well-contained), medium (the threat is partially contained), and low (the threat is not currently containable).
Time stamp of attachment
This field indicates the date and time of the file attachment.
This field indicates when virus definitions that include protection for this virus were publicly available through LiveUpdate or the Intelligent Updaters. Click
The wild component measures the extent to which a virus is already spreading among computer users. This measurement includes the number of independent sites infected, the number of computers infected, the geographic distribution of infection, the ability of current technology to combat the threat, and the complexity of the virus.