Computer virus programs are programmed to attach themselves to some software and replicate themselves onto other systems and spread. Whether the program is a harmless nuisance or a disastrous command for deletion of data, the problem of eradication is the same: how to locate the extent of damage done and how to stop continuing damage. Various vaccine programs, program and diskette tests are very helpful where they are applied, but the nature of the problem is such that one does not know where they should applied until the damage has already been done.
Computer viruses can be found in any computer that has exchanged information or software with any other computer by means of telephone or other cable, disk, tape or other media, networks or bulletin boards. They have been discovered in personal, mini and mainframe computers in the USA, Europe and the Middle East. They have affected banks, air traffic control radar, insurance firms, hospitals, multinational corporations, military organizations, utility companies and stock brokers.
The US Pentagon computers are the targets of an average of 400 probes a week, with about 60 defined as "attacks." The US Department of Defense and NATO command announced recently (May 1999) that their computer networks were sabotaged into a "denial of service" after Serbia-based hackers bombarded them with virus-laden e-mails. Three US government sites – the Energy Department, the Interior Department and the National Park Service – were hit by people protesting NATO's bombing of the Chinese Embassy in Belgrade, forcing them to shut down their home pages for a day. The hacking was traced back to China.
The Melissa virus first appeared on the Internet in March of 1999. It spread rapidly throughout computer systems in the United States and Europe. It is estimated that the virus caused $80 million in damages to computers worldwide. In the United States alone, the virus made its way through 1.2 million computers in one-fifth of the country's largest businesses. US citizen David Smith pleaded guilty on December 9, 1999 to state and federal charges associated with his creation of the Melissa virus.
The "Love Letter" worm was a malicious VBScript program which was spread in a variety of ways on May 4, 2000. More than 250 individual sites were affected indicating more than 300,000 individual systems were affected. Sites suffered considerable network degradation as a result of mail, file, and web traffic generated by the "Love Letter" worm. The "Love Letter" worm infected systems via electronic mail, Windows file sharing, IRC, USENET news and possibly via webpages. The worm executes by sending copies of itself using Microsoft Outlook to all the entries in all the address books. The worm searches for certain types of files and replace them with a copy of the worm. Executing (double clicking) files modified by other infected users results in executing the worm. Files modified by the worm may also be started automatically, for example from a startup script.
If I had to choose one viral myth that contributed most to the unchecked spread of viruses that exists today, it would be that of the 'safety' of commercial software. The feeling of false security relies on three assumptions: (a) that software downloaded from BBSs is a major viral vector; (b) that commercial software is never infected; and (c) that there are no viral vectors other than software.