By Bill Grogg

Viruses and other malicious programs are a very real threat today. With thousands of viruses known to infect PCs, over 600 different viruses known to be circulating in the wild (See Viruses In-the-Wild), and new viruses being released by unscrupulous people daily, the chance of encountering a virus on your machine grows each day. This threat has increased dramatically in the past couple of years as a number of mass mailing worms have caused tremendous havoc since they are distributed via e-mail attachments.

In the recent ICSA Labs Virus Prevalence Survey (for 2001) from the International Computer Security Association, a sample of 300 organizations indicated that 100% of North American Corporations and other organizations have encountered viruses in their organizations. The same report relates that these organizations with more than 500 PCs experience 113 virus encounters per 1000 PCs each month and is the sixth consecutive year of increase.

When I initially wrote this content (around 1997), most viruses targeted DOS executables or boot sectors and macro viruses were rapidly becoming common, but that has changed dramatically. Most viruses and worms are being distributed by mass mailing techniques with Win32, VBScript, and JavaScript payloads.

Again, around 1997 macro viruses were becoming the primary problem. Written in the powerful application macro languages of popular applications such as Microsoft Word and Microsoft Excel, these viruses travel in document files and once active infect all other documents created or accessed by the host application. Since documents are frequently exchanged, read, modified, and shared, the macro viruses very quickly became the most common variety of virus. By far the biggest threat today are the file, macro, and scripting attachments sent via e-mail.

Macro viruses and scripting worms are relatively easy to write and because they use an interpreted language instead of processor-specific code, they are also cross-platform. For example, the a JavaScript worm can run in virtually any browser on just about any operating system allowing them in cross platforms.

It is estimated in the 1996 ICSA Virus Prevalence Survey, that losses due to virus infections would total 5 to 6 billion dollars in 1996 compared with 1 billion in 1995. In the most recent survey, total losses weren't estimated, but in the 84 virus disasters (more than 25 PCs affected) reported by the surveyed companies, losses averaged $69,000 per disaster with a high of $1,000,000. The median loss was $5,500.

When this document was originally written around 1997, individual PCs remained the primary breeding ground for viruses. The most common cause of infections was unsuspecting employees bringing in viruses from their home PCs or other sources. In the 2001 survey, however, 83% of infections came from e-mail attachments. The various mass mailing worms and viruses can spread infection rapidly through the use of e-mail address books for distribution lists.