Adware is a type of advertising display software whose primary purpose is to deliver advertising content in a manner or context that may be unexpected and unwanted by users.

Does not replicate.

MS Access 97 or later on any operating system.

VBA macro language.

Infects other Access database files when an infected database is opened.

AppleScript is the default batch language of Macintosh Operating Systems. As such the majority of applications that are installed on Macintosh computers are scriptable by AppleScript. An AppleScript worm is a script that uses the functionality of AppleScript to spread to other computers or scripts an email application to send itself out.

Systems running AutoCAD software.

Places infected ACAD.LSP files in folders containing DWG files. Modifies the Global ACAD.LSP file to run a copy of itself.

Computers connected to a network with DOS, Windows 95/98/Me and Windows NT/2000 operating systems.

Batch file worms spread by searching for shared areas on remote computers to which they can copy themselves.

The BIOS is the very first piece of software which runs when your computer is switched on, so it must be present for your computer to work. Without it, your PC is effectively useless.

The BIOS is stored in special chip on the motherboard which maintains its contents even when the power is switched off. This is supposed to ensure that the BIOS is always there when you need it.

On many computers the BIOS can be upgraded using software supplied by the BIOS manufacturer. It can also be damaged by viruses such as W95/CIH-10xx and the damage may mean you cannot boot up your PC at all. If the BIOS chip cannot be replaced (some BIOS chips are soldered into position), you may even need to replace your computer's motherboard.

Bluetooth is a personal area network technology for short-range transmission of digital voice and data between laptops, mobile phones, and other portable handheld devices. Mobile viruses could be spread through Bluetooth transfers between computers and mobile devices, and between mobile devices.

An email which urges the recipient to forward the email to other people.

The CMOS settings maintain fundamental system configuration information, which is stored in a special chip on the motherboard. This chip, usually powered by a battery, can operate independently of the rest of the computer. It keeps things like the system clock up-to-date even when the power is switched off.

The CMOS settings also record what sort of disks are installed in the PC, whether or not a password is required at start-up, and which devices (e.g. floppy, hard disk, CD-ROM or network) should be used when trying to boot up the computer. If your CMOS settings are inaccurate, then your computer may not work properly.

Some viruses and trojans, such as Troj/KillCMOS-E, deliberately corrupt these settings to try to stop your computer working. Although it is usually fairly easy to correct the CMOS settings, the procedure for doing so varies from computer to computer. You may need to refer to your computer's manual or the manufacturer's website for assistance.

A companion virus will rename either itself or its target file in an attempt to trick the user into running the virus rather than another program. For example, a companion virus attacking a file named GAME.EXE may rename the target file to GAME.EX and create a copy of itself called GAME.EXE. Alternatively it may simply rename itself to GAME.COM and rely on the user running 'GAME' from a command prompt as the operating system would then run GAME.COM rather than GAME.EXE.

A controlled application is a legitimate program but one which Sophos recognizes that some IT administrators might wish to block or authorize, depending on the application's usefulness within a business environment, and its potential impact on business productivity and resources.

A controlled device is a storage device or network interface which some IT administrators might wish to block or authorize. An administrator's decision will depend on whether the device has a legitmate use within a business environment, and the potential risk it poses in terms of malware infection and/or data loss.

Corel SCRIPT files running under any operating system.

When an infected script is run it infects other Corel SCRIPT files.

Any application whose primary function is to dial a premium rate phone number.

Distributed Computing is the remote use of many decentralized and separate computers, connected by a network (usually the internet), to solve large-scale computation problems. Examples include SETI@Home and the BBC Climate Change Experiment.

DOS Boot Sector (aka DOS Boot Record) of hard disks and boot sector of floppy disks.

DOS Boot Sector viruses can infect any Intel-compatible PC which is configured to boot from a floppy drive.

More secure operating systems such as Windows NT can be infected but may prevent the virus from replicating.

Loads into memory when an infected PC is booted and then infects any floppy disk used in the PC. A PC which boots from an infected floppy disk becomes infected.

Infects other executable files. Some viruses become memory resident and infect other programs when they are run. Others actively seek out other files to infect.

Affects DOS executables on a system by overwriting them. Traditionally spreads to other systems by means of floppy disk exchange.

Dropped files are files that have been dropped by a virus, Trojan or worm and are detected by Sophos Anti-Virus. They include damaged versions of the original program.

Does not replicate.

A file created specifically to introduce a virus, worm or Trojan into a system. The file may be of a different type to the virus, worm or Trojan it introduces.

MS Excel 5 or later running on any operating system.

When an infected document is opened the viral formula sheet is copied into a file in the XLSTART directory. This is automatically loaded into other documents when they are opened.

MS Excel 5 or later running on any operating system.

When an infected document is opened the viral macros are copied into a file in the XLSTART directory. This is automatically loaded into other documents when they are opened.

MS Excel 97 or later running on any operating system.

When an infected document is opened the viral macros are copied into a file in the XLSTART directory. This is automatically loaded into other documents when they are opened.

Some viruses such as XM97/Papa also use mail programs such as Outlook to automatically send infected files to names listed in the address book.

A file that will take advantage of design flaws (vulnerabilities) in software in order to take control of a system. The exploit may be used to perform a number of different actions such as downloading worms and Trojans, accessing confidential data or crashing the software (Denial of Service) depending on the nature and severity of the vulnerability.

An incorrect report that a file is infected with a virus.

Trojans or worms of a particular family with the suffix -Fam or -Gen initially, where the variant is not currently separately identified. Where full antivirus analysis is performed, the variant will then be individually named.

Tools that can be used to assist in gaining entry to a network, computer or software program. These are sometimes used by hackers but can also be used legitimately for assessing network security.

A Host Intrusion Prevention System (HIPS) guards against unknown threats. Sophos's HIPS technology uses our anti-virus engine to stop unknown threats by analyzing behavior before code executes.

Java applets

When an infected program (a Java .class file) is run, it looks for other .class files locally. The virus then copies itself into these files, modifying them so that, when they are run in future, the virus receives control first.

JavaScript scripting files, HTML files with embedded scripts, Microsoft Outlook and Internet Explorer.

JavaScript scripting files, HTML files with embedded scripts, Microsoft Outlook and Internet Explorer.

Uses IRC, Outlook or Windows networking functions to email multiple copies of infected files to other people or copy itself across the network.

A computer program designed to be mistaken for a virus. Jokes do not replicate, can be safely deleted and are harmless to a computer. Their aim is to cause alarm, and waste time and resources.

A program that records users keystrokes with the intention of capturing sensitive information such as credit card details.

Keystroke logging is a feature of many pieces of malware such as W32/Sdbot-LM and W32/Spybot-EL. There are also families of dedicated keystroke loggers. Troj/Keylog-AL is a member of one such family.

A computer program that no longer works as a virus for a variety of reasons. Sophos Anti-Virus detects these files so that the inactive virus code can be removed.

Various Linux Platform ELF (Executable and Linkable Format) files.

Infects other executable files using a variety of mechanisms.

Computers connected to a network running Linux.

Linux worms take advantage of flaws in networking code to gain unauthorised access to remote computers running Linux. Once they have gained access they will begin searching for new machines to infect and are often initially noticed by increased network traffic. They can spread rapidly between computers permanently connected to the internet because they require no user intervention to function.

Infects other Macintosh files by a variety of mechanisms.

Uses the QuickTime AutoPlay feature to copy itself from and to infected diskettes when they are inserted.

Macromedia Flash files associated with the Flash 5 player.

Typically the virus replicates itself by copying itself to the script at the start of the Flash file.

Malicious behavior describes an executable file that displays characteristics or behavior that are found exclusively within malware and are therefore blocked to prevent likely intrusion, disruption or damage to computer systems.

Depends on the type of malicious software

Malware is a general term for a range of malicious software including viruses, worms, Trojan horses and spyware.

Depends on the type of malicious software

MapInfo.

MapBasic.

Infects the MapInfo application so as to infect other MapInfo Map files.

Master Boot Sector (aka Master Boot Record) of hard disks and boot sector of floppy disks.

Master Boot Sector viruses can infect any Intel-compatible PC which is configured to boot from a floppy disk drive.

More secure operating systems such as Windows NT can be infected but may prevent the virus from replicating.

Loads into memory when an infected PC is booted and then infects any floppy disk used in the PC. A PC which boots from an infected floppy disk becomes infected.

If the BIOS settings are changed to prevent the PC booting from the floppy drive then the PC cannot become infected.

This prefix is used to denote viruses that infect in the middle of a file rather than at the traditional entry point. Some viruses are reported with this prefix if they are detected at the email gateway and with a different prefix at the desktop.

These are executable files which modify SCRIPT.INI file to make IRC distribute copies of themselves.

A problem which is often erroneously attributed to computer viruses.

systems running Microsoft Command Shell.

When an infected script is run it infects other MSH files

Multimedia Messaging Service (MMS), also known as Multimedia Message Service, is a communications technology that allows mobile network users to transmit email, images video clips, and sound files over wireless networks, in addition to short text messages. It is an extension of the Short Message Service

Each detected virus, Trojan and worm, and family of virus, Trojan and worm variants, are each given a name. The programming code in all variants within a family will be similar (it is often copied and only altered slightly) and the effects will usually also be similar.

'Bagle' family includes variants with these names W32/Bagle-A and W32/Bagle-B

MS Office 97 (or later) running on any operating system.

Infects two or more different Office components. Most of them infect Word and Excel but PowerPoint and Project files can also be affected.

PalmOS Palm resource (PRC) files.

All known viruses actively search for other Palm resource files to infect.

PHP files running under any operating system.

When an infected script is run it infects other PHP files.

MS PowerPoint 97 (or later) running on any operating system.

The virus runs when some action occurs and infects other PowerPoint files or the main template (Blank Presentation.pot). New presentations created from an infected template will themselves be infected.

The prefix in the name of a virus, Trojan or worm explains either what the program does, or which operating system it affects.

PUA is a term used to describe an application that is not inherently malicious, but is generally considered unsuitable for most business networks. Potentially unwanted applications include adware, dialers, remote administration tools and hacking tools.

MS Publisher 2003 (or later) running on any operating system.

When an infected Publisher document is opened the macro code runs and can copy the original document overwriting other Publisher documents.

Computers with Windows 95/98/Me and Windows NT/2000/XP operating systems.

Registry viruses attempt to modify the contents of the registry.

Commercial or freely available tools used for remotely accessing and controlling one or more computers.

A rootkit is a set of software tools designed to be invisible and placed on a computer by a third party. It is used to conceal running processes, files or system data.

A fraudulent business scheme or swindle.

A warning about a possible threat which has been greatly exaggerated.

Short Message Service (SMS) is a service for sending text messages between mobile phones, other handheld devices, and landline telephones. Messages consists of a limited number of alphanumeric characters, and cannot contain images or graphics.

Spyware is a term used to describe a broad set of applications that send information from a computer to a third party without the user's permission or knowledge. Spyware Trojans and spyware worms are Trojans and Win32 worms that also exhibit behaviour attributed to spyware.

A spyware Trojan is a seemingly legitimate computer program designed to disrupt and damage computer activity by sending information from a computer to a third party without the user's permission or knowledge.

Computers connected to a network running Windows 95/98/Me and Windows NT/2000/XP/2003 operating systems.

Spyware worm is a term used to describe malware that has the ability to self-replicate without a host program and send information from a computer to a third party without the user's permission or knowledge.

Spyware worms spread using Windows networking APIs (Application Programming Interfaces), email, or by exploting vulnerabilities of the operating system or another application. They have identical spreading capabilities to Win32 worms but they also exhibit behaviour attributed to spyware.

The suffix in the name of a virus, Trojan or worm denotes the variant. It is the part of the name that follows a hyphen and will be a letter or letters of the alphabet.

Suspicious behaviour comprises characteristics of running processes (ie. post-program execution) which are deemed to be predominantly, but not exclusively, related to malware.

Suspicious files are those that have properties or carry out activities which are characteristic of, but not exclusive to, samples of malware.

Devices running Symbian OS.

Infects other Symbian devices using bluetooth.

Commercial or freely available software whose primary function is to monitor the use of the local computer.

A file that is non-viral but causes anti-virus software to react to it, as if it were a virus. Test files are used primarily as a way for network administrators to check that their anti-virus software has been correctly deployed.

A seemingly legitimate computer program that has been intentionally designed to disrupt and damage computer activity. Trojans are sometimes used in conjunction with viruses. A backdoor Trojan is a program that allows other computer users to gain access to your computer across the internet.

A trusted relay is a known email server that sends or forwards emails to PureMessage. Typical examples of trusted relays include an ISP's SMTP server and any email relays located on a local network which are upstream to the PureMessage server(s). These servers can be trusted because they are highly unlikely to be the source of spam email. It is important to understand that servers on the trusted relay list will still relay spam email but are unlikely to be the originating source of the spam.

Computers connected to a network running Unix.

Unix worms take advantage of flaws in networking code called buffer overflows to gain unauthorised access to remote computers running Unix. Once they have gained access they will begin searching for new machines to infect. They can spread rapidly between computers permanently connected to the internet because they require no user intervention to function.

An unspecified PUA is an application that does not fit within the other PUA types of dialers, adware, and hacking tools. These applications are not inherently malicious, but are generally considered unsuitable for most business networks.

A computer program that copies itself. Often viruses will disrupt computer systems or damage the data contained upon them. A virus requires a host program and will not infect a computer until it has been run. Some viruses spread across networks by making copies of themselves or may forward themselves via email. The term 'virus' is often used generically to refer to both viruses and worms.

A warning about a non-existent virus. Usually urge users to forward them to everyone they know.

Visual Basic scripting files, HTML files with embedded scripts, Microsoft Outlook and Internet Explorer.

Infects other executable files by a variety of mechanisms. Some viruses such as VBS/Dismissed-B use Outlook to distribute infected files by email.

Visual Basic scripting files, HTML files with embedded scripts, Microsoft Outlook and Internet Explorer.

Uses IRC or Outlook to email multiple copies of infected files to other people.

A telephone service that uses the internet as a global telephone network.

Wireless Fidelity (commonly known as Wi-Fi), is a trademark of the Wi-Fi Alliance, which is generally used to refer to any type of 802.11 high-frequency wireless network. Wi-Fi networks are commonly used by many businesses, agencies, schools and homes, and these networks can be accessed by unauthorized users unless protection is in place.

Any Windows operating system that uses the PE executable file format on an ia32 processor, including Microsoft Windows 95/98/Me, NT, 2000, etc.

Infects other executable files by a variety of mechanisms.

Some viruses such as W32/ExploreZip also use Outlook or other programs to distribute infected files by email.

Computers connected to a network running Windows 95/98/Me and Windows NT/2000 operating systems.

Win32 worms spread using Windows networking APIs, MAPI functions or email clients such as Microsoft Outlook. They may create email messages with the worm program attached or attach themselves to outgoing email messages. A message created by a worm often suggests that the recipient should launch the attachment to see something interesting or important.

MS Windows 95/98/Me PE (Portable Executable) files.

Infects other executable files. Some viruses become memory resident and infect other programs when they are run. Others actively seek out other files to infect.

Some viruses such as W95/Babylonia also distribute infected files by email.

MS Windows 98 PE (Portable Executable) files.

Infects other executable files. Some viruses become memory resident and infect other programs when they are run. Others actively seek out other files to infect.

MS Windows NT or 2000 PE (Portable Executable) files.

Infects other executable files using a variety of mechanisms.

Infects other executable files. Some viruses become memory resident and infect other programs when they are run. Others actively seek out other files to infect.

Any version of MS Word running on any operating system.

Word Basic macro language (used in Word 6 and 95).

When an infected document is opened the viral macros are copied to the global template (usually NORMAL.DOT). Other documents automatically load the viral macros from this file when they are opened.

MS Word 97 or later running on any operating system.

Word 97 macro Trojans are documents which, when opened, have undesirable effects on the system such as deleting files or compromising system security.

MS Word 97 or later running on any operating system.

Some of these viruses copy the viral macros into the global template (usually NORMAL.DOT) in the same way as Word macro viruses. This method of transmission does not work with MS Office 97 SR1 or later.

Most of the recent viruses copy the viral macros into another file and modify the global template to import them when another document is opened.

MS Word 97 or later running on any operating system.

Uses mail programs such as MS Outlook to automatically send infected files to names listed in the address book. Many of these worms also replicate is the same way as Word 97 macro viruses.

Sophos Anti-Virus reports these worms with the prefix "WM97/". Prefixes used by other anti-virus companies include "W97M".

A type of virus that does not need a host program. It has the ability to self-replicate and often will use email and the internet to spread.

Some of these viruses copy the viral macros into the global template (usually NORMAL.DOT) in the same way as Word macro viruses. The majority of these viruses are upconverts of existing Word 97 viruses. Most payloads are however Intel specific and do not work.

Computers with Windows 95/98/Me and Windows NT/2000/XP operating systems.

Windows Scripting Host is the framework under which JavaScript, Visual Basic Script and ActiveX components execute. A virus, worm or Trojan may use multiple components within this framework.

A zero day threat is a new threat released in the wild before threat detection signatures are available to protect against it. Fast moving threats such as internet worms can cause huge amounts of damage at zero day.