Well, simply put, a computer virus is nothing but a piece of computer code that someone has written that instructs your computer to do something.

It is dangerous because the type of computer code, which we call a virus, instructs your computer to do something destructive to your computer or someone elses computer.

NEVER OPEN ATTACHMENTS! Even if they are from someone you know!
Run a good antivirus program on your computer at all times. Links for antivirus manufacturers are listed below.
Report any viruses that you receive in email from club members to our webmaster.

The best antivirus programs are commercial software. They will cost you money (~ $50.00). The two major players in this field are listed below. The best feature of these antivirus giants is that they allow you free online updates on their antivirus definition files and they send you ALERTS as soon as a new virus is detected in the field. Each one of the alerts describes the virus and gives you instructions for its removal if you are infected.

Mcafee Associates
Norton Antivirus

The Fizzer worm continued to spread rapidly late Monday afternoon as anti-virus experts raced to analyze the code of what they called one of the more complex worms in recent memory. First seen late last week, Fizzer began spreading in Asia initially but then hit Europe and North American hard Monday as office workers started to open e-mails received over the weekend. 

As of 4:30 EDT Monday, MessageLabs Inc., a managed service provider in New York that tracks virus activity, had seen more than 25,000 copies of the worm, making it the fifth-most prevalent virus on the internet this month. 

"This is one of the more complicated worms we've seen", comments Mikko Hypponen, manager of anti-virus research at F-Secure Corp., based in Helsinki, Finland. "The worm is 200kB of code spaghetti, containing backdoors, code droppers, attack agents, key loggers and even a small Web server." 

The new worm has several other capabilities that make it particularly troubling and dangerous. Fizzer includes an IRC bot that attempts to connect to a number of different IRC servers and, once it establishes a connection, listens passively for further instructions. This kind of activity is often the precursor to a distributed DoS (denial-of-service) attack. The worm also has the ability to create a new user account on AIM (AOL Instant Messenger), join a chat session and then listen for instructions. 

But perhaps the most interesting aspect of Fizzer is the HTTP server it contains. The server runs on a configured TCP port and in effect acts as a command console, according to an analysis of the worm by the AVERT team at McAfee Security, part of Network Associates Inc., in Santa Clara, Calif. The console gives the attacker a wealth of information about the infected system, such as its operating system, connection information, and IRC and AIM data. 

The HTTP server also gives the attacker the ability to remotely launch DoS attacks, further propagate the work via e-mail, issue commands to the IRC and AIM bots, and kill anti-virus applications. 

The keystroke logger records every typed letter and saves the log in an encrypted file on the infected machine. If the infected PC has the Kazaa file-sharing program installed, Fizzer also has the ability to           find the default download location for Kazaa files and copy itself to that folder. It will have a random filename and could easily be mistaken for a media file and downloaded by another Kazaa user. 

At its heart, Fizzer is a mass-mailing worm that arrives in users' mailboxes in an e-mail with a random subject line and body text. The attachment containing the worm is an executable file, but has a random name and may also have a random file extension that disguises the fact that it is an executable. 

W32/magistr.b@mm

McAfee.com has seen a large and growing number of systems infected with the W32/magistr.b@mm worm in Europe and South America. Currently, there is a low incidence of this worm in North America. This is a MEDIUM RISK virus that is spread via email.

The messages sent by the worm contain varying subject headings, body text, and attachments. The body of the message is derived from the contents of other files on the victim's computer. It may send more than one attachment and may include non-EXE or non-viral files along with an infectious .EXE file.

Five minutes after the virus is activated, it attempts to send copies of itself to email addresses found in the Windows Address Book, and in the Outlook Express, Netscape and Eudora mailboxes on the hard drive.

The virus payload may also cause the following:

Erasure of CMOS/BIOS info
Destruction of sectors on the hard disk
Deletion of all .NTZ files on the machine
Termination of Zone Alarm firewall program
Creation of a SYSTEM.INI [boot] shell value to run itself at startup
Overwrites the WIN.COM/NTLDR

W32/APost@mm ("APost" or "New Backdoor")

This  worm has been spreading through the Microsoft Outlook email program. This is a MEDIUM  ON WATCH worm. The infected email can come from addresses that you recognize and may contain the following information:

Subject: As per your request!
Body: Please find attached file for your review. I look forward to hear from you again very soon. Thank you.
Attachment: README.EXE

Running the attachment causes the worm to copy itself to  the Windows directory and send a copy of itself to every entry in the user's Microsoft Outlook Address Book. It will then display a small dialog box titled "Urgent!". This dialog box contains one single large button labeled "Open". If this button is pressed then the worm sends out further copies of itself, displays an error message box with the title "WinZip SelfExtractor: Warning" and then terminates.

W32/Navidad@M

This is an Internet worm that spreads using the Windows email program Outlook. McAfee AVERT has given it a risk assessment of MEDIUM-ON WATCH, due to a significant increase in infection levels worldwide.

The email can come from addresses that you will recognize. Attached is a file named NAVIDAD.EXE and when it is run, it displays a dialog box entitled, "Error" which reads "UI". A blue eye icon then appears in the system tray next to the clock in the lower right corner of the screen, and a copy of the worm is saved to the file "winsvrc.vxd" in the WINDOWS SYSTEM directory.

If your PC becomes infected with the W32/Navidad@M worm, all subsequent emails addressed to you will be responded to automatically with an email from your address with the W32/Navidad@M worm as an attachment.