EICAR refers to the European Institute for Computer Anti-Virus Research. The Institute provides an independent and impartial platform for IT security experts in the field of science, research, development, implementation and management. The aim is to develop best practice scenarios and guidelines with the efforts of a bundled Know-how-pool. EICAR can be found at http://www.eicar.org.

The WildList is a list of the most common computer viruses found spreading around the world at the present time. The list is available on the website of WildList Organization International. Joe Wells and Sarah Gordon founded the organisation in 1996. They work closely with anti-virus professionals and volunteers around the world to update the list regularly, aiming to provide accurate, timely and comprehensive information about current computer viruses. The organisation makes the WildList available to the public free of charge.

Although a computer virus can write to (and corrupt) a PC's CMOS memory, it can NOT "hide" there, because CMOS memory is not "addressable". A malicious virus could alter the values in CMOS as part of its payload, causing the system to fail on reboot, but it cannot spread or hide itself in the CMOS. A virus could use CMOS memory to store part of its code, but executable code stored there must first be moved to the computer's main memory in order to run. There is no known virus that stores code in CMOS memory. There were reports of a "trojanised" AMI BIOS. This was not a computer virus, but a "joke" program that did not replicate. The malicious program was not on the disk, nor in CMOS, but was directly coded into the BIOS ROM chip on the system board. If the date is 13th of November, the virus stops the boot process and plays ' Happy Birthday ' through the PC speaker.

There are viruses that can corrupt the system BIOS; one example is the CIH virus, also known as Chernobyl or Spacefiller.

In 2007, malicious code for mobile devices evolved to a complexity that took 20 years on desktop PCs. For example, there are already blends of Trojan Horses and viruses that can spread through mobile phones using multiple wireless protocols. This could be problematic, as current mobile devices and platforms do not support sophisticated anti-virus software.

A pure data file such as a TXT file, is not susceptible to virus and malicious code infection. However, viruses and malicious code can infect data files embedded with executable code. For example, there have been some viruses and malicious code spread via Microsoft Word and Adobe PDF documents.

A macro virus is a program written in the macro language provided with some software applications (word processors, spreadsheets, etc.). To propagate, macro viruses exploit the capabilities of the macro language to transfer themselves from one infected file (document or spreadsheet) to another. For example, when a Word document containing infected macros is opened, the virus usually copies itself into Word's global template file (typically NORMAL.DOT). Any document opened or created subsequently will be infected. Macro viruses become part of the document itself, and are transferred with the file, further infecting other files.

Like all computer viruses, macro viruses can destroy files and data. In some cases, a macro virus might reformat all the hard drives in a computer. While most of the known macro viruses are not so destructive, but more of a nuisance, the loss of productivity and time is what affects users the most.

You should backup all data files regularly, install and enable real-time protection using anti-virus software with the latest virus signatures and detection and repair engines, and conduct full system scan periodically.

Yes. The first Access macro virus JETDB_ACCESS-1 was able to infect the Microsoft Access 97 database. Once infected, the virus would search and infect all .MDB files in the current directory, the parent of the current directory, and the root directory.

You should take the following security precautions when surfing the Internet:

• Ensure that your operating system and software on your computer have the latest security patches.
  
• Enable real-time scanning of anti-virus software and use the latest virus signatures and corresponding detection and repair engines.
  
• Avoid visiting suspicious/un-trusted websites.
  
• Do not execute unsigned ActiveX controls, or ActiveX control from un-trusted sources. If possible, disable active scripting in your browser settings.
  
• Avoid downloading programs from un-trusted websites, since they carry a high risk of virus infection.

Viruses do not infect plain electronic mail messages with plain text formatting and no executable code. However, HTML emails, which can contain executable scripts as well as files attached to the email message, may be infected. Nowadays, most anti-virus software can be configured to scan emails and their attachments.

A hoax virus-warning message is an untrue rumour, warning or alert initiated by malicious individuals, with the aim of tricking a recipient into believing the message. Typical examples of these messages include hoaxes related to new computer viruses, promotions, or other hot issues attracting public interest. Hoax messages usually have one or more of the following characteristics:

• They use technical jargon and complex technical descriptions.
  
• They ask recipients to send or forward the message to everyone they know.
  
• They do not contain sender information, or use bogus sender information.

Although most hoax messages do not cause direct harm to computers, they may contain untrue information and thus cause unnecessary confusion or even panic for recipients. Forwarding hoax messages consumes network bandwidth and system resources, and is a waste of the recipients' time in reading such messages.

The proper way to handle Internet hoax messages is to simply ignore them. In order to help reduce the spread of Internet hoax messages, DO NOT:

• Circulate messages with an unknown origin without first validating them against reliable/authoritative information sources.
  
• Forward any hoax to others.

Firewalls themselves do not screen out computer viruses or malicious code. But because the location of firewalls within a network is usually a good place for virus scanning to take place, some firewalls have plug-in virus-scanning modules. In addition, some programs are available that can scan for viruses at a point either before or after the firewall. It is worth noting that scanning all FTP or HTTP traffic may add a heavy overhead to the network. A firewall is only one of many entry points for viruses; they can also get into a local intranet through other means, such as via floppy disks, removable storage media and emails.

A virus-scanning engine is the program that does the actual work of scanning and detecting viruses, while signature files are the "fingerprints" used by scan engines to identify viruses. New versions of a scan engine are released for a number of reasons. New types of viruses or other malicious code, such as spyware, may not be detected by the old engine. Updated scan engines also have enhanced scanning performance and detection rates. Some vendors provide updates for both the scan engine and signature files in a single file, while others provide them in separate files.

It is important that computer systems and networks are updated with the latest virus signatures on a regular and timely basis in order to effectively detect and block the latest viruses and their variants, especially during outbreaks of high-threat viruses. To enhance the virus signature updating process, organisations should consider automating the operation of updating all network-connected computers when computers are in operation or logged in to a network server. Organisations may also consider implementing automatic virus signature update systems available from major anti-virus software vendors.

Most likely, the operating system or other programs are using the infected files you are trying to clean. It is better to restart the machine in Safe Mode, then clean the files with anti-virus software or use other removal tools for the particular virus.

Anti-virus software not only detects viruses, but also other types of malicious code, which may not be possible to clean. A Trojan horse is a type of malicious code that should be deleted instead of trying to clean it. In some cases, the virus may have corrupted the file and made it impossible to recover. Nevertheless, there are some tips to improve the success of cleaning away a virus from a file:

• Use the latest virus signature files and detection and repair engine from the anti-virus vendor.
  
• Make sure there is enough free space on your disk.
  
• Check if the removal instructions or if an automatic removal tool is available from anti-virus vendor websites.
  
• If still unsuccessful, obtain a virus sample and send it to your anti-virus vendor for advice and recommended action.

Another similar cause is direct Internet connections in the office, such as broadband or dial-up modem access arranged for individual staff, which effectively bypasses the perimeter defence measures provided by the centralised Internet gateway. Notebook computers that have been infected with virus when used outside the office, and are then used by staff in the office are another source of infection.

In addition, there are viruses that can ride on software vulnerabilities and cannot be effectively stopped unless the corresponding security patches have been applied. Notwithstanding the above, user awareness of security best practices also plays a very important role, and users should always be wary when handling files and emails. They should not open or forward suspicious emails or their attachments to reduce the possibility of virus infection.

If an email downloaded from an external ISP contains a virus and the user's workstation does not have appropriate virus protection (i.e. auto-protection by anti-virus software with the latest virus signatures), the workstation could easily become infected. The infected machine may further proceed to infect files on interconnected servers and directories, spreading the virus through internal networks and triggering a massive infection. Deploying a central managed Internet gateway is an effective solution, providing an additional layer of virus protection and blocking risky emails and file attachments, such as those with the extension .EXE. Moreover, it is relatively easy to conduct timely and regular updates to the central gateway using the latest virus signatures, rather than trying to update all user computers. It is thus much more reliable and secure.

Malicious code is any program that causes undesirable effects on an information system. Examples of malicious code include computer viruses, network worms, trojan horses, logic bombs, spyware, adware and backdoor programs. Because they pose a serious threat to software and information processing facilities, precautions must be taken to prevent and detect malicious code.

A worm is a program that spreads over a network. Unlike a virus, a worm does not need to attach itself to a host program for propagation. Some worms use email to spread, sending themselves out as an attachment to other users. Some of them exploit the vulnerabilities in software running on a victim's machine, aiming to take control of those systems. Some worms also spread by using cross-site scripting vulnerabilities in web servers or services.

A Trojan or Trojan horse is a software application that pretends to provide legitimate functionality, but actually carries out malicious functions, exploiting the legitimate authority of the person who starts up the program. It can be used as an attack tool to capture sensitive information such as user accounts and passwords. Unlike a virus, a Trojan does not replicate itself. It spreads usually by enticing the user to install software such as "shareware" which is embedded with a Trojan horse.

Spyware is a type of software that secretly forwards information about a user's online activities to third parties without the user's knowledge or permission. The information is mainly used for purposes related to advertising. For example, sending spam emails to the user in order to deliver targeted advertisements by marketers. Some spyware might also be able to steal a victim's files or even keystrokes to gain sensitive and personal information.

Adware is a type of software that displays advertising banners while a program is running. Most adware is also spyware. In many cases, freeware developers offer their products free-of-charge to users, receiving financial support from adware marketers by bundling adware into freeware products.

You should carefully read the terms of use before installing any freeware or shareware. The use of freeware and shareware may sometimes imply that you agreed to install adware systems as well.

A rootkit is a program/tool designed to gain root or administrator access to a system. It often has malicious intent without going through proper authorization and/or authentication processes. A rootkit might consist of backdoor programs as well as tools to hide any trace of hacking activities.

A botnet is a network of zombie computers under the remote control of an attacker.

Strictly speaking, there is no such thing as "file infected by a Trojan or a worm". One difference between a virus and a Trojan or a worm is that a virus will replicate itself to a clean file, which will in turn infect other clean files when the infected file is executed or opened.

A Trojan is a malicious program installed on an infected computer which does not attach itself to any file. Worms are also malicious software that spread across networks but do not replicate onto a clean file. Therefore, there is no file to repair when it comes to a Trojan or a worm.

The following are some best practices to avoid being caught by phishing scams:

• Do not respond to emails that request personal information (such as passwords), or follow URL links from un-trusted sources and suspicious emails. In this way, you can avoid being re-directed to malicious websites by links that seem legitimate.
  
• Verify the legitimacy of websites for organizations such as banks by contacting the organization by traditional mail or telephone.
  
• Type the URL to the desired website manually, or use bookmarks you have saved previously when visiting important or crucial websites.
  
• Log into any online accounts you have regularly to check the account status and last login time; determine whether there has been any suspicious activity.
  
• Always be wary when giving sensitive personal or account information over the web. Banks and financial institutions seldom ask for your personal or account information through email. Consult the relevant organization if in doubt.
  
• Always ensure your computer is updated with the latest security patches and virus signatures. This will reduce the chance of being affected by fraudulent emails or websites riding on software vulnerabilities. This also helps protect your computer from other security or virus attacks.
  
• Consider using desktop spam-filtering products to detect and block fraudulent emails; however, beware of false alarms.
  
• Send any phishing emails you receive to the relevant organization and/or the police for further investigation.

The following best practices can help protect your computer from being taken over as a zombie:

• Install and enable proven anti-virus and personal firewall software on your computer.
  
• Update your anti-virus software frequently with the latest virus signatures.
  
• Keep your anti-virus software up-to-date, because outdated anti-virus software can be ineffective when it comes to newly discovered viruses.
  
• Apply the latest security updates and patches to any software you use.
  
• Disconnect your computer from the Internet when not in use. Computers connected to the Internet all the time are at constant risk of infection, and they have a greater likelihood of being hacked.

In addition, users should:

• Enable real-time detection to scan, for example, email attachments, files on removable media, and files downloaded from the Internet.
  
• Schedule a regular full system scan.
  
• Regularly review and apply the latest security patches/hot-fixes released by product vendors for operating systems and application programs.
  
• Before installing any software, verify its integrity (e.g. by comparing checksum values) and ensure it is free of computer viruses and malicious code.
  
• Avoid using personal Internet email, which is more susceptible to computer virus infection. If personal Internet email services must be used for business purposes, emails should be downloaded to an isolated computer via a dedicated Internet connection.
  
• Always boot from the primary hard disk. As far as possible, do not boot workstations from removable storage devices.
  
• Backup your data regularly.

If you suspect your computer is infected, you should stop using it, because that may spread the computer virus or malicious code further. If it is your office computer or mobile device, you should report the incident to the management and LAN/System Administrator immediately.

While you can use anti-virus software to clean malicious code, it may not be possible to fully recover infected files. You should replace any infected files with original copies from your backup systems. After recovery, a complete scan of your PC and other removable storage media is vital to ensure everything is now free of viruses or malicious code.

The following should also be considered:

On the network side:

• Install anti-virus and content filtering gateways to scan all incoming and outgoing traffic. The gateway should stop messages or files with malicious content, quarantine / drop them, and create audit logs for reference.
  
• Regularly review and apply the latest security patches/hot-fixes from product vendors to the network operating systems and gateway devices.
  
• Apply the same security protection measures to both production systems and the development / testing systems.
  
• Perform full system scans on all computers before connecting them into your networks.
  
• Perform full system scans after every installation of a new machine, service maintenance and installation of new software.

On the server side:

• Always boot from the primary hard drive. If the server must be booted from removable storage media (such as USB drives, USB hard drives, CD, DVD), the removable media must first be scanned for malicious code.
  
• Regularly review and apply the latest security patches/hot-fixes from product vendors to operating systems and application programs.
  
• Enforce access controls to protect the server. For example, directories containing applications should be set to 'read only'. The 'Write' and 'Modify' access right should be granted on a need-to-have basis only.
  
• Use document management solutions when sharing documents so as to minimize any potential propagation of infected files in an uncontrolled manner.
  
• Scan all newly installed software before it is released for general use.
  
• Schedule regular full-system scans.
  
• Perform regular data backups.

In addition, administrators should keep abreast of the latest security advisories by, for example, subscribing to online security notifications and advisories. They should quickly disseminate critical and major computer virus alerts to all end-users, educate users about the impact of massive malicious code attacks, and ensure users follow best practices to protect their workstations against computer viruses and malicious code.