Computer viruses have been around nearly as long as personal computers themselves.
The first ones to show up "in the wild"--that is, beyond wherever they were created--debuted in the early 1980s, spreading from one Apple II machine to another via shared floppy disks. (A Ph.D candidate coined the term "computer virus" in 1983). In 1988, a Cornell graduate student released the first major Internet virus, a self-replicating program that flooded what was then an academic-research network, disabling several thousand computers. (The student, who insisted the damage was unintentional, received a sentence of probation, community service and a fine.)
Over the next decade, as the number of homes and businesses connected to the Internet grew rapidly, so did reports of problems from viruses and other "malware" - malicious software such as worms and Trojan horses. (For a selected sampling of top threats, see Most Memorable Malware.)
By July 2006, experts had identified nearly 185,000 different viruses and other threats, according to malware expert Graham Cluely, senior technology consultant for Sophos plc, a U.K.-based British antivirus firm. That's up from an estimated 80,000 in early 2003. Threats proliferate quickly because as antivirus companies figure out how to eliminate one, several others--often closely related spin-offs--start popping up.
What do viruses and other malware programs do? Some replicate themselves, flooding e-mail accounts with so much junk mail that systems slow or shut down. Some modify, delete or move files. Some find and forward important data (such as passwords). Some deposit spyware, adware or other unwanted programs on computer hard drives.
More sophisticated ones open "back doors" that allow their creators to take remote control of computers to, for instance, coordinate a widespread attack on a particular website. Some are smart enough to disable antivirus programs. A newer threat, called a rootkit, conceals itself so that it can be run undetected by a computer's operating system or security software.
What's out there right now? Here are three of the threats most frequently reported to antivirus-software companies, as of July 2006:
In 2005 alone, U.S. companies lost $15.7 million to virus outbreaks, according to the 2006 CSI/FBI Computer Crime and Security Survey conducted by the FBI and the San Francisco-based Computer Security Institute. In fact, such attacks accounted for 74 percent of all security-related financial losses--more than system break-ins, stolen hardware or data theft, according to the 11th annual survey (Free download available; registration required).
While many of the participants--executives from more than 600 U.S. companies--weren't willing to estimate how much security problems cost them, those who did reported losses averaging nearly $168,000. Even for smaller organizations, malware can take a toll in terms of productivity: Another research organization, Mechanicsburg, Pa.-based ISCA Labs, says businesses typically lose about nine "person-days" to recovering from every malware incident.
How can companies protect themselves against such attacks? Experts recommend that you: