You have been working feverishly on a report all morning, when the network dies. Suddenly you hear your network administrator crying "Code Red, Code Red!" from three doors down. The information technology department's white board becomes covered with markings that look like plays you had only seen in a football team's locker room. Confusion turns to panic within your company, and it is only 9:30 a.m. Network downtime means big losses.

The situation of a company's system being invaded by a malicious program is more common than management often knows. Not your company, right? With more than 57,000 virus threats today, chances are that your company has been affected. The good news is that there are many forms of inoculation that can have prevented a crisis.

WHAT IS A VIRUS?
There are many misconceptions about viruses. A virus is a program created with malicious intent to perform an unwanted action and will typically try to infect as many files or computers as possible. Some viruses are benign and will not harm your computer, but others can be destructive by rewriting or destroying data.

Viruses can be further differentiated as a Trojan or worm. A Trojan is appropriately named from the Greek myth, because it is a virus disguised as something else, such as a comedic e-mail forward or a spreadsheet. A worm is a virus that reproduces itself without human intervention. Worms are often the most publicized because of their ability to propagate rapidly and create mass havoc.

Far from the common perception, virus programmers are not the hidden geniuses of the underground computer world. Almost every widespread virus has attacked a known vulnerability. Usually a weakness of a program has already been discovered, publicized, and the software vendor has created an update to "patch" the problem. Viruses spread by exploiting the publicized vulnerability and prey on users and companies that have not updated their software.

PROTECTION
Each virus is programmed to perform a specific course of action. Anti-virus vendors derive known virus patterns and store them as "signatures." Every time an anti-virus program scans a file, it compares the file to its database of virus signatures to determine if the file contains a known virus. The key word in this solution is "known."

Just because you have anti-virus software does not mean you are protected. Anti-virus only works as well as its signature file, and the signature file will only protect against known viruses. Updating signature files on computers is critical to protect against the most recent viruses. More than 700 security vulnerabilities in operating systems, servers and applications were publicly disclosed in 1999. Older signature files cannot protect against the newfound exploits.

If a virus is detected, the anti-virus will attempt to "disinfect" or "clean" the file to get rid of the virus. If the file cannot be cleaned, it will be deleted from the system to prevent the virus from spreading.
The best prevention tip is to be cautious of all files. Do not open files from an unknown or untrustworthy source, especially if you are not expecting the file. Worms often spread by using an infected computer's address book to resend itself to the stored e-mail addresses. This means viruses can come from people with whom you would normally do business or communicate online.

How CAN IT AFFECT MY BANK?
Within the banking industry, viruses are potentially harmful because of the sensitivity and confidentiality of customer data. Regardless of whether a virus infects your network or one of your vendors, your customers' data is at risk, and your reputation is on the line.

Proactive institutions can take advantage of penetration testing. Penetration tests verify that you have properly secured your Internetaccessible systems from attack. Penetration testing will not only find vulnerabilities that viruses take advantage of, but well-conducted assessments will also detail other weak points that are potentially susceptible to future viral attacks.

What happens if you get a virus? The best approach is to perform what is known as a forensic analysis to determine the impact of the virus. Companies with little security expertise or those that are understaffed can hire external specialists to diagnose the network for damages.

PAST VIRUSES
One of the fastest spreading viruses in history was the Melissa worm. Distributed in March 1999, Melissa was actually a Microsoft Word macro, a mini program created within the document. This particular macro would send an e-mail messages with the subject "Here is that document you asked for ... don't show anyone else ;-)" to the first 50 addresses in the infected computer's Microsoft Outlook address book, attaching a copy of itself.

The initial impact of Melissa was massive. Curiosity to open an unknown document caused large organizations to generate up to half a million e-mail messages in only a few hours. Even Microsoft was forced to shut down its outbound and inbound e-mail servers as a result.

The world next felt the impact of the ILOVEYOU worm. Originating from the Philippines in May 2000, this worm gained momentum through the emotional appeal and curiosity of computer users who received an e-mail from a known person with the subject "ILOVEYOU." Known as "social engineering," exploiting human nature through emotional appeal is a common tactic used by malicious attackers.

Computers infected with the ILOVEYOU worm did not stop propagating after the first 50 e-mail addresses as its predecessor Melissa, but instead sent e-mails to everyone in the computer's address book. In just five hours, ILOVEYOU spread to tens of thousands of individual users as well as the Central Intelligence Agency, Ford Motor Company and Britain's Parliament. Victims in Asia, Europe and the Americas were forced to shut down corporate servers, and individuals had personal files overwritten.

Yet another worm was named for the new flavor of Mountain Dew, called "Code Red." On July 13, the initial version of Code Red was launched, which exploited a common Web server, Microsoft Internet Information Server (IS), resulting in a vulnerability that was known for more than a month. Microsoft had already developed and released a patch for the vulnerability that was readily available online, which would have prevented the Code Red worm from exploiting an IIS Web server and spreading over the Internet.

Unlike Melissa and ILOVEYOU, Code Red did not spread through e-mail, but self-propagated by infecting Web servers. In only a few days, Code Red had infected nearly 300,000 Web servers and attacked the White House's Web site before going into hibernation. Revived Aug. 1, the menace infected another 250,000 systems by the day's end. Three short days later spawned a new breed of the worm, Code Red II, which exploited the same vulnerability but spread even faster. Few individuals became infected, but many felt the wrath through slow Internet connections and downed Web sites.Code Red has infected more than 1 million computers and caused $1.1 billion in cleanup and $1.5 billion in lost productivity.

The most recent craze instilled upon the public, hitting both home and corporate users, is the Nimda worm. Nimda was discovered on Sept. 18 and spreads via e-mail, shared drives, folders or files, and infected Web pages. Nimda exploited some of the same vulnerabilities that other worms have in the past. Again, if the affected applications were patched, Nimda would not have been able to spread.
Nimda's primary goal is simply to spread over the Internet and local intranets. Its initial impact forced employees to work without e-mail and Internet access, while corporations attempted to disinfect their systems. In only three days, Nimda infected more than 2.2 million computers, causing more than $530 million worth of damages worldwide.

Viruses exploit software vulnerabilities, as well as individuals and companies. Even after each virus is eradicated, another will appear to take its place. Computer threats will never cease; the best protection is prevention - applications and anti-virus programs should be updated regularly. Ongoing penetration testing will