CHAPTER 1.
INTRODUCTION
The main source of viruses today is the global Internet. Most virus infections
happen via e-mail. The facts that almost every computer has e-mail client
applications installed and that malicious programs are able to take a full
advantage of software address books in order to find new victims are favorable
factors for the distribution of malware. Without even suspecting it, the user of an
infected computer is sending infected e-mail messages to his or her contacts,
who, in turn, send new waves of infected messages and so on. It is not
uncommon when infected files, due to someone's negligence, enter commercial
mailing lists of large companies. In this case, the virus will affect not just five, but
hundreds or even thousands recipients of such mailings who then will send
infected files to dozens thousands of their contacts.
It is now acknowledged that for some companies information has become a more
important asset than their physical property or cash. At the same time, in order to
gain profit through the use of the information, it has to be available to the
company's employees, clients and partners. This raises the issue of data security
and, as its important element, the issue of protection of the corporate mail
servers against the external threats, preventing virus outbreaks within the
corporate networks.
1.1.
Computer viruses and malicious
software
The constant growth in the number of computer users and new possibilities of
data exchange between them via e-mail or internet result in the increased threat
of virus infections and data corruption or theft by malicious computer programs.
In order to be aware of the potential threats to your computer, it is helpful to know
what the types of malicious software (“malware”) are and how they work. In
general, malicious programs fall into one of the following three categories:
•
Worms
– malicious programs that belong to this category use network
resources for distribution. These programs were called "worms" due to
their ability to tunnel from one computer to another, using networks, email
and other channels. Due to this ability, worms can proliferate extremely
fast.
Worms penetrate a computer, determine IP addresses of other com-
puters, and send copies of themselves to these computers. Apart from the
network addresses, worms often use data contained in the address books
of e-mail client applications installed on the infected machine. Sometimes
worms create work files on disks, but they also can function without utiliz-
ing any resources of the infected computer except RAM.