How computer threat spreads
There are three major categories that cause the biggest damage, that we need to focus on: Viruses, worms, and email worms.
Starting with viruses, a virus consists of a piece of executable code hidden inside a file. This file can be a program file, like an infected executable, or even within a document, like a Word doc file for example. Once the infected executable is launched by the user, or the document opened, the virus is activated and it loads itself in computer memory; from that point on it begins searching for storage drives and look for other files that it can infect, and then alter them by adding the infected code to these files. It can spread through boot sectors as well; an infected hard drive and mostly floppy disks were the most common way for viruses to reach other computers and several years ago, when floppy disks were commonly used as a way to exchange data, viruses had a great way to spread from one computer to another. However it is to be observed that this way of spreading around is not the most effective one; there must be some kind of user interaction before the virus is loaded, and therefore if nobody is using the computer, the virus will not be activated.
The second category we need to focus on, are computer worms. This type of computer security threats was very effective years ago when it began to spread around, and remains very dangerous today as well. A computer worm is a sneaky piece of code that has the ability to spread itself over a network (the Internet) and infect other computers, in an unattended mode – no user interaction is needed for the computer worm to spread around. The computer worm works by scanning the Internet and local networks for computers that are affected by certain known security vulnerabilities and bugs. For example, a computer worm known as Sasser was looking for a certain service running on Windows based computers (lsass.exe) and infected the machine by exploiting a certain security vulnerability existing in Windows based computers at the time. The computer worm exploits the security flaw by remotely connecting to a known server port and sending malformed data packets to these opened ports on the remote machine; the remote computer is tricked into executing the code provided in the malformed data packet, usually through a technique known as buffer overrun, and from then on the remote machine is infected and acts as a slave, and starts spreading the computer worm even further; this is why worms can infect millions of computers worldwide, in just a couple days.
Finally, the email worm which is getting more dangerous and comes in various flavours lately. But the way it works is pretty much the same. The email worm is a combination between a virus and a computer worm. It comes trhough an email that contains an attachment, and the attachment actually contains the worm. Such emails are very well crafted, and they usually trick unsuspecting computer users into opening them; therefore there is a point where user interaction is needed when dealing with an email worm. Once the attachment is opened, the worm becomes active and starts doing the harm. What it usually does is infecting various files on the computer, harvesting email addresses from your email address book and sending infected emails to all addresses it can find. Due to the sneaky way it gets into remote computers, email worms are the most dangerous security threat active today.