These are the 'superstars' of the security world, in that they consistently receive the most publicity in the mainstream media, and are most well known by the average user. The high profile outbreaks of recent years such as Sasser and Netsky have brought these to the public's attention.

Thankfully, their high profile has helped us to an extent - we are now more likely to be aware of them, the risks they present, and also the tools available to combat them.

Viruses behave exactly like their biological metaphor - they infect another program and replicate themselves by using the resources of the machine they are on, and these copies go out looking for other machines or programs to infect.

Before the Internet boom of the 90s, they largely spread via floppy disks, and would tend to be viruses which embedded themselves in other program files. When the user next fired up the infected program the virus was activated (generally loading itself into the memory of the machine) so that it could then infect other files the user opened. This way, many programs on the machine could become infected in a short time, and if the user passed a copy of an infected file on to someone else, they would in turn become infected.

Since the popularisation of the Internet, and email in particular, the majority are what are known as macro viruses. These are written in a scripting language, such as VBScript or Visual Basic for Applications (VBA) which is used to create macros in applications such as Microsoft® Word®, Microsoft® Excel® or Microsoft® Access®. This means that they infect data files rather than applications, enabling them to spread more easily, since the sharing of data is more common than that of programs. Once a user opens an infected file, they are infected.

Payloads
Viruses are sometimes benign, replicating but doing no real damage, but some include a 'payload'. This is the description given to the malicious activity which it carries out - deletion of files, overwriting data with rubbish, and so on.

These are a distinct category from viruses, but the term virus is often used to describe both. The distinction is that a virus requires a 'host' program or file in order to work, whereas a worm exists and spreads on its own.

A majority of current infections are by worms, and in particular use email to propagate themselves - typically arriving as an attachment to an email, so opening it activates the worm. Once active, it will attempt further infections - often by mailing itself to everyone in your email address book or looking for other machines on the network. Many of the recent 'famous' outbreaks have been worms, such as ILOVEYOU and Sasser (although the latter uses the Internet rather than email for propagation).

Payloads
As with viruses, worms can also include payloads, which perform the same kind of malicious actions.

As the name might suggest, a trojan is software which seems legitimate but has hidden features which are malicious. As such, it will appear to be something useful (or at least non-harmful) like a joke program, and may even carry out this function, but it will also carry out hidden actions. These vary, but will typical involve acquiring access to your system, including opening backdoors across the Internet or logging user's passwords.

Payloads
By its definition, a trojan is part legitimate-seeming software, part payload.