Lagos — The original definition of a computer Virus was a programme that copied itself from one disk to another, usually without the knowledge or consent of the user. Like a biological virus, it attached itself in the code of a legitimate programme's executable file, or frequently within some component of the computer's operating system.

Throughout the 1990s, as new hardware and software technologies were developed, malicious little programmes were deployed that took advantage of oversights in security.

In many ways the so-called computer virus is similar in respect to the biological viruses and it is from there many believe the name was derived.

The distorted picture of computer viruses has led to confusion, ignorance and panic among users.

It's impossible for a computer virus to travel without the help of people and cannot infect your system unless a user, either deliberately or accidentally, executes an infected programme.

The normal targets of the computer virus are File Allocation Table (FAT) of hard drive.

Some viruses attach themselves to any or all COM files (such asCOMMAND.COM), EXE files or other hidden system files while other viruses will infect the boot sectors of the floppy diskettes.

Computer experts may want to discuss virus code as different from Trojan Horse code or worms but today, almost every reference to purposefully malicious computer code is called a Virus.

The latest virus called "MSBlast" is a piecemeal compilation of programmes cobbled together to do a single job: spread across the Internet.

The Frankenstein's monster refers together a widely available file server, one of several public programmes to exploit a widespread windows flaw, and common techniques for compromising computers.

The Frankenstein's monster used to refer to the wonder creation of man which turned to consume the maker

The virus - also known as W32/Lovsan.worm and W32.MSBlaster - is successful not because its creator was knowledgeable about programming, but because a great many people whose computers are connected to the Internet are still ignorant of security.

The threat of the virus is real and dangerous because by mid afternoon Monday ,last week the virus had infected at least 7,000 computers in a matter of hours, according to data provided by security company, Symantec.

"You are not going to see the rapid uptake of Slammer. However, it could easily be as large as Code Red," said Symantec's senior director of engineering, said Mr. Alfred Huger, referring to the lightning-fast Slammer worm, which

hit Microsoft SQL servers in January, and the Code Red worm, which gobbled up servers in July 2001.

The Code Red worm spread slowly at first, then quickly, after someone modified the programme to fix a flaw in its code.

Huger said it was likely that an online vandal would take on the task of modifying MSBlast as well.

"I think there is a really strong chance that this will be modified and re-released, if not today, then this week, it's very simple to unpack and very simple to modify." Huger added.

The introduction of the MSBlast worm ends nearly a month of speculation over when a programmer would commit the obvious crime of writing a worm to take advantage of a vulnerability in a widely used feature of Microsoft Windows.

The worm pieces together code to exploit the most recent major flaw in Windows with publicly available tools, such as the Trivial File Transfer Protocol (TFTP) server.

The worm could turn out to be quite an irksome bug for Microsoft.

Many said it reinforces the notion that despite the software giant's 18-month-old Trustworthy Computing initiative, Microsoft software still has security issues.

And it also aims to attack the company's network directly.

Experts warned that starting on Aug. 16, every computer infected with MBlast will start flooding Microsoft's Windows for update service with legitimate-looking connection requests.

MSBlast's first attack will last until the end of the year, security researchers said, adding that the coding of the worm will cause it to continue the attack in the latter half of each month for the first six months of 2004.

The worm contains two messages in its code.

One is addressed to Microsoft founder Bill Gates: "billy gates why do you make this possible?" it says. "Stop making money and fix your software!!"

The other message is a "greet" - an underground programmer greeting - to another person, which could be a lead for any law enforcement agencies that pursue the worm's author.

Microsoft may find a way to deflect the attack, as did the White House's technical staff when the Code Red worm aimed a denial-of-service attack at the whitehouse.gov Web site.

The flaws in MSBlast may also slow it down. "The worm is obviously messing things up, and it's going to get worse," said Marc Maiffret, chief hacking officer for security software maker eEye Digital Security. "But if it wasn't using (such poor methods), it would be much more effective."

The worm attacks Windows computers via a flaw in a component of the operating system that allows other computers to ask Windows systems to perform an action or service. Microsoft warned about the flaw July 16.

The component, known as the remote procedure call (RPC) process, facilitates activities such as sharing files and allowing others to use a computer's printer.

By sending too much data to the RPC process, an attacker can cause the system to grant full access to its resources.

MSBlast installs the TFTP server and runs the programme to download the MSBlast code to the compromised server.

But the way the worm causes a compromised computer to download the file is very inefficient, Maiffret said.

Moreover, although MSBlast can detect whether a machine is already infected, it has to compromise the machine again before it can check.

Starting with a random Internet address, the worm sequentially scans for computers with the vulnerability.

Because the scanning process is not completely random, the worm will likely cause a lot of excess traffic on the network.

It also adds a registry key to ensure that the worm is restarted when the host computer is rebooted.

Experts have feared that a worm created to take advantage of the Microsoft flaw could have an effect similar to that of the Slammer worm that downed corporate networks in January.

That worm spread to corporate networks worldwide, causing databases to go down, bank teller machines to stop working and some airline flights to be canceled.

Six months earlier, a researcher had released code that exploited the major Microsoft SQL vulnerability used by the worm to spread.

Much of the damage caused by Slammer was due to the high volume of traffic that it caused. MSBlast's slower infection rate will likely mean that it will not cause as much damage.

Security experts and network administrators, however, continue to analyze the worm and patch their networks. Microsoft Windows users can update their operating systems through the company's Windows Update service.