It's almost as certain as death and taxes - the 'it' being the constant recycling of the age old conspiracy theory surrounding antivirus vendors. The (very) tired story usually takes one of two themes: that antivirus vendors are the ones creating the viruses; or that antivirus vendors have no real motive to do a good job because they are profiting from the existence of these viruses.

In 2006, the new year started with a bang. Microsoft was busy releasing an out-of-band patch for the WMF vulnerability (MS06-001), the Sober.X worm was gearing up to begin downloading new malware, and the Nyxem worm with its insidious payload began spreading in email using a variety of provocative subject lines that earned it the nickname 'the Kama Sutra worm'.

In the antivirus world, a signature is an algorithm or hash (a number derived from a string of text) that uniquely identifies a specific virus. Depending on the type of scanner being used, it may be a static hash which, in its simplest form, is a calculated numerical value of a snippet of code unique to the virus. Or, less commonly, the algorithm may be behavior-based, i.e. if this file tries to do X,Y,Z, flag it as suspicious and prompt the user for a decision. Depending on the antivirus vendor, a signature may be referred to as a signature, a definition file, or a DAT file.

Controversy - real or manufactured - surrounds the name 'spybot'. Staunch defenders of 'Spybot - Search & Destroy' claim spybot is the name of a product and they condemn antivirus vendors for using the term Spybot worm. And the developer of Spybot-S&D, Patrick Kolla, complained in June 2003 that another company threatened to enforce trademark privileges and prevent Kolla from using the name in his product. Still others claim that it is Patrick himself who has trademarked the term spybot.

In its simplest form, a keylogger trojan is malicious, surreptitious software that monitors your keystrokes, logging them to a file and sending them off to remote attackers. Some keyloggers are sold as commercial software - the type a parent might use to record their children's online activities or a suspicious spouse might install to keep tabs on their partner.

In 1983, Fred Cohen coined the term “computer virus”, postulating a virus was "a program that can 'infect' other programs by modifying them to include a possibly evolved copy of itself.” Mr. Cohen expanded his definition a year later in his 1984 paper, “A Computer Virus”, noting that “a virus can spread throughout a computer system or network using the authorizations of every user using it to infect their programs. Every program that gets infected may also act as a virus and thus the infection grows.”

A Trojan is a self-contained program that appears to be legitimate, but in fact does something malicious. Trojans do not infect other files as viruses do, nor do Trojans make copies of themselves as worms do.

Before discussing what a boot sector virus does, let's first take a look at what a boot sector is. A floppy disk or hard drive is comprised of many segments and clusters of segments, which (in the case of a hard drive) may be separate by partitions. There has to be a way to find all the data spread across these segments, hence the boot sector operates as a virtual rendition of a library's Dewey Decimal system. Each disk also has a Master Boot Record or (MBR) that locates and runs the first of any necessary operating system files needed to facilitate operation of the disk. When a disk is read, it first seeks the MBR, which then passes control to the boot sector, which in turn provides pertinent information regarding what is located on the disk and where it is located. The boot sector also maintains the information that identifies the type and version of the operating system the disk was formatted with.

OSX/Inqtana.A is a Java-based worm that exploits the directory traversal vulnerability in the Bluetooth file and object exchange services in Mac OS X 10.4 (Tiger). (For details on the vulnerability, see CVE-2005-1333).

The Leap.A worm has no similarities and is not related to March 2007 reports of the oompa loompa song repeatedly playing on Windows PCs. For details and a fix of the Oompa Loompa song on startup problem, see the "Oompa Loompa Song on Startup" entry. The following description is of the MacOSX Leap.A worm: