CyberSoft has established the following matrix for determining a potential threat’s severity. It should be understood that only threats which have been identified in the wild will be added to this list. Although we make definitions for zoo or hobbyist viruses, they pose no risk to individual or organizational systems; however, the definitions are done in the event of one of these variations getting into the wild.
Since all viruses listed are “wild”, there is already probability of it spreading. To further identify threat levels, we will consider two additional components - these are subjective based on CyberSoft’s 14 plus years of experience in identifying and creating patterns for threats.
Infections/Propagation
This is based on the number of systems already infected at time of detection and the perceived ability for a virus to propagate itself to other systems. For instance, a mass mailing worm discovered on 100 systems at the time of detection would be rated much higher than a Trojan horse that is obtainable through a direct download.
Damage
Factors here go along with a threat’s ability to damage an infected host system, how quickly it can clog bandwidth, or prevent a critical system from performing effectively. For instance, a virus that erases critical components of an operating system will be rated much higher than a file that just alters some configuration files that cause minor annoyances.
Red – Severe
A threat that carries this rating is highly damaging and has been spreading extremely fast. It is imperative that all systems update their virus definitions immediately. Infected Systems may also require a complete reinstallation of the operating system or shutdown for a temporary period of time.
Orange – Significant
This rating is assigned to threats that are extremely damaging and have infected over 500 systems. Although the speed at which it propagates may be low, the number of current infected systems is cause for concern. It is necessary for all systems to download the latest definition or system patches immediately.
Yellow – Moderate
A threat that does very little damage, but is spreading moderately will be given this rating. Threats of this nature are a major annoyance to the net, but can be stopped and contained quickly. They may have the capability to cause delivery delays in e-mail or other server traffic. As usual, updates or system patches should be applied as soon as possible. End-users should also be reminded to use caution when opening attachments from unknown senders. All Wild List Viruses are listed in this category
Blue – Low
This is the most common threat type. Essentially the virus has been identified in the wild and does very little damage or is not capable of spreading by itself. Many threats that fall into this category are Trojans, Macro Viruses, or Spyware. They are easily contained and removed from an infected system. It is always a good idea to keep your definitions up to date to prevent these minor inconveniences from happening to you. Threats of this type may also extract personal information so they should still be taken seriously.