The damage that programmed threats do ranges from the merely annoying to the catastrophic—for example, the complete destruction of all data on a system by a low-level disk format, or the intentional corruption of account files by the introduction of untracable fictitious records. Many threats may seek specific targets—their authors may wish to damage a particular user’s files, destroy a particular application, or completely initialize a certain database to hide evidence of some other activity.

Disclosure of information is another type of damage that may result from programmed threats. Rather than simply altering information on disk or in memory, a threat can make some information readable, send it out as mail, post it on a bulletin board, or print it on a printer. This information could include sensitive material, such as system passwords or employee data records, or something as damaging as trade secret software. Programmed threats may also allow unauthorized access to the system, and may result in unauthorized accounts being installed, passwords being changed, or normal controls being circumvented. The type of damage done varies with the motives of the people who write the malicious code. In recent years, significant numbers of confidential documents have been revealed by computer viruses that randomly chose a Microsoft Word file on the victim’s hard drive and then sent this file (infected with a copy of the virus) to an email address randomly chosen from an address book ...