2.6.1 Basic Malicious Code

Malicious code is designed to hurt a system. Some of it shuts the system down, some shares its secrets, some shares secrets and then shuts it down. A security administrator needs to be familiar with at least the basics of malicious code. There are four primary categories:

  1. Viruses – A virus is a small code string that piggy backs on valid programs. For example, a virus might attach itself to a program, such as a word processor or spreadsheet. Each time the program runs, the virus activates too. It usually seeks out other programs it can attach to, and by this means, reproduces. It then installs its payload, which is a malicious action ranging from a prank display to a system destroyer.
  2. E-mail viruses – A special variation of the virus travels in e-mail messages. This kind of attack usually reproduces itself by mailing itself to the addresses it finds in the user’s directory. It is particularly troubling when a virus is advanced enough to create a subject line that compels the receiving victim to open the e-mail. E-mail viruses can be very embarrassing in business situations, where clients may be compromised as a result of trying to see what was in the e-mail.
  3. Worms – A worm is a code snippet that exploits computer networks and security holes to reproduce itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there. Worms originally did not much more than demonstrate self-replication; however some of the most damaging malicious code recently has been worms that carry destructive payloads, such as the Code Red worm.
  4. Trojan horses – A Trojan horse is simply a computer program. The program claims to do one thing, such as be a game or a form to fill out to win a prize, but instead it does damage when it runs. It may also send the contents of a form, and send it back to a central collection point. Some pop-up programs, which lay dormant and then pop-up with advertising offers are actually Trojan horses.