Malicious Code


Criminals exist in every walk of life, including the computing world. An unfortunately large number of malicious pieces of code are floating around in the world, ready to seize control of, and potentially damage the data on, your computer. These malicious programs are often spread through messaging systems, either directly in mail messages themselves or as attachments contained in messages. As you’ll see in Chapter 13, “Securing Outlook,” there are a number of built-in Exchange and Microsoft Outlook features that allow you to limit the spread of these malicious programs, and there are many other remedial measures that you can take as well. It’s useful to understand a bit about how these programs work and what kind of threat they pose.

Types of Malicious Code

Malicious code (also known by the descriptive term malware) comes in three primary varieties:

  • Viruses are self-replicating programs that infect individual files or messages. The well-known Sircam and Klez viruses are great examples; once you’re infected, the virus code spreads to multiple files on your machine. Some viruses have destructive payloads; others don’t. Viruses have to initially be executed on a machine, which means that the user has to launch an infected program.

  • Worms are self-replicating programs that target services on a particular computer, but remain resident in memory instead of writing their contents to files on the local disk. Worms spread by themselves, without any action on the user’s part. CodeRed is probably the best-known Windows worm, with Nimda running a close second. As with viruses, some worms actually cause data loss, whereas others “only” use resources on the host machine to help them replicate.

  • Trojan horses (or just “Trojans”) are named after the legendary wooden horse that the Greeks delivered to the residents of Troy. They are malicious programs masquerading as something else. For example, as I was writing this chapter, I received a message claiming to be a Microsoft Internet Explorer 6 security patch. The message cheerfully informed me that if I’d run the attached program, I would be protected against the Klez virus, but my “antiviruses program might cry since the patch looks like of a virus” [sic].

How Malicious Code Does Its Work

The first step in the life cycle of a piece of malware is simple: a miscreant has to write the code and release it. The mechanism it uses to spread depends on how clever the author was and whether it’s a virus or worm. Viruses are most commonly spread through attachments to e-mail messages, although some exploit the ability of mail programs to display complex Hypertext Markup Language (HTML) and Java- Script messages. Worms typically spread by scanning a range of IP addresses, looking for machines that are running whatever service contains the vulnerability that the worm uses. Trojans can be spread as e-mail attachments or downloadable programs; it’s increasingly common to see bad actors sending Trojans through instant messaging programs like Microsoft Windows Messenger or AOL Instant Messenger.

Worms spread all by themselves because their whole raison d’ tre is to exploit vulnerabilities in system services that allow the attacker’s code to be run automatically. Viruses and Trojans, however, typically require the user to execute them, and that’s where the problem lies. Malware creators are fiendishly good at packaging viruses and Trojans so that they look innocuous. Users are, in general, not careful about running untrusted programs from unknown sources, and—until relatively recently—Microsoft hadn’t added sufficient security controls to Outlook to protect users from this unhappy combination. Fortunately, Microsoft Outlook 98, Microsoft Outlook 2000, and Microsoft Outlook 2002 have good protective tools either included or available. See Chapter 13, “Securing Outlook,” for details.




Secure Messaging with Microsoft Exchange Server 2000
Secure Messaging with Microsoft Exchange Server 2000
ISBN: 735618763
EAN: N/A
Year: 2003
Pages: 169

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net