In today's network environment, malicious code (or malware ) has become a serious problem. The target is not only the information stored on local computers, but also other resources and computers. As a security professional, part of your responsibility is to recognize malicious code and know how to respond appropriately. This section covers the various types of malicious code you might encounter, including viruses, Trojan horses, logic bombs , and worms. VirusesA program or piece of code that runs on your computer without your knowledge is a virus. It is designed to attach itself to other code and replicate. It replicates when an infected file is executed or launched. At this point, it attaches to other files, adds its code to the application's code, and continues to spread. Even a simple virus is dangerous because it can use all available resources and bring the system to a halt. Many viruses can replicate themselves across networks and bypass security systems. There are several types of viruses:
Here are some common viruses:
The viruses listed are a very small number of the total population of computer viruses. Viruses are growing at an alarming rate, and newer ones do more damage as virus writers get more sophisticated. In any case, viruses cost you money due to the time it takes to clean the software and recover lost data. Virus HoaxesA virus hoax uses system resources and consumes users' time. Many times, they come in the form of a chain letter bragging of free money. There also have been hoaxes sent telling users to delete files from their systems or informing them a certain program has a logic bomb. If there is any doubt as to whether the virus threat is real, you should do a little investigative work. Many good Web sites list these hoaxes. Check out the following sites for more virus information:
Trojan HorsesTrojan horses are programs disguised as useful applications. Trojan horses do not replicate themselves like viruses but they can be just as destructive. Code is hidden inside the application that can attack your system directly or allow the system to be compromised by the code's originator. The Trojan horse is typically hidden so its ability to spread is dependent on the popularity of the software and a user 's willingness to download and install the software. Some Trojan horses include the following:
As with viruses, Trojan horses can do a significant amount of damage to a system or network of systems. Logic BombsA logic bomb is a virus or Trojan horse that is built to go off when a certain event occurs or a period of time goes by. For example, a programmer might create a logic bomb to delete all his code from the server on a future date, most likely after he has left the company. In several cases recently, ex- employees have been prosecuted for their role in this type of destruction. During software development, it is a good idea to bring in a consultant to evaluate the code to keep logic bombs from being inserted. Although this is a preventative measure, it will not guarantee a logic bomb won't be inserted after the programming has been completed. WormsWorms are similar in function and behavior to a virus, Trojan horse, or logic bomb, with the exception that worms are self-replicating. A worm is built to take advantage of a security hole in an existing application or operating system and then find other systems running the same software and automatically replicate itself to the new host. This process repeats with no user intervention. After the worm is running on a system, it checks for Internet connectivity. If it exists, the worm then tries to replicate from one system to the next . Some examples of worms include the following:
Many variants exist to each of these worms. Many times they are quite difficult to remove, so antivirus companies have downloadable tools available to remove them.
You can take several steps to protect your network from malicious code:
|