December 15, 2022
CISSP Study Guide: Malicious Code, Viruses and Worms
December 15, 2022
Malicious Code: Malicious code includes a series of programmed computer security threats that comprise various network, operating system, software, and physical security vulnerabilities to disburse malicious payloads to computer systems. This is any programmed code specifically designed to inflict, damage, penetrate, or break a system, and includes viruses, worms, Trojans horses, denial-of-service tools, logic bombs, and back doors. Harmful code such as viruses and Trojan horses, cycle through unsuspecting users who unknowingly spread from system to system, while others, such as worms, spread quickly through vulnerable systems without requiring any user interaction.
Viruses: Viruses are one of the earliest forms of malicious code to attack information systems and are pervasive with major outbreaks occurring regularly. Viruses harbor malicious payloads, some of which can cause the complete ruination of data stored on the local hard drive. It is estimated that there were approximately 65,000 strains of viruses on the Internet in early 2004. Viruses have two main purposes: propagation and destruction. The propagation function defines how the viruses move from system to system, while the virus’s payload executes the malicious and often catastrophic activity designed by the writer of the virus. Viruses fall into three broad categories based on their propagation methods: boot sector viruses, file viruses and macro viruses. Details and definitions below:
- Master Boot Record (MBR) viruses are the oldest form of viruses. It attacks the MBR of floppy disks or the hard disk drive the computer uses to load the operating system during the boot process. This type of virus is dispersed through the use of infected floppy disks and was highly effective when floppy disks were the main source of file sharing between systems.
- File viruses are executable files having .exe, .com or .bat file extensions and rely on unknowing users to run the file. Social engineering is usually tried to coerce the user to execute the file. Alternatively, the virus may replace an operating system file and would be released when the operating system attempts to execute that file.
- Macro viruses exploit the scripting functionality used by common software applications, such as the applications belonging to the Microsoft Office suite that may be loaded onto the system. This type of virus represents the most advanced form of virus programs and first appeared in the mid-1990s.
Worms: Worms contain the same harmful potential as viruses, but they’re not reliant on users to be spread. The Internet Worm was the first major security incident to occur on the Internet. Today hundreds of new worms have been released on the Internet. The catastrophic potentiality of these worms leaves the Internet in a perpetual state of risk. This calls upon system administrators to be proactive in ensuring the best security patches are applied to their Internet-connected systems.
Let's build your cybersecurity career together
Accelerate in your role, prepare for certifications, and develop cutting edge skills with the most in-demand training in the industry.
2,000+learning activities led by highly experienced cybersecurity professionals