Malicious Code

The use of computers in industry has expanded dramatically in the last decade. With the use of this technology, working has become more convenient, faster and easier. It has become the spine of the business and requirement as well. However, ensuring the security of the processes and the privacy data of these machines access is a difficult dilemma.

Many companies around the world lost vast amounts of time, money and resources due to poor defense systems and lack of knowledge in computer security. Companies must ensure that all data processing equipment are tough enough to withstand any type of malicious attack.

A malicious code is a code causing damage to a computer or system. It is a code not easily or solely controlled through the use of anti-virus tools. Malicious code can either activate itself or be like a virus requiring a user to perform an action, such as clicking on something or opening an email attachment.

Malicious code does not just affect one computer. It can also get into networks and spread. It can also send messages through email and steal information or cause even more damage by deleting files. It can be in the form of scripting languages, ActiveX controls, browser plug-ins, Java applets and more.

Malicious codes can come in various forms. The following are the most common types of malicious codes:

Computer Virus

A computer virus is a self replicating computer program which can attach itself to other files/programs, and can execute secretly when the host program/file is activated. When the virus is executed, it can

perform a number of tasks, such as erasing your files/hard disk, displaying nuisance information, attaching to other files, etc. Computer Virus includes memory-resident virus, program file virus, polymorphic virus, boot sector virus, stealth virus, macro virus, and email virus.

Worms

A worm is a self-replicating program that does not need to attach to a host program/file. Unlike viruses, worms can execute themselves. Worms have the ability to spread over a network and can initiate massive and destructive attacks in a short period of time.

Trojan Horse

A trojan horse is a non-replicating program that appears legitimate, but actually performs malicious and illicit activities when executed. Attackers use trojan horses to steal a user's password information, or they may simply destroy programs or data on the hard disk. A trojan horse is hard to detect as it is designed to conceal its presence by performing its functions properly.

Spyware & Adware

Spyware is a type of software that secretly forwards information about a user to third parties without the user's knowledge or consent. This information can include a user's online activities, files accessed on the computer, or even user's keystrokes.

Adware is a type of software that displays advertising banners while a program is running. Some adware can also be spyware. They first spy on and gather information from a victim's computer, and then display an advertising banner related to the information collected.

Rootkit

A rootkit is a collection of files that alter the standard functionality of an operating system on a computer in a malicious and stealthy manner. By altering the operating system, a rootkit allows an attacker to act as system administer on the victim's system. (Or the "root" user in a Unix system - hence the name "rootkit".) Many rootkits are designed to hide their existence and the changes they made to a system. This makes it very difficult to determine whether a rootkit is present on a system, and identify what has been changed by the rootkit. For example, a rootkit might suppress directory and process listing entries related to its own files. Rootkits may be used to install other types of attacker tools, such as backdoors and keystroke loggers. Examples of rootkits include LRK5, Knark, Adore, and Hacker Defender.

Active Content

Unlike the traditional methods of working with static data files using a software program, today's data objects, such as web pages, email and documents can interweave data and code together, allowing dynamic execution of program code on the user's computer. The fact that these data objects are frequently transferred between users makes them efficient carriers of viruses. The transparency of code execution can be a security concern. The two main 'active content' technologies are ActiveX controls and Java. In general, ActiveX poses a greater threat because it has direct access to native Windows calls, and hence any system functions.  Java, on the other hand, is "sandboxed" or insulated from operating system services by the Java Virtual Machine. However, this does not mean that there will never be a Java virus.

Zombies and Botnets

A zombie computer, usually known in the short form zombie, is a computer attached to the Internet that has been compromised and manipulated without the knowledge of the computer owner.

A botnet refers to a network of zombie computers that have been taken over and put under the remote control of an attacker. A botnet might consist of thousands of zombie computers, and even more. The zombie computers in the botnets can consist of computers at homes, schools, businesses and governments scattered around the world.

Scareware

Scareware, or sometimes called rogueware, comprises several classes of ransomware or scam software with malicious payloads. While pretending as legitimate anti-virus software or the likes, scareware is in fact dummy software without functions, or sometimes even a malicious software which may, for example, steal the victim's personal information and credentials such as passwords or credit card details. Scareware usually entices victims by convincing them that a virus has infected their computer, then suggesting that they download (and pay for) an anti-virus software to remove it. Very often, the virus is entirely fictional, and the software installed is the scareware itself. In additional to the loss of money paid for the scareware, the personal details and credit card information provided by the victim during the purchase of the scareware can be used by criminals in further fraud or sold on black market forums.

Ransomware makes your computer files inaccessible. The victim is then requested to pay a fee ("ransom") to regain access to their files. Ransomware is a twisted form of scareware. One of common tactics is that the malware attacks victims through phishing emails with a malicious attachment. Once infected, the malware makers of ransomware can "kidnap" user’s computer and hold it to ransom by, for example, stopping the computer working, encrypting key system files or locking up some of the personal information. The victim needs to pay ransom to free their machines and get their files back.


Sources:
-https://www.techopedia.com/definition/4014/malicious-code
-http://www.infosec.gov.hk/english/virus/types.html