Malicious code in general refers to computer programs that are written
specifically to cause mischief or, worse, cause damage to infected computers.
Malicious code can be used to describe all Viruses, Worms, Trojan Horses etc.
but is more commonly used to describe active content, Java or ActiveX for
instance, which can be used to either corrupt or steal data or even install a
Trojan Horse or Virus for later use. Java and ActiveX are normally used to
enhance the features of a web site but can be used for these more sinister
purposes.
A computer virus is a piece of software with the ability to copy itself and
spread itself to other computers. A virus can enter a victims computer either
through e-mail, by downloading infected software from the Internet, or by using
infected media such as floppy disks or CD's. With the wide use of e-mail,
malicious viruses and scripts have the capability to reach almost anyone who is
connected to the Internet. Like their biological equivalent, a computer virus
often carries with it a destructive element (known as a payload), and can be
difficult to contain and destroy. Well-known viruses like Melissa, and
ILOVEYOU.VBS have been able to spread so quickly that they overloaded Internet
e-mail systems and company networks within a few hours of their introduction.
A virus may be merely annoying, or completely destructive. The most severe
viruses can erase the contents of the computer’s hard drive, or render it
completely useless. If no back-ups are kept, important data may be lost or
damaged beyond repair, which could ultimately result in serious financial loss.
There are different types of Virus and Malicious Code including:
Virus
Boot Sector
Boot sector viruses modify the contents of either the master boot sector or
the DOS boot sector, depending on the virus and type of disk, usually replacing
the legitimate contents with their own version.
Parasitic
Parasitic viruses attach themselves to COM and/or EXE files and divert the
execution flow in such a way that the virus code executes first.
Multipartite
Multipartite viruses exhibit the characteristics of both boot sector and
parasitic viruses. They infect COM and/or EXE files (like parasitic viruses) and
boot sectors (like boot sector viruses). Thus their chances of replication are
increased.
Macro
Macro viruses use macros contained of certain document types to become active
and to infect other documents. The viral macro usually makes transparent changes
to the global macro environment so that all new or edited documents become
infected.
Malicious Code
Examples of malicious code include:
Worm
Worms are rogue programs similar to viruses, but do not need a carrier such
as a floppy disk or macro to replicate as they are able to created exact copies
of themselves. Currently, Worms are the most widespread form of malicious code.
Most are written in Visual Basic and are "email aware" such as Kakworm and
Loveletter. In the "olden days" you had to open a file or run an application
manually in order to be infected. Now you can become infected and then infect
hundreds or thousands of people by simply reading your email.
Recently, Friends Greetings emails circulated round the Internet. It was
initially thought to be a worm because after people installed the application
everyone in their personal address book was sent an email. It turned out that
this was not an email aware worm but an attempt at viral marketing.
Unfortunately people did not read the licensing conditions before agreeing to
them. These conditions clearly stated that their personal address book would be
used.
Trojan Horse
A Trojan horse is a program that performs functions other than those stated
in its specifications. These functions are often malicious. It may inflict
damage or allow somebody from a remote site to take control of the computer. Key
loggers, programs that record keystrokes (including passwords) are sometimes
installed as part of a Trojan program. Details of your work can then be passed
to 3rd parties without your knowledge. A Trojan horse sometimes masquerades as a
legitimate program, but once installed on the victim machine runs an illicit,
damaging program.
Spyware / Adware
Spyware and Adware refers to code that sends details of a PC to a 3rd party.
Unlike malicious code, Spyware is intentionally coded into certain applications
(or is a self contained application installed on a computer without the
knowledge of the user). This allows software suppliers and advertising companies
((to target browser banner advertisements that match you habits for instance),
hackers and even family members to monitor your computing habits online habits
and learn about how you use your software. Some say that government agencies use
spyware too. Some perceive that software used by a business to monitor staff
usage in compliance of corporate policies is also Spyware. Organisations should
make staff aware of corporate policies and any monitoring that takes place, the
use of software to openly do this should be acceptable.
See http://www.spywareinfo.com,
http://www.xblock.com or http://www.spycop.com
for more information on aspects of Spyware.
Thiefware
Thiefware refers to the use of software and Internet technology to steal
custom from a legitimate web site. Some software places links on victimised
sites for visitors to click on leading them away to other competitor sites. Many
site owners would say the software is stealing visitors which makes Thiefware an
appropriate name for such services and software.
Another aspect of Thiefware appears related to Trojan Horses. You download and
install an application and during the setup process your are requested to
install another application. You believe that the second program is a support
application for the first but it is in fact Thiefware.
When you surf with Thiefware installed you may notice that there are additional
links of adverts on some web sites (if you have visited it before). These links
may seem out of place (such as hard core pornography in a children's site) The
site owner has not granted permission for their site to be viewed in this way
and would not be aware of these links as it is the software on your PC that has
placed them there in your browser. The site owner could also lose revenue if the
links / adverts point the user to a competitors site. Some affiliate programmes
rely on people clicking on links on a page to earn commission, these could be
hijacked by Thiefware so that someone else gets the commission.
Some aspects of Thiefware are also similar to Spyware in that your browsing
habits may be logged, see the effects section for more issues. . See http://www.thiefware.com
for further details.
Hoaxes
Sometimes seen as almost as much trouble as the real thing, hoaxes are
widespread throughout the Internet community. Where a real virus is spread by
the software itself, usually without the users knowledge, a virus hoax, uses
social engineering techniques to make the recipient spread it by in an effort to
inform their co-workers, friends or relatives of the latest threat to their
data. Although not containing malicious code, hoaxes take time and effort to
dispel. In the past, real viruses have been created to emulate certain aspects
of hoaxes in order to spread. The idea being they might be able to spread
further if they were not taken seriously. Effort needs to taken to evaluate all
threats to information, even if it turns out to be a hoax.
Effects
Malicious Code can produce unwanted side affects in computers such as
displaying on screen messages, playing tunes or making words drop off the
screen. More sinister effects include password-protecting files so that they
cannot be accessed, modification to data in spreadsheets, sending information to
third parties via email and information corruption/deletion.
If it can be shown that an organisation have been negligent in allowing a virus
or malicious code to be transferred to a third party, they may be held legally
liable for any damage caused.
It may be possible for viruses, malicious code and Spyware or Thiefware to
collect system passwords and other data stored on your machine, such as credit
card details. It’s your connection to the Internet that is used to pass the
information to the to a third party, therefore it needs to use some of your
valuable bandwidth (the amount of information you can send and receive in a
period of time) thus slowing down you connection, and perhaps even causing you
to lose your connection.
