Malicious Code

Malicious code creates havoc in our system. Some of the malicious code was planted without our awareness. Others, we may have contributed to creating. Other programs may try to inject malicious code, and you may have planted malicious code into other programs.

To irradiate it, we must first identify it. If it can be wiped clean, then we can attempt to quarantine it (just like your computers virus scanner).

Some malicious software can't be removed without a technician. Anytime you wipe out a particularly harmful piece of code, reboot.

The 7 Deadly Sins are the most common forms of malicious software.

In our own lives, we need to be constantly scanning to see where malicious code may have entered into our operating system.

What are some of the early indicators that something toxic has run amok?

From the Software World

Malicious software is any software that the user did not authorize to be loaded or software that collects data about a user without their permission. The following is a list of terminology commonly used to describe the various types of malicious software:

Spyware

Spyware is any technology that aids in gathering information about a person or organization without their knowledge. On the Internet (where it is sometimes called a Spybot or tracking software), Spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties. Spyware can get in a computer as a software virus or as the result of installing a new program.

Virus

A virus is a program or programming code that replicates by being copied or initiating its copying to another program, computer boot sector or document. Viruses can be transmitted as attachments to an e-mail note or in a downloaded file, or be present on a diskette or CD.

Worm

A worm is a self-replicating virus that does not alter files but duplicates itself. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks.

Logic bomb

A logic bomb is programming code, inserted surreptitiously or intentionally, that is designed to execute (or "explode") under circumstances such as the lapse of a certain amount of time or the failure of a program user to respond to a program command. It is in effect a delayed-action computer virus or Trojan horse. A logic bomb, when "exploded," may be designed to display or print a spurious message, delete or corrupt data, or have other undesirable effects.

Trapdoor

A method of gaining access to some part of a system other than by the normal procedure (e.g. gaining access without having to supply a password). Hackers who successfully penetrate a system may insert trapdoors to allow them entry at a later date, even if the vulnerability that they originally exploited is closed. There have also been instances of system developers leaving debug trapdoors in software, which are then discovered and exploited by hackers.

Trojan (Trojan Horse)

A Trojan horse is a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage, such as ruining the certain area on your hard disk. A Trojan horse may be widely redistributed as part of a computer virus.

RATs (Remote Admin Trojans)

A special form of Trojan Horse that allows remote control over a machine. These programs are used to steal passwords and other sensitive information. Although they are "invisible", symptoms such as a slow moving system, CD ports opening and closing and unexplained restarting of your computer may manifest.

Malware

Malware (for "malicious software") is any program or file that is harmful to a computer user. Thus, malware includes computer viruses, worms, Trojan horses, and also Spyware, programming that gathers information about a computer user without permission.

Mobile Malicious Code

Web documents often have server-supplied code associated with them which executes inside the web browser. This active content allows information servers to customize the presentation of their information, but also provides a mechanism to attack systems running a client browser. Mobile malicious code may arrive at a site through active content such as JavaScript, Java Applets and ActiveX controls or through Plug-ins.

Malicious Font

A webpage text that exploits the default method used to de-compress Embedded Open Type Fonts in Windows based programs including Internet Explorer and Outlook. These malicious fonts are designed to trigger a buffer overflow which will disable the security on Windows-based PCs. This allows an intruder to take complete control of the affected computer and remotely execute destructive activities including installing unauthorized programs and manipulating data.

Rootkits

Rootkits are a set of software tools used by an intruder to gain and maintain access to a computer system without the user's knowledge. These tools conceal covert running processes, files and system data making them difficult to detect. There are rootkits to penetrate a wide variety of operating systems including Linux, Solaris and versions of Microsoft Windows. A computer with rootkits on it is called a rooted computer.

There are three types of rootkits. Below is a description of the characteristics of each:

Kernel Rootkits

Hide a backdoor on a computer system by using modified code to add or replace a portion of the system's existing kernel code. Usually the new code is added to the kernel via a device driver or loadable module. Kernel rootkits can be especially dangerous because they can be difficult to detect without appropriate software.

Library Rootkits

Hide information about the intruder by manipulating system calls with patches, hooks, or replacements.

Application Rootkits

Replace or modify regular application binaries with camouflaged fakes, hooks, patches, or injected code.