Principles of Cybersecurity, 1st Edition page 41

Copyright Goodheart-Willcox Co., Inc. Chapter 2 Information Security Fundamentals 41 Malware Malware, or malicious software, is computer code intentionally written to cause some form of harm, from stealing or destroying data to collecting informa- tion or allowing remote access to a system. It exploits vulnerabilities in a computer system. A vulnerability is a fl aw or potential for harm. Malware is a signifi cant source of threats to computers and systems. A threat is something that takes a vulnerability to a level where the fl aws can be exploited. There are many reasons a hacker may create malware. The purpose of mal- ware is found in its payload. The payload is the actions of the malicious code. Most people hear the term malware and think “computer virus.” Computer viruses are a form of malware. However, there are many other types of malware. Some of the most common forms of malware are: • Trojan horse • worm • time or logic bomb • armored virus • ransomware • polymorphic • rootkit • backdoor and • macro virus. Trojan horse A Trojan horse is malware hidden inside other software that appears to be harmless. This type of malware takes its name from the ancient story of Greek sol- diers hiding inside a wooden horse so they could invade the city of Troy, as shown in Figure 2-5. In computing, a Trojan horse represents the same type of threat: malicious or dangerous code hidden inside something that appears innocent. It may be inside a screen saver, game, or other type of fi le. As with the residents of Troy, a user is unaware of this threat lurking in the fi le. Once someone downloads, executes, or installs the program, he or she has put the computer system at risk. A remote access Trojan (RAT) is a form of malware that allows the hacker to use an embedded backdoor to gain administrative control of the victim’s com- puter. It is a Trojan horse in that the victim is infected by downloading a seem- ingly normal fi le containing the malware. In addition to administrative access, some RAT programs may monitor the system to obtain keystrokes. Worm As mentioned in Chapter 1, a worm is a form of malware that infects systems with its payload. Unlike many other forms of malware, a worm moves or spreads from one computer to another through open network connections. Worms can be very destructive. They can also be diffi cult to remove. Some examples of this threat include the Sasser and MyDoom worms. The Sasser worm did not have a destructive payload in terms of destroying or stealing data. It attempted to run code that exploited a vulnerability in Windows causing these computers to slow or shut down, as shown in Figure 2-6. However, even this pay- load caused an estimated 18 billion dollars in damages. The MyDoom worm holds the dubious distinction as the quickest-spreading worm via e-mail. This mal- ware went through e-mail contact lists and continued CompTIA Security+ 1.1 MTA Security Fundamentals 2.6 Malchev/Shutterstock.com Figure 2-5. In the legend of the Trojan horse, Greek sol- diers hid inside a wooden horse that was then offered to the city of Troy as a gift. Once the horse was inside the city walls, the soldiers exited the horse and attacked the city. Goodheart-Willcox Publisher Figure 2-6. This is the shutdown message users received due to the Sasser worm.

Previous Page Next Page

Principles of Cybersecurity, 1st Edition Page 41 (53 of 634)

Resources and Downloads

Help