Malicious Code
Today I want to write about malicious code. The most common term to describe many viruses, worms, rootkits, and other malicious code is malware. It’s a wide range of software designed to harm computers, systems, networks, and users.
For the SY0-601 Security+ exam, you need to know the differences between each type of malware, their traits, and how to fight them.
Here is a list of malware:
- Ransomware
- Trojans
- Worms
- Rootkits
- Backdoors
- Bots
- Keyloggers
- Logic Bombs
- Viruses
- Fileless Viruses
- Spyware
- PUPs
I will go through each type and make a few words about it.
Ransomware
Your typical crypto-malware encrypts your hard drive and demands bitcoin payment. The most effective defense system against ransomware is an effective backup system that stores files separately.
Trojans
A software that is disguised as legitimate. Once installed, Trojans allow attackers to access your computers. However, not all Trojans are the same. There is a particular type of Trojans. They are called Remote Access Trojans (RATs). CompTIA emphasizes the difference between Trojans. The most effective defense system against Trojans is security awareness and special software that detects them.
Worms
Worms tend to spread themselves in many ways. Therefore, one needs to be very careful. The most famous worm that was created by state actors is Stuxnet. You can find more information here.
Rookits
Rootkits are malware type that allows attackers to access a system through a backdoor. Rootkit detections are challenging. One can use tools to look for behaviors and patterns of rootkits.
However, when a rootkit is discovered, it does not successfully remove this malicious code. Therefore, it’s best to restore from a known good backup.
Backdoors
Methods or tools that allow you to bypass standard authentication and authorization procedures. As CompTIA states, backdoors can be hardware or software-based, but they are focusing on software backdoors. Detection of backdoors can be done by checking unusual open ports and services.
Bots
Bots are remotely controlled systems or devices that have been infected by malware. The way it works is that there are many computers infected and controlled by Command and Control server. These controlled machines are used for various illicit purposes, such as DDoS attacks.
There are two types of botnets—a client-server model with one Botnet Command and Control server and a peer-to-peer botnet model.
Detecting and defeating botnets requires analysis of bot network traffic, antivirus, and antimalware tools.
Keyloggers
A type of malicious program that steals user inputs. It captures keyboard presses.
During my reckless youth, I experimented with keyloggers and managed to capture passwords easily. We could read passwords, and we could read private messages. Everything was captured—a terrifying malicious tool.
To fight keyloggers, it’s recommended to use multifactor authentication so that when a password it’s stolen, the malicious actor still cannot compromise you.
Logic Bombs
This is an interesting one. Imagine a developer that writes a piece of code that destroys part of the company’s system. Sounds very unlikely? It can happen. I warned you.
Fileless Virus
This is a type of virus that lives inside a computer’s memory. The flow of infecting yourself with such a virus starts with a phishing email that gives you a link to a website. Once there, the website exploits the browser’s plug-in vulnerability, a shell command runs, downloads a virus, a registry entry is created, and from now on, you are forever infected. As always, one needs to keep his systems updated.
Spyware
A type of software designed to obtain information about an individual, organization, or system: information is reported back to servers. Spyware is counteracted by using antimalware tools and user awareness.
Potentially Unwanted Programers
This is very common. You want to install a program but end up installing things you don’t need. It clogs your machine and annoys you. The best way to fight it is an antivirus and antimalware program.