Viruses and worms are two common malicious programs; they differ slightly in that, a virus MUST have a way to travel to another host and a worm is a virus sub-class that has the ability to spread without any help from a transport agent such as an email attachment.
- [Instructor] A malware attack can be devastating as an attack can infiltrate the network and allow unauthorized access to critical information. Malicious programs are categorized in one of five different classes. Spyware records keystrokes and other activity and sends to a collection site. Trojans appear as useful programs such as games or utilities but contains malware that allows hackers to take control of the victim's computer remotely. Rootkits provide a backdoor for illegal access to a host.
Viruses can self-replicate yet needs a way to propagate to other hosts. Worms are a self-propagating virus that can spread on its own. Viruses and worms are two common malicious programs. A virus is like a human virus in that it can self-replicate and spread to other programs within the system. The results can be as simple as a new icon on the desktop or more serious results such as disabling antivirus or destroying files.
A virus must have a way to travel to another host. A classic way to propagate a virus is via an email attachment. Today it's common to find malware on USB flash drives which are inexpensive and convenient. A worm is a virus subclass that has the ability to spread without any help from a transport agent such as an email attachment. This ability makes a worm more dangerous as they can have devastating effects on all hosts on the network.
Many users are unaware of a worm's frenzied replication until the worm consumes system resources such as memory, processing, bandwidth, all of which can slow or even halt tasks. Most computer viruses spread when a file is executed or open. But viruses can fall in one of the following categories. A resident virus first seeks to set up residency by hiding in memory. The virus is triggered when the operating system boots or other actions such as opening a Word doc.
A non-resident virus doesn't hide in memory but stores itself in an executable file and infects other files every time the file is run. The master boot record is an important data structure that is located in the first few sectors of a hard drive. It contains a small amount of executable code called the master boot code. The master boot code loads the installed operating system. A boot sector virus is loaded into memory when the operating system loads and allows the virus to activate as the drive boots.
A macro is a small program that runs in Microsoft Office such as Word, Excel, or Outlook. A macro virus executes when triggered or even when the document is open and can spread through software programs that utilize macros every time the document is open.
Learn more about the Certified Ethical Hacking exam and the benefits of certification at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/.
- Understanding viruses and worms
- Recognizing a virus attack
- Identifying different virus types
- Creating a simple virus
- Analyzing malware
- Countering malware