Join Mike Chapple for an in-depth discussion in this video Comparing viruses, worms, and Trojans, part of CompTIA Security+ Exam Prep (SY0-401): Threats and Vulnerabilities.
- One of the gravest threats to computer security is the scourge of malware. Short for malicious software, malware objects infect computer systems and then perform some type of evil action, possibly stealing information, damaging data or otherwise, disrupting normal use of the system. As a Security+ candidate, you'll need to understand the various types of malicious code and how they work to infect systems. Every piece of malware that you encounter will have two components: a propagation mechanism and a payload.
The propagation mechanism is how the malware spreads from one system to another. Propagation mechanisms vary between malware types. In just a minute, we'll talk about three different types of malware objects and how they spread. The payload is the malicious action that the malware performs. Any type of malware object can carry any type of payload. For example, a malware payload might search your hard drive for credit card statements and tax returns, or encrypt data and make it unavailable until you pay a ransom or monitor your keystrokes until you log into your bank account, compromising your user name and password.
We'll talk more about different payloads in the next video in this course. The first type of malware that we need to talk about is the virus. Most computer users are already familiar with the concept of viruses but they often misapply the term to any type of malware. Computer viruses take their name from biological viruses. The defining characteristic of a virus is that it spreads from system to system based upon some type of user action. This might be opening an email attachment, clicking on a link to a malicious website, or inserting an infected USB drive into a system.
Viruses don't spread unless someone lends them a hand. For this reason, one of the best ways you can protect against viruses is user education. The second type of malware is the worm. Worms spread from system to system without any user interaction. They spread under their own power. Worms reach out and exploit system vulnerabilities, infecting systems without the user doing anything. Once a worm has infected the system, it uses that system as a new base for spreading to other parts of the local area network or the broader Internet.
Worms require vulnerable systems to spread, therefore, the best way to defend against worms is keeping systems updated with the most recent operating system and application patches. Worms have been around for years. In fact, the first worm outbreak occurred in 1988. Written by Robert Tappan Morris, then a graduate student at Cornell University, the RTM Worm, infected almost 10% of the systems connected to the then small Internet. Up until that point, administrators of Internet-connected systems weren't very concerned about security.
The fact was, most of them actually knew each other and they had never considered the idea that someone might create a malicious worm. The rapid spread of the RTM Worm changed that opinion quickly and brought new attention to Internet security. Worms continue to infect new systems everyday. In 2010, a sophisticated worm known as Stuxnet infected the computer system's at a uranium-enrichment facility in Iran. Stuxnet became very well known because it was the first worm to cross the virtual, physical barrier in a major way.
Stuxnet infected the computer systems that controlled specialized centrifuges and caused them to spin out of control. The attack caused major damage to the facility and dealt a significant blow to Iran's nuclear program. The final type of malware that we'll discuss is the Trojan Horse. You may already know the story of the Trojan Horse from the 12th Century B.C. The Greek army, which had laid siege to the city of Troy for ten years, built a gigantic wooden horse and hid soldiers inside of it. The rest of the army then pretended to sail away leaving the horse for the Trojans to claim as a trophy.
The Trojans opened their city wall and brought the horse inside. That night, the Greek army poured out of the horse and destroyed the city. In the world of malware,Trojan Horses work in a similar way. They pretend to be legitimate pieces of software that a user might want to download and install. When the user runs the program, it does perform as expected, however, the Trojan Horse also carries a malicious, hidden payload that performs some unwanted action behind the scenes. Since Trojan Horses arrive on systems when users install software, application control provides a good defense against this threat.
Application control solutions limit the software that may run on systems to titles and versions specifically approved by administrators. Different malware objects spread in different ways. Viruses spread between systems after a user action. Worms spread under their own power and Trojan Horses pose as beneficial software with a hidden malicious effect. As you prepare for the Security+ Exam, you'll want to remember the differences between these malware objects.
NOTE: We are now a CompTIA Content Publishing Partner. Our training prepares members to pass CompTIA certification exams and become qualified IT professionals. As such, we are able to offer CompTIA exam vouchers at a 10% discount. For more information on how to obtain this discount, please download these PDF instructions.
- Comparing viruses, worms, and Trojans
- Understanding backdoors and logic bombs
- Defending against denial of service and password attacks
- Preventing insider threats
- Detecting social engineering attacks
- Preventing wireless eavesdropping
- Understanding cross-site scripting
- Preventing SQL injection
- Deterring attacks
- Securing your network
- Scanning for and assessing threats