One of the gravest threats to computer security is the scourge of malware. In this video, Mike Chapple explains how malware objects infect computer systems and then perform some type of evil action: possibly stealing information, damaging data, or otherwise disrupting normal use of the system.
- One of the gravest threats to computer security is the scourge of malware. Short for malicious software, malware objects infect computer systems, and then perform some type of evil action, possibly stealing information, damaging data, or otherwise disrupting normal use of the system. As a Security Plus candidate, you'll need to understand the various types of malicious code and how they work to infect systems. Every piece of malware that you encounter will have two components, a propagation mechanism and a payload.
The propagation mechanism is how the malware spreads from one system to another. Propagation mechanisms vary between malware types. In just a minute, we'll talk about three different types of malware objects and how they spread. The payload is the malicious action that the malware performs. Any type of malware object can carry any type of payload. For example, a malware payload might search your hard drive for credit card statements and tax returns, or encrypt data and make it unavailable until you pay a ransom, or monitor your keystrokes until you log into your bank account, compromising your username and password.
We'll talk more about different payloads in the next video in this course. The first type of malware that we need to talk about is the virus. Most computer users are already familiar with the concept of viruses, but they often misapply the term to any type of malware. Computer viruses take their name from biological viruses. The defining characteristic of virus is that it spreads from system to system based upon some type of user action. This might be opening an email attachment, clicking on a link to a malicious website, or inserting an infected USB drive into a system.
Viruses don't spread unless someone lends them a hand. For this reason, one of the best ways you can protect against viruses is user education. The second type of malware is the worm. Worms spread from system to system without any user interaction. They spread under their own power. Worms reach out and exploit system vulnerabilities, infecting systems without the user doing anything. Once a worm has infected a system, it uses that system as a new base for spreading to other parts of the local area network, or the broader intranet.
Worms require vulnerable systems to spread. Therefore the best way to defend against worms is keeping systems updated with the most recent operating system and application patches. Worms have been around for years. In fact, the first worm outbreak occurred in 1988. Written by Robert Tappan Morris, then a graduate student at Cornell University, the RTM worm infected almost 10% of the systems connected to the then small internet. Up until that point, administrators of internet connected systems weren't very concerned about security.
The fact was most of them actually knew each other, and they had never considered the idea that someone might create a malicious worm. The rapid spread of the RTM worm changed that opinion quickly, and brought new attention to internet security. Worms continue to infect new systems every day. In 2010, a sophisticated worm known as Stuxnet infected the computer systems at a uranium enrichment facility in Iran. Stuxnet became very well known, because it was the first worm to cross the virtual physical barrier in a major way.
Stuxnet infected the computer systems that controlled specialized centrifuges, and caused them to spin out of control. The attack caused major damage to the facility, and dealt a significant blow to Iran's nuclear program. The final type of malware that we'll discuss is the Trojan horse. You may already know the story of the Trojan horse from the 12th century B.C. The Greek army, which had laid siege to the city of Troy for 10 years, built a gigantic wooden horse, and hid soldiers inside of it. The rest of the army then pretended to sail away, leaving the horse for the Trojans to claim as a trophy.
The Trojans opened their city wall, and brought the horse inside. That night, the Greek army poured out of the horse and destroyed the city. In the world of malware, Trojan horses work in a similar way. They pretend to be legitimate pieces of software that a user might want to download and install. When the user runs the program, it does perform as expected, however the Trojan horse also carries a malicious hidden payload that performs some unwanted action behind the scenes. Since Trojan horses arrive on systems when users install software, application control provides a good defense against this threat.
Application control solutions limit the software that may run on systems to titles and versions specifically approved by administrators. Remote Access Trojans, or RATs, are a special class of Trojan horse that serve a specific purpose. They provide hackers with the ability to remotely access and control infected systems. Different malware objects spread in different ways. Viruses spread between systems after a user action. Worms spread under their own power, and Trojan horses pose as beneficial software with a hidden malicious effect.
As you prepare for the Security Plus Exam, you'll want to remember the differences between these malware objects.
- Comparing viruses, worms, and Trojans
- Backdoors and logic bombs
- Understanding the attacker
- Attack types: from denial of service to brute force attacks
- Preventing insider threats
- Wireless attacks
- Understanding cross-site scripting
- Preventing SQL injection
- Social engineering
- Scanning for vulnerabilities
- Penetration testing
- Assessing the impact of vulnerabilities