By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.
A significant security risk to computers and IT networks is in the form of malicious code, commonly called malware. Malware includes viruses, worms, Trojan horses, RATs, scareware, ransomware, keyloggers, logic bombs, rootkits, mobile code, backdoors, trapdoors, spyware, and malware hoaxes. Viruses have a replication component to spread themselves and an activation component to deliver the payload of the virus. They use a variety of methods to thwart AV software and researchers. Stealth viruses attempt to hide themselves to escape detection. Armored viruses use techniques such as complex code and encryption to prevent a researcher from reverse engineering the code and discovering what the virus is doing. Polymorphic and metamorphic viruses change the virus file to escape detection through signature files. Although viruses must execute, a worm can travel through a network without any human interaction. A Trojan horse appears to be one thing, such as a useful program, but is actually something different and malicious. Remote access Trojans (RATs) allow attackers to take control of a system from a remote location. Scareware is a type of Trojan. Scareware appears to be a useful antivirus program, but instead attempts to extort money from users. Ransomware locks a user’s computer or data and demands ransom to return the control back to the user. A keylogger captures keystrokes from users and can send the captured keystrokes to an attacker. Logic bombs execute in response to an event, such as a day or time. Rootkits take control of the operating system (at the kernel or root level) and have the ability to take complete control over what the user sees and does. A backdoor (or trapdoor) is code embedded into an application or operating system that allows an attacker to access data or even gain remote control access to the infected computer. Malware often installs RATs as backdoors into systems. Spyware is any software that is installed without the user’s knowledge or consent and can be malicious. Most malware is delivered through the Internet via drive-by downloads, malvertising, and malicious e-mails. The primary method of protecting systems from malware is the use of up-to-date AV software. AV software should be installed on every computer. It’s also highly recommended to install AV software at the boundary between the Internet and the internal network and on e-mail servers. AV software uses signature definitions and behavior-based detection methods (sometimes called heuristics) to identify malware. Signature definitions identify known viruses based on a specific pattern within the virus. Behavior-based detection methods attempt to identify malicious behavior of previously unknown viruses. Because viruses can mutate into different variations, it’s important to keep virus definitions up to date. Additionally, it’s important to keep an operating system up to date. Spam filters and content-filtering appliances help filter out malware before it reaches the internal network. Content-filtering appliances can also filter other traffic, such as by using URL filters to control which websites users can access and performing firewall and intrusion detection services. Other methods of protecting against malware include using vulnerability scanners to identify potential vulnerabilities in the network, using sandboxing techniques to isolate potentially malicious code, and implementing the principle of least privilege for all accounts. Many software security methods such as input validation, application reviews, and code signing help protect against malware infections. Application whitelisting identifies applications that are allowed and blocks all other applications. Application blacklisting identifies applications that are not allowed and allows all other applications. By educating users on the basics of safe computing habits, you can help them avoid risky computing behaviors that cause malware infections. This includes not opening attachments or clicking links from unsolicited e-mails, and being wary of all attachments and links in e-mails. The MITRE Corporation maintains the CVE list, which provides a standardized method of describing malware. The National Cyber Security Division of the U.S. Department of Homeland Security sponsors the CVE.
Join 4M+ learners. Unlock unlimited quizzes, wrong-answer tracking, flashcards + reminders, study guides, and 1-on-1 challenges.