What is malicious code cyber awareness?

- [Serge] Malicious software, malware, is a common threat and reality of everyday life for security professionals and the general public. Take for instance, something as simple as the Spam folder in your email box, a portion of the emails contained within will point to a malicious website, that will actively try to infect your machine with malware. To start the infection process, all you have to do is click the link. If your browser or client software has a known vulnerability that the malware's able to exploit, then your machine may become infected. But what then? Will your hard drive become encrypted, or maybe your files deleted, or your credentials compromised? Perhaps your contact list will be spammed, or your bank account drained, or your phone video tapped, or DNS hijacked. Or will your system become unstable, or maybe your company will feel the pain? Do you get the point? There's a saying in the information security world, once an attacker is able to get their code to execute on your computer, it is no longer your computer. This course will discuss the ends and outs of malware, from what it is, to how it works, and some ways that you can protect yourself and your devices. Hi, my name is Serge Borso, the CEO of SpyderSec. Spydersec is an information security consulting organization, specializing in penetration testing services. We also offer phishing solutions, discovery scanning, and educational and awareness training. Throughout this course I will be talking a lot about malicious software, while sharing my experience of dealing with it, as well as providing information to learn more about different types of malware, implications and precautions that can be taken to protect yourself and your organization. Some things that you need to know before we start this journey, as it pertains to your own background and skill level, are the intended audience and depth of the material. It is expected that people taking this course are at an intermediate skill level, in terms of general IT knowledge. As for depth, this course will go into some depth, regarding malicious software, short of decompiling samples, while beyond basic knowledge of antivirus or AV solutions. The material being discussed will be applicable to both home and the workplace, mainly due to the commonality of the concepts being discussed and the similarities and threats. The topics of this course, range from defining malware and understanding how it works, to determining the risks associated with malware and how we can protect ourselves and our organizations from such threats. At the end of the course, we will put all of the information discussed together, in order to form a cohesive understanding of how threat actors operate, motivations behind creating and inseminating malware, and what we can do to stay secure.

Believe it or not, malicious code has been around for half a century already. What started as an education lab experiment made its way into the wild, wreaking havoc on companies and home users alike.

Famous examples of malicious code criminal activity in recent history include the 2019 Texas ransomware attack or the 2018 Trojan incident in the Pennsylvania city of Allentown caused by Emotet malware. Becoming familiar with the cyber-threats that lurk on the Internet is thus the first step you can take in keeping your devices and information safe.

In the following lines, I will briefly explain what malicious code is, then go over the seven most common examples of malicious code.

What is Malicious Code?

Malicious code describes any code designed to do harm to a computer system – delivering malware, stealing data or exploiting systems in any harmful way.  Malicious code can take various forms, from locally installed programs/software to scripting languages, browser add-ons/plug-ins, ActiveX controls, infected websites and many more.  What that means, in simpler terms, is that the malicious code is packaged in a format that is familiar to either the victims or their devices, and activates itself once it gets in.

Examples of malicious code computer program types include, but are not limited to:

• scripting languages,
• plug-ins,
• pushed content,
• ActiveX controls,
• and Java Applets.

Malicious code is designed to grant cybercriminals unlawful remote access to the targeted system, thus creating an application backdoor. In doing so, hackers gain access to private data stored on the network and can go as far as to steal, leak, encrypt, or completely wipe it.

7 Examples of Malicious Code

The most common examples of malicious code out there include computer viruses, Trojan horses, worms, bots, spyware, ransomware, and logic bombs. I will go over the mechanics behind each one in the following subsections.

#1 Computer Viruses

A computer virus is a type of malicious application that executes and replicates itself by injecting its code into other computer programs. Once the code injection is successful and the reproduction process is complete, the targeted areas of the system become infected.

Viruses are one of the most common examples of malicious code thanks to popular media. One famous illustration of the concept is represented by Agent Smith in the Matrix film trilogy, where Hugo Weaving plays a renegade program that manifests similarly to a self-replicating computer virus.

The earliest known virus dates back to the ARPANET of the 1970s, the Internet’s predecessor. Known under the name Creeper, it was not designed as malicious software, but rather as part of research into the topic of self-replicating code.

Unfortunately, that soon changed for the worse and in 1982 the first computer virus appeared in the wild. Nevertheless, the antivirus software industry was developed in response to the threat. Nowadays, advanced solutions such as our very own Heimdal™ Next-gen Endpoint Antivirus are fighting the good fight and keeping devices safe.

#2 Computer Worms

A computer worm is a kind of malicious program that replicates itself to spread to as many devices as possible. Its behavior is very similar to that of a virus, which is why worms are considered a subtype of virus. It is designed to deal maximum damage and often spreads itself across a network. For this reason, this type of threat is also known as a network worm.

What sets viruses and worms apart is their propagation method. While the former requires some sort of human action to travel, the former is built to proliferate independently. Simply put, a virus requires victims to unknowingly share infected websites or files, while a worm uses a system’s information transport features.

#3 Trojan Horses

A Trojan horse, or simply Trojan, is an example of malicious code that is heavily reliant on social engineering to mislead its targets. Due to the deceptive practices associated with it, the threat was named after the Trojan Horse that the Greeks used to sneak their way into the independent city of Troy and subsequently conquer it.

Unlike a self-replicating computer virus, the Trojan horse requires users to execute an infected file on the targeted device. This is where social engineering tactics come in, which see hackers attempting to trick victims by feigning authority or legitimacy.

Trojans do not try to inject their code into that of other files and do not propagate across a device. Their main purpose is to create an application backdoor that can then be further exploited by cybercriminals to acquire banking details, login credentials, or other personally identifiable information.

#4 Internet Bots

Also known as web robots, Internet bots are software applications created to run automated scripts. They are often used to perform simple and repetitive tasks, such as send instant messages or crawl websites. Facebook and Google notoriously use these ‘good bots’ to facilitate certain everyday jobs instead of wasting the time of their human employees.

Nonetheless, such a thing as ‘bad bots’ exists as well. To create them, cybercriminals infect entire networks of computers with viruses, worms, or Trojans, turning the devices into so-called zombies. This malicious system is called a botnet and is at the beck and call of the hacker that created it with the help of a command and control server.

Both mobile and desktop devices are targeted by this practice, as are IoT devices and Internet infrastructure hardware. Botnets are then used to enable bot attacks such as brute force attacks and distributed denial of service (DDoS) attacks.

#5 Spyware/Adware

As its name might suggest, spyware is a type of malicious software designed to pry into targeted devices and gather sensitive information about a person or organization. This data is then relayed to the third party behind the attack that can use it for various nefarious purposes.

Spyware is often associated with advertising-supported software, which is why it falls into the same category as malicious adware. However, both spyware and adware can have non-damaging uses. For example, websites might use spyware to track page activity or adware to advertise certain products. For this reason, establishing the boundary between harmful and harmless is particularly difficult in this case.

#6 Ransomware

Ransomware is a type of malicious software that encrypts files upon infection and holds them hostage in return for a ransom. Attacks are often preceded by the use of a Trojan to create a vulnerable entry point for the payload. MegaCortex ransomware is a well-known example of this tactic applied, pairing up with infamous Trojans such as Emotet and Qakbot to gain unlawful entry into corporate networks.

What sets ransomware apart from other examples of malicious code is its profitable nature, which leads to its prevalent use as a moneymaking scheme. More and more operators are starting to practice big game hunting, targeting corporations instead of individual home users in hopes of reaping higher ransom payouts.

In addition to this, quite a few operators have entered the ransomware-as-a-service (RaaS) business. Hackers often provide the necessary infrastructure to cybercriminals without the technical skill to create their own, all for a cost of course. Fortunately, advanced threat hunting solutions such as our Heimdal™ Threat Prevention are capable to prevent, detect, and block ransomware attacks in the blink of an eye.

Heimdal™ Threat Prevention is a DNS, HTTP, and HTTPS filtering solution with modules for your online network perimeter and endpoints alike. Machine-learning neural AI keeps track of malicious domains and thwarts the spread of ransomware, as well as other advanced cyber-threats.

#7 Logic Bombs

A logic bomb is a malicious string of code that is intentionally inserted into software and programmed to set off when certain requirements are met. Inherently ill-intentioned computer applications such as viruses and worms often contain logic bombs within their makeup that allow them to execute payloads and predetermined moments.

One recent instance of a famous logic bomb incident occurred between 2014 and 2016. David Tinley, a contractor for the Siemens Corporation, laced the software he designed for the company with a logic bomb that caused it to malfunction after a certain amount of time. As a result, he was paid by the organization to repair the damages. Tinley pleaded guilty to the charges in July 2019.

Wrapping Up…

While viruses, worms, and Trojans might be the most commonly discussed examples of malicious code, newer offenders such as ransomware are quickly gaining a footing in the cyber-threat hall of fame. Knowing what you might have to deal with is the first step of a solid prevention strategy.

A natural continuation of this approach is represented by investing in state-of-the-art cybersecurity tools. Don’t hesitate to reach out to us at [email protected] and find out which of our top-tier cybersecurity solutions suit your needs best.

What is cyber malicious code?

What are some examples of malicious code cyber awareness?

What is malicious code example?

What are 3 types of malicious code?