Types of Virus & Malicious Code and Protective Measures

 

MALICIOUS CODE

What Is Malicious Code?

Malicious code is the term used to describe any code in any part of a software system or script that is intended to cause undesired effects, security breaches or damage to a system. Malicious code is an application security threat that cannot be efficiently controlled by conventional antivirus software alone. Malicious code describes a broad category of system security terms that includes attack scripts, viruses, worms, Trojan horses, backdoors and malicious active content.

Malicious code can take the form of:

ü  Java Applets

ü  ActiveX Controls

ü  Scripting languages

ü  Browser plug-ins

ü  Pushed content

Once inside your environment, malicious code can enter network drives and propagate. Malicious code can also cause network and mail server overload by sending email messages; stealing data and passwords; deleting document files, email files or passwords; and even reformatting hard drives.

Malicious Code Threatens Enterprise Security

Malicious code can give a user remote access to a computer. This is known as an application backdoor. Backdoors may be created with malicious intent, to gain access to confidential company or customer information. But they can also be created by a programmer who wants quick access to an application for troubleshooting purposes. They can even be created inadvertently through programming errors. Regardless of their origin, all backdoors and malicious code can become a security threat if they are found and exploited by hackers or unauthorized users. As applications today tend to be built more and more often with reusable components from a variety of sources with varying levels of security, malicious code can pose a significant operational risk to the enterprise. That's why so many enterprises today are turning to Veracode to secure their applications.

How to Avoid Malicious Code

One way to avoid malicious code in your applications is to add static analysis (also called “white-box” testing) to your software development lifecycle to review your code for the presence of malicious code. Veracode’s static code analysis looks at applications in non-runtime environment. This method of security testing has distinct advantages in that it can evaluate both web and non-web applications and, through advanced modeling, can detect malicious code in the software’s inputs and outputs that cannot be seen through other testing methodologies.

Test for Malicious Code With Veracode

Veracode has the ability to detect applications for malicious code threats that include time bombs, hardcoded cryptographic constants and credentials, deliberate information and data leakage, rootkits and anti-debugging techniques. These targeted malicious code threats are hidden in software and mask their presence to evade detection by traditional security technologies. Veracode's detection capabilities provide comprehensive support to combat against backdoors and malicious code.

Veracode Detection Tool Tests for Backdoors, Malicious Code, Functionality, and More

In addition to backdoors and malicious code detection, Veracode finds flaws in software that may lead to vulnerabilities. A Veracode scan may turn up an instance of inadequate authentication, for example, that could possibly be a risk to enterprise security

Types of Virus & Malicious Code and Protective Measures

1.     Computer Virus

A computer virus is a program or a piece of code that is specifically designed to spread from computer systems to another computer and to interfere with computer operation without the knowledge of the victim. A computer virus is a self replicating computer program which can attach itself to other files/programs, and can execute secretly when the host program/file is activated. When the virus is executed, it can perform a number of tasks, such as erasing your files/hard disk, displaying nuisance information, attaching to other files.

 Hackers use these virus codes to corrupt or delete data from the victim's computer or use email to spread to other computers or networks. These viruses often get spread via email attachments or Instant Messaging (IM). Viruses can be disguised as images, audio, software, videos or other attachments. The technique of making a disguise of these viruses and hiding them behind other files is called 'Binding'. As a hacker, you should know what binding is. Binding the virus behind other daily usable files makes normal users unaware of the fact that they are unknowingly triggering the virus and infecting themselves. Some viruses wreak their effects as their codes get executed. Other types of viruses stay dormant until they get a suitable digital environment for execution. There is also another deadly type of viruses which stay dormant during their whole life cycle and keeps sending the victim's information to its owner/creator. Even a simple virus can be dangerous as it will quickly capture the memory and bring the system to a halt. A virus which replicates itself to other computers without being attached to any files is called 'Worms'.

Means of the traversal of virus

ü  Viruses travel through flash drives, CD drives, pen drives, Internet, etc.

ü  Virus code gets replicate when copied by users.

ü  Even documents (like Word, Excel, Notepad) do carry virus when these files get affected

Computer virus life cycle

The life cycle of viruses in general, through four stages:

Ø  dormant phase (Phase Rest / Sleep)

In this phase the virus is not active. The virus is idle. The virus will be activated by certain conditions, such as: the date specified, the presence of another program / execution of other programs. Not all of the virus through this phase.

Ø  Propagation phase (Phase Distribution)

In this phase, the virus will replicate itself to a program or to a place of storage media (both hard drives, RAM). The virus places an identical copy of itself into other programs or into certain system areas on the disk. Every program that is infected will be the result of "cloning" of the virus (depending on how the virus replication).

Ø  Triggering phase (Phase Active)

In this phase the virus becomes active and it is also spurred by several conditions such as in the dormant phase. The Virus is activated to perform the function for which it was intended. Caused by a variety of system events.

Ø  Execution phase (Execution Phase)In this phase of active virus which has been going to perform their functions. Such as deleting files, display messages. The virus function is performed.

Type of virus

ü  Memory-Resident Virus

This type will reside in main system memory. Whenever the operating system executes a file, the virus will infect a file if it is a suitable target, for example, a program file.

ü  Polymorphic Virus

These viruses encrypt themselves differently every time these virus attack host computer. Since they use different encryption algorithm and change their format every time they affect the victim, they became untraceable and difficult by antivirus to detect them using signatures or string searches. Examples are Marburg, satan bug. The virus itself can change form using various polymorphism techniques.

ü  Boot Sector Virus

are a special type of viruses that target the boot sector or master boot record (MBR) of the victim's hard drive or removable flash drives This type will infect the system area of a disk, when the disk is accessed initially or booted.

ü  Stealth Virus

A virus which uses various stealth techniques in order to hide itself from detection by anti-virus software.

ü  Macro Virus

Unlike other virus types, these viruses attack data files instead of executable files. This infect those files that are created using some programs that contain some macros within .doc, .ppt, .mdb, etc. This virus automatically detects the macros and templates within a file and infect them in the host's computer and hides the document or shared it through email. Examples of such types are: Melissa.A, relax, bablas. Unlike other virus types, these viruses attack data files instead of executable files.

Macro viruses are particularly common due to the fact that:

Ø  They attach to documents and files, which are platform independent.

Ø  The document is sent to other computers by, for example, email or file exchange. Recipients are receiving the infected document from a "trusted" sender.

 

 

 

 

 

ü  Memory Resident Virus

This fix them inside the host computer's memory and gets activated every time the OS runs and infects those files that are opened for use. These viruses usually hide in RAM (Random Access Memory). Examples are meve, randex,

How to prevent computer virus

a)     Keep your computer up to date:  We encourage our clients to enable automatic updates on their Windows computers in addition to running updates for programs such as Adobe and Java.  Many of these updates include security patches that will fill security holes in the Windows system.  We know that updates are a bit of a pain.  They always seem to come up at the wrong time.  Just when you are about to leave the coffee shop, it has to update.  We understand the inconvenience.  Just remember that it’s even more inconvenient to get a virus on your computer.

 

b)     Don’t use Internet Explorer:  We live in an exciting time.  We have so many browsers to choose from.  Whether you prefer Chrome, Firefox or Opera, they will all be safer than Internet Explorer.  While the newer versions of Internet Explorer are an improvement over the past versions, they are still a far cry from the quality of Chrome or Firefox.

 

c)     Back up your computer:  This should be obvious, but it’s not obvious to everyone.  If you have a quality backup strategy, a virus will not be as much of a problem for you.  There are times when a virus removal will cause damage to the operating system.  At these times, we might suggest a re-install of the operating system.  If you have your data backed up, it makes the process quicker and more affordable.

 

d)     Anti-virus basics:  It’s important to have a quality anti-virus installed on your Windows computer.  While a good anti-virus is important, having more than one is a very bad idea.  Anti-virus applications are only effective when they have up-to-date definitions of what a virus is.  For this reason, be sure your anti-virus program updates automatically and at a reasonable time (not 3am on Wednesday nights…. not likely that your computer will be turned on during that time).

 

e)     Avoid suspicious web sites:  There are over a trillion web pages out there right now.  We spend lots of time ‘researching’ information on the web.  Be careful.  Sometimes it’s impossible to know whether a photo will contain malicious content.  Be sure to notice the url of the web site.  For example: microsoft.tisur.com is not microsoft.com.

 

f)      Always scan email attachments:  Some people send viruses to their friends and not even know that they did it.  At Altitude Integrations, we encounter many situations where our clients have had their email accounts hacked.  Once hacked, the hacker will sometimes use that account to send malicious content to the entire address book list.

 

g)     Use a malware scanner:  Malware scanners are different than anti-virus programs.  Many of these applications are free to use.  Just like anti-virus, it’s recommended that you schedule the scans to happen weekly.

2.     Worms

A worm is a self-replicating program that does not need to attach to a host program/file. Unlike viruses, worms can execute themselves. Worms have the ability to spread over a network and can initiate massive and destructive attacks in a short period of time. Worms have been around even longer than computer viruses, all the way back to mainframe days. Email brought them into fashion in the late 1990s, and for nearly a decade, computer security pros were besieged by malicious worms that arrived as message attachments. One person would open a wormed email and the entire company would be infected in short order. The distinctive trait of the worm is that it's self-replicating. When it went off, it hit nearly every email user in the world, overloaded phone systems (with fraudulently sent texts), brought down  networks, and even delayed my daily afternoon paper for half a day. Several other worms, including SQL Slammer and MS Blaster, ensured the worm's place in computer security history. What makes an effective worm so devastating is its ability to spread without end-user action. Viruses, by contrast, require that an end-user at least kick it off, before it can try to infect other innocent files and users. Worms exploit other files and programs to do the dirty work. For example, the SQL Slammer worm used a (patched) vulnerability in Microsoft SQL to incur buffer overflows on nearly every unpatched SQL server connected to the internet in about 10 minutes, a speed record that still stands today.

One typical example of a massive attack is the "SQL Sapphire Slammer (Sapphire)" that occurred on 25 January 2003. The Sapphire exploited an MS SQL Server or MSDE 2000 database engine vulnerability. The weakness lays in an underlying indexing service that Microsoft had released a patch in 2002. It doubled in size every 8.5 seconds, and infected more than 90 percent of vulnerable hosts within 10 minutes. It eventually infected at least 75,000 hosts and caused network outages that resulted in:

Symptoms of a Computer Worm

ü  Slow computer performance

ü  Freezing/crashing

ü  Programs opening and running automatically

ü  Irregular web browser performance

ü  Unusual computer behavior (messages, images, sounds, etc)

ü  Firewall warnings

ü  Missing/modified files

ü  Appearance of strange/unintended desktop files or icons

ü  Operating system errors and system error messages

ü  Emails sent to contacts without the user’s knowledge

While other issues can cause these symptoms, the appearance of multiple symptoms from this list or the repeated occurrence of certain symptoms usually indicates that the computer has been infected with a worm

Protecting yourself from Computer Worms

       i.          Update your operating system, browsers, and plugins. If there’s an update to your computer waiting in queue, don’t let it linger. Updates to operating systems, browsers, and plugins are often released to patch any security vulnerabilities discovered. So while you leave those programs alone, cybercriminals can find their way in through the vulnerabilities. To protect against security flaws in mobile phones, be sure your mobile phone software is updated regularly. Don’t ignore those “New software update” pop-ups, even if your storage is full or your battery is low.

     ii.          Avoid opening emails that you don’t recognize or expect, as many computer worms spread via email.

   iii.          Refrain from opening attachments and clicking on links from untrusted/unfamiliar sources.

   iv.          Run a firewall and antivirus software to be further protected from computer worms. Software firewalls will keep the computer protected from unauthorized access. Choose an antivirus program that includes download scanning functionality (to detect malicious content in email and web downloads) as well as malware removal tools.

 

3.     Trojan Horses

A Trojan is also known as Trojan horse. It is a type of malicious software developed by hackers to disguise as legitimate software to gain access to target users' systems. Users are typically tricked by some attractive social media adds who then directed to malicious website thereby loading and executing Trojans on their systems. Cyber-criminals use Trojans to spy on the victim user, gain illegal access to the system to extract sensitive data. These actions can include: deletes data, copies data, modifies data, blocks data

Disrupts the performance of the target computers or networks

A Trojan horse is a non-replicating program that appears legitimate, but actually performs malicious and illicit activities when executed. Attackers use Trojan horses to steal a user's password information, or they may simply destroy programs or data on the hard disk. A Trojan horse is hard to detect as it is designed to conceal its presence by performing its functions properly.. Trojans masquerade as legitimate programs, but they contain malicious instructions. They've been around forever, even longer than computer viruses, but have taken hold of current computers more than any other type of malware.

A Trojan must be executed by its victim to do its work. Trojans usually arrive via email or are pushed on users when they visit infected websites. The most popular Trojan type is the fake antivirus program, which pops up and claims you're infected, then instructs you to run a program to clean your PC. Users swallow the bait and the Trojan takes root.

Trojans are hard to defend against for two reasons: They're easy to write (cyber criminals routinely produce and hawk Trojan-building kits) and spread by tricking end-users which a patch, firewall, and other traditional defense cannot stop. Malware writers pump out Trojans by the millions each month. Antimalware vendors try their best to fight Trojans, but there are too many signatures to keep up with.

Some recent examples are:

ü  Trojan horses embedded into online game plug-ins which will help online gamer to advance their game characters; however, the online game account and password are also stolen. The gamer's cyber assets are therefore stolen.

ü  Trojan horses are embedded into popular commercial packages and uploaded to network websites for free download or to be shared across peer-to-peer download networks.

Trojan horses are particularly dangerous due to the fact that they can also open a back door into a system and allow an attacker install further malicious programs on your computer. Back Orifice and SubSeven are two well-known remote access Trojan horses that allow attackers to take control of a victim's computer.

TYPES OF TROJAN

a.      Trojan-Downloader: is a type of virus that downloads and installs other malware.

b.     Trojan-Droppers are complex programs used by cyber criminals to install malware. Most antivirus programs do not detect droppers as malicious, and hence it is used to install viruses.

c.      Ransomware - It is a type of Trojan (Trojan - ransom) that can encrypt the data on your computer/device. The cyber criminals who control this ransomware would demand a ransom for providing the decryption key. It is very difficult to recover the data without the decryption key.

d.     Trojan-Banker malware programs steal account-related information related to card payments and online banking.

e.      Trojan-Rootkits prevent detection of malware and malicious activities on the computer. These are sophisticated malware that provides control of the victim's device. Rootkits are also used to enroll the victim's device as part of a botnet.

f.      Trojan-Backdoor is a popular type of Trojan. It creates a backdoor to allow cyber criminals to access the computer later on from remote using a remote access tool (RAT). As this Trojan provides complete control over the computer, it is a dangerous but commonly used Trojan.

HOW DO TROJANS HORSE VIRUS INFECT THE SYSTEM

       i.          Backdoor

A backdoor Trojan gives the hackers malicious access to take remote control over the infected computer. They entitle the malicious hacker to work on the infected computer as per the malicious intentions. They can send, receive, delete and launch files, display data and reboot the computer. Backdoor Trojans are mostly used by hackers to exploit a group of infected computers to form a zombie network or malicious botnet that can be used for criminal purposes.

 

     ii.          Exploit

Exploit is a type of Trojan that contains a malicious code or data to attack a vulnerable software or application that runs on an infected computer.

   iii.          Rootkits

Rootkits are developed by malware authors to gain access to the victim’s system, while they conceal their presence or their malicious activities from being detected to extend their presence to run and execute on the infected computer.

   iv.          Trojan-Banker

This is a type of trojan developed to extract user's account data, debit or credit card data through online banking systems, e-payment gateway.

     v.          Trojan-DDoS

These programs are developed to perform Denial of Service (DOS) attacks so as to infect the victim's web address. the malware program sends multiple from the victim's infected computer and forms a network with several other infected computers –to strongly enforce an attack against the target address causing a denial of service.

   vi.          Trojan-Downloader

Trojan-Downloaders as the name suggests, it is developed by hackers to download and install new versions of malicious programs onto the target victim's computer.

  vii.          Trojan-Dropper

These programs are developed by malware authors to install Trojans/viruses and escape the detection of malicious programs. Most of the traditional antivirus programs are inefficient to scan all the components this Trojan.

viii.          Trojan-FakeAV

Trojan-FakeAV programs pretend to operate like an antivirus software. They are developed by cyber thieves to obtain money from the target user – in return, in order to detect and remove threats, despite the threats that they report are non-existent in real-time.

   ix.          Trojan-GameThief

The main targets for Trojan-Game Thief are online gamers and their prime motive is to steal the user account information.

     x.          Trojan-IM

Trojan-IM programs primarily extract users' logins and passwords of Skype, Facebook Messenger, ICQ, MSN Messenger, Yahoo Pager, AOL, and many more.

   xi.          Trojan-Ransom

Trojan-Ransom is developed to alter data on the victim's computer – so that the system doesn’t perform its function correctly and also it does not let the user, use certain data. The criminal would demand a ransom to be paid by the victim to unblock the restricted access to the data and restore the computer’s performance.

 

 

  xii.          Trojan-SMS

Trojan-SMS programs send text messages from the victim's mobile device to other phone numbers.

xiii.          Trojan-Spy

Trojan-Spy programs, as the name suggests, can spy on how the victim is using the computer – for example, tracking data, taking screen shots or extracting a list of running applications.

xiv.          Trojan-Mailfinder

These programs are developed by hackers to extract email addresses from the victim's computer.

ways to prevent Trojan infection

 

v Remove software you don’t use (especially legacy programs). So, you’re still running Windows XP or Windows 7/8.1? Microsoft discontinued releasing software patches for Windows XP in 2015, and Windows 8 and 10 are only under extended support. Using them without support or the ability to patch will leave you wide open to exploit attacks. Take a look at other legacy apps on your computer, such as Adobe Reader or older versions of media players. If you’re not using them, best to remove.

 

v Read emails with an eagle eye. Phishing is a cybercrime mainstay, and it’s successful only when readers don’t pay attention or know what to look for. Check the sender’s address. Is it from the actual company he or she claims? Hover over links provided in the body of the email. Is the URL legit? Read the language of the email carefully. Are there weird line breaks? Awkwardly-constructed sentences that sound foreign? And finally, know the typical methods of communication for important organizations. For example, the IRS will never contact you via email. When in doubt, call your healthcare, bank, or other potentially-spoofed organization directly. Cybercriminals love spoofing banks via SMS/text message or fake bank apps. Do not confirm personal data via text, especially social security numbers. Again, when in doubt, contact your bank directly.

 

v Do not call fake tech support numbers. there tech support scams. The bane of our existence. These often involve pop-ups from fake companies offering to help you with a malware infection. How do you know if they’re fake? A real security company would never market to you via pop-up saying they believe your computer is infected. They would especially not serve up a (bogus) 1-800 number and charge money to fix it. If you have security software that detects malware, it will show such a detection in your scan, and it will not encourage you to call and shell out money to remove the infection. That’s a scam trying to infect you. Don’t take the bait.

 

v Do not believe the cold callers. On the flip side, there are those who may pick up the phone and try to bamboozle you the good old-fashioned way. Tech support scammers love to call up and pretend to be from Microsoft. They’ve detected an infection, they say. Don’t believe it. Others may claim to have found credit card fraud or a loan overdue. Ask questions if something feels sketchy. Does the person have info on you that seems outdated, such as old addresses or maiden names? Don’t confirm or update the info provided by these callers. Ask about where that person is calling from, if you can call back, and then hang up and check in with credit agencies, loan companies, and banks directly to be sure there isn’t a problem. You can block calls until pigs fly, but there will always be a scammer ready with a new number (especially one that looks similar in area code and first three digits to yours). Many cybersecurity programs for Android and iPhone can put the bulk of those calls to rest, meaning an unidentified number needn’t stress you out as much. Of course, when in doubt, screen your calls.

Practice safe browsing

There’s such a thing as good Internet hygiene. These are the things you should be doing to protect against external and internal threats, whether you’ve lost your device and need to retrieve it or want to stay protected when you shop online.

“While many of the threats you hear about on the news make it seem like there is no way to protect yourself online these days, the reality is that by following some basic tips and maintaining good habits while online, you will evade infection from over 95 percent of the attacks targeting you,” says Adam Kujawa, Head of Intelligence for Malwarebytes. “For that last 5 percent, read articles, keep up with what the actual security people are saying, and follow their advice to protect yourself.”

v Use strong passwords and/or password managers. A strong password is unique, is not written down anywhere, is changed often, and isn’t tied to easily found personal information, like a birthday. It’s also not repeated for different logins. Admittedly, that’s a tough cookie to chew on. If you don’t want to worry about remembering 5,462 different rotating passwords, you may want to look into a password manager, which collects, remembers, and encrypts passwords for your computer.

v Make sure you’re on a secure connection. Look for the proper padlock icon to the left of the URL. If it’s there, then that means the information passed between a website’s server and your browser remains private. In addition, the URL should read “https” and not just “http.”

v Log out of websites after you’re done. Did you log into your healthcare provider’s site using your super-strong password? You could still be leaving yourself vulnerable if you don’t log out, especially if you’re using a public computer. It’s not enough to just close the browser tab or window. A person with enough technical prowess could access login information from session cookies and sign into a site as you.

 

v Use firewall, anti-malware, anti-ransomware, and anti-exploit technology. Your firewall can detect and block some of the known bad guys. Meanwhile, Malwarebytes products use multiple layers of tech to fend off sophisticated attacks from unknown agents, stopping malware and ransomware infection in real time and shielding vulnerable programs from exploit attack.

 

Generally malicious code is the kind of harmful computer code or web script designed to create system vulnerabilities leading to back doors, security breaches, information and data theft, and other potential damages to files and computing systems. It's a type of threat that may not be blocked by antivirus software on its own. According to Kaspersky Lab, not all antivirus protection can treat certain infections caused by malicious code, which is different from malware. Malware specifically refers to malicious software, but malicious code includes website scripts that can exploit vulnerabilities in order to upload malware.

It is an auto-executable application that can activate itself and take on various forms, including Java Applets, ActiveX controls, pushed content, plug-ins, scripting languages or other programming languages that are designed to enhance Web pages and email.

The code gives a cybercriminal unauthorized remote access to the attacked system  called an application back door  which then exposes sensitive company data. By unleashing it, cybercriminals can even wipe out a computer's data or install spyware. These threats can reach a