Cybersecurity Primer: Malicious Code Examples

Illustration comprised of icons representing computer security threats like malicious code, viruses and ransomware.

“Our daily life, economic vitality, and national security depend on a stable, safe, and resilient cyberspace,” according to the Department of Homeland Security (DHS). Cybercriminals “exploit vulnerabilities to steal information and money and are developing capabilities to disrupt, destroy, or threaten the delivery of essential services.”

The DHS cited the high demand for more cybersecurity professionals to protect network and information systems across the nation. Given the potential damage and costs that can occur in cybersecurity as well as the increasing complexity of this field, more cybersecurity professionals are needed across intelligence and business environments.

Cybersecurity Risks

Malicious code is part of a software system or script intended to cause some undesirable effect, such as a security breach or direct damage to a system. The code cannot be efficiently controlled by conventional antivirus software alone, and it can take a number of forms. For instance, several types of malicious code can be found online in Java applets, scripting languages, ActiveX controls, browser plug-ins and pushed content.

“The code gives a cybercriminal unauthorized remote access to the attacked system — called an application back door — which then exposes sensitive company data,” according to cybersecurity and antivirus company Kaspersky Lab. “By unleashing it, cybercriminals can even wipe out a computer’s data or install spyware.”

Potentially, a cyberattack can shut down a business, requiring the company to not only determine a way out of the attack to return to a normal state, but recuperate the loss of business. The cost of a data breach in North America increased in 2017, with the total impact of a data breach amounting to $1.3 million for large companies and $117,000 per incident for small- and medium-sized businesses, TechRepublic reported. The top financial losses for enterprises result from additional staff wages needed ($207,000), while for small- and medium-sized businesses, it’s from loss of business ($21,000) and employing external professionals ($21,000).

As a result, more companies and governmental agencies are relying on white hat hackers, or cybersecurity experts who use their skills ethically. A report found that American companies’ cybersecurity budgets have grown twice as much as information technology budgets over the past two years, and more than 75 percent of U.S. executives surveyed said they were more concerned about cybersecurity threats than the previous year.

Types of Malicious Code

Here are a few categories of viruses and malicious code, according to software company Symantec Corporation.

File Infector Viruses

This type of virus infects other files or programs on a computer system. It is present inside a system’s memory after a “host” program is run. The virus can spread to other programs as they are opened or lie dormant inside another program, infecting another program or file when the program starts.

Another more complex file infector alters the route a computer takes to open a file. The virus is opened first, followed by the original program. If the virus, via an infected program or file, is passed over a network or removable discs, it will infect the new computer once the program or file is opened.

Boot Sector Viruses

Instead of infecting programs, boot sector viruses infect hard drives and removable discs. The boot sector is located at the beginning of a hard drive or disc. When infected, the system may have no noticeable problems or it may fail to boot or display error messages while booting.

Macro Viruses

Macro viruses distribute themselves through an application’s own macro programming language. Instead of infecting programs, they infect documents. According to Symantec, they are by far the most common type of malicious code due to the popularity of software like Microsoft Office, which uses macro programming languages extensively in the suite of products.

For example, when an infected file is opened in Microsoft Word, the virus infects the base template (Normal.dot), which is the framework for all created Word documents. The infected template causes all documents opened to be infected as well. The program becomes a carrier of the macro virus.

Worms

A worm is a piece of code that replicates itself and can travel via a computer network, across the internet or by other means. Most worms are created using simple scripting languages, which can be formed by a text editor.

The NotPetya worm attacked several companies and affected their Q2 2017 earnings.

  • The world’s second-largest confectionary company, Modelez International, which owns brands like Oreo, Nabisco and Ritz, reported a 5 percent drop in quarterly sales resulting from a drop in shipping and invoicing delays due to the worm.
  • Drug maker Merck stopped production of some drugs and was still trying to understand the full costs associated with the attack.
  • Others affected include British consumer goods maker Reckitt Benckiser and shipping companies FedEx and A.P. Moller-Maersk.

Worms have also undermined IoT security measures. For example, BrickerBot has found thousands of IoT devices by taking advantage of their default passwords, and the Hajime worm has built a network of 300,000 malware-compromised devices.

Trojan Horses

Trojan horses are malicious programs that disguise themselves as harmless software. Some Trojans are within other programs, so when the original program is installed, the Trojan program is also installed.

Trojans have a server, which is installed on the victim’s computer, and a client on the owner’s computer, allowing the remote owner the ability to send commands to the computer as if the owner was sitting at the victim’s computer. There are several types of Trojans that can take over a computer, steal account data, download and install new malicious programs, spy on the user and more.

Users can be held liable for legal damages if their network is used as part of some type of cyberattack. It can also be difficult to defend against prosecution if a Trojan-based attack is traced back to the computer.

Applying Cybersecurity Knowledge to Your Career

Aurora University’s online Bachelor of Science in Computer Science and online Bachelor of Science in Cybersecurity degree programs equip students with the knowledge and skills needed to pursue a future in cybersecurity or for roles as computer programmers, web developers, computer systems analysts and more. The online Master of Arts in Homeland Security can also prepare students for cybersecurity-related positions in the field. These programs take place in a fully online environment, allowing students to manage their work and personal schedules.