Chapter 10: Software Development Security - Malware

Malware, also known as malicious software, comes in many forms. Some examples are viruses, worms, Trojan horses, and logic bombs. Malware can be spread through a variety of methods, including email and downloads from the internet. First off, I want to identify what a virus is and the different types of viruses. A virus is an application that infects software. They cannot reproduce on their own, and must have a host program. After attaching to a host application, it then gives its payload to the host. The payload could be a few different things such as deleting files, displaying useless information, or thieving data from the application or system that it has infected. A macro virus is a form of a virus that infects macro programs; programs that are written in Word Basic, Visual Basic, or VBscript. They generally infect Microsoft Office. They are pretty easy to write and affect the templates of documents. A boot-sector virus is one that, as the name implies, affects the boot sector of a computer. They either reposition data or override data within the boot sector. A third type of virus, the compression virus, finds an uninfected executable file and attaches itself to it. It them compresses the executable using system permissions. When the user runs that executable, the virus proceeds to run. A stealth virus is one that essentially makes it look like the system is the same as it was before infection. Another common type of malware is a worm. A worm is a program that replicates itself in order to spread to other machines. It usually spreads through networks that have security flaws. While a virus has to have a host program, worms do not. They can be standalone programs. A Trojan horse is a program that disguises itself to look like an existing program. For example, the Trojan horse can look exactly like an everyday application. When a user runs makes the unknowing mistake of opening the Trojan horse (because it looks just like the app they use daily) the regular app is opened but the Trojan horse is executing its malicious actions in the background. Unlike viruses, they do not replicate themselves but can be just as devastating as viruses. A logic bomb slightly differs from the the previous types of malware discussed. It is a sting of code that is executed when certain conditions are met. For example, it could be coded in such a way that when a user visits a certain website, it triggers the logic bomb and, for example, deletes certain specified files from the system.