Malicious Code Attacks
Worm, virus, and Trojan horse attacks constitute a potential threat to end-user workstations.
Worms
A worm executes code and installs copies of itself in the memory of the infected computer, which can, in turn, infect other hosts on the network. The structure of a worm attack is as follows:
- Creating loopholes- A worm installs itself by exploiting known vulnerabilities in systems, such as naive end users who open unverified attachments in e-mails.
- Parasitic ability- After gaining access to a host, a worm copies itself to that host and then selects new targets.
- Payload-Once a host is infected with a worm, the attacker has access to the host, often as an authorised user. Attackers could use a local exploit to escalate their privilege level to administrator.
Solution
1. Contain the spread of the worm in and within the network. Sort out parts of the network that are not infected.
2. Start patching all systems and, if possible, scanning for vulnerable systems.
3. Scan and locate each infected workstations inside the network. Disconnect, remove, or block infected machines from the network.
4 Clean and patch each infected system. Some worms may require complete core system reinstallations to clean the system.
Viruses
A virus is malicious software that is attached to another program file so that they can spread from one machine to another. For your machine to be infected, you must have or had run an infected program or software.
Viruses are potential threats to machines and the entire network, they don’t only constitute a strain or nuisance; but are like a time bomb that could destroy all files or contents in your hard drive.
A virus normally requires a delivery mechanism-a vector-such as a zip file or some other executable file attached to an e-mail, to carry the virus code from one system to another. The key element that distinguishes a computer worm from a computer virus is that human interaction is required to facilitate the spread of a virus.
Trojan Horses
A Trojan is a software or program that has a hidden agenda! It is a program written to look like something else. When a software or program that contains Trojan virus is run on your computer, it is doing something else different from what it is meant to do.
For example, you install oe download a free game or software from the Internet, while you are busy running or playing the game; the Trojan horse mails a copy of itself to every address in your address book. The other users receive the game and play it, thereby spreading the Trojan horse to the addresses in each address book.
Most Trojan horse creates loopholes or backdoor program on user systems, attackers can use the program to cause mouse cursors to disappear or use it to install keystroke loggers (programs that record all user keystrokes) to capture sensitive information.
Solution
1. The effective use of antivirus software at the user level, and potentially at the network level. Antivirus software can detect most viruses and many Trojan horse applications and prevent them from spreading in the network.
2. Keep your antivirus software and network operating systems (OS ) up to date. Be updated with the latest developments in these sorts of attacks so as to not be caught unawares.
Related topics
