ArchOIT.org

Office of Information Technology for the Archdiocese of Philadelphia

ArchOIT.org

Office of Information Technology for the Archdiocese of Philadelphia

What is Malicious Code?

Definition: code in any part of a software system or script that is intended to cause undesired effects, security breaches or damage to a system.

Types:

  1. Viruses – pieces of code that attach to host programs and propagate when an infected program executes
  2. Worms – particular to networked computers, carry out pre-programmed attacks to jump across the network
  3. Trojan Horses – hide malicious intent inside a host program that appears to do something useful
  4. Attack Scripts – programs written by experts to exploit security weaknesses, usually across the network
  5. Java Attack Applets – programs embedded in Web pages that gain foothold through a browser
  6. ActiveX Controls – program components that allow malicious code fragment to control applications or the OS
  7. Logic Bombs – a piece of malicious code that executes when specific trigger conditions are met.
    1. Example would be a program that monitors a company’s payroll system, and attacks the company if a specific employee is terminated.
  8. Spyware – Unethical programs that covertly gather user information through an Internet connection without the user’s knowledge
  9. Adware – used to describe a form of malware which presents unwanted advertisements to the user. The advertisements produced by adware are sometimes in the form of a pop-up or sometimes in an “un-closable window”.
  10. Backdoor Programs – a means of access to a computer program that bypasses security mechanisms. A programmer may sometimes install a backdoor so that the program can be accessed for troubleshooting or other purposes. However, attackers often use back doors that they detect or install themselves, as part of an exploit.

Tips to avoid viruses and spyware:

  1. Install quality anti-virus
    1. Avoid free anti-virus software as they don’t often get newest anti-virus definitions and won’t secure your PC if infected.
  2. Install real-time anti-spyware protection (fully licensed version)
  3. Keep anti-virus and anti-spyware programs up-to-date
  4. Perform frequent scans
  5. Disable autorun for CDs/DVDs/Applications
  6. Disable image previews in Outlook or other E-mail clients
  7. Don’t click on email links or attachments without at least first scanning them for viruses using a business-class anti-malware application.
  8. Surf smart – Many business-class anti-malware applications include browser plug-ins that help protect against drive-by infections, phishing attacks (in which pages purport to serve one function when in fact they try to steal personal, financial, or other sensitive information), and similar exploits. Still others provide “link protection,” in which Web links are checked against databases of known-bad pages. Whenever possible, these preventive features should be deployed and enabled.
  9. Turn on your computer’s firewall