Malicious logic is defined as any instructions which may “cause a site’s security policy to be violated” . This typically includes applications which surreptitiously perform harmful actions on behalf of a subject. This paper focuses on Trojan Horses, various types of computer viruses, and worms. Also discussed are risk mitigation methodologies used to combat malicious logic.
Trojan Horses :
In computers, a Trojan horse is a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage, such as ruining the file allocation table on your hard disk. In one celebrated case, a Trojan horse was a program that was supposed to find and destroy computer viruses. A Trojan horse may be widely redistributed as part of a computer virus.
The term comes from Greek mythology about the Trojan War, as told in the Aeneid by Virgil and mentioned in the Odyssey by Homer. According to legend, the Greeks presented the citizens of Troy with a large wooden horse in which they had secretly hidden their warriors. During the night, the warriors emerged from the wooden horse and overran the city. Trojan horse is a generic name given to all Trojan programs and they can be further categorized by their primary payload functions and may generally includes the following types:
- Backdoor.Trojan - a Trojan with a primary purpose of opening a back door to allow remote access at a later time.
- Downloader - a Trojan with a primary goal of downloading another piece of software, usually additional malware.
- Infostealer - a Trojan that attempts to steal information from the compromised computer.
Viruses
In computers, a virus is a program or programming code that replicates by being copied or initiating its copying to another program, computer boot sector or document. Viruses can be transmitted as attachments to an e-mail note or in a downloaded file, or be present on a diskette or CD. The immediate source of the e-mail note, downloaded file, or diskette you've received is usually unaware that it contains a virus.
Some viruses wreak their effect as soon as their code is executed; other viruses lie dormant until circumstances cause their code to be executed by the computer. Some viruses are benign or playful in intent and effect and some can be quite harmful, erasing data or causing your hard disk to require reformatting. A virus that replicates itself by resending itself as an e-mail attachment or as part of a network message is known as a worm.
Generally, there are three main classes of viruses:
File infectors. Some file infector viruses attach themselves to program files, usually selected .COM or .EXE files. Some can infect any program for which execution is requested, including .SYS, .OVL, .PRG, and MNU files. When the program is loaded, the virus is loaded as well. Other file infector viruses arrive as wholly-contained programs or scripts sent as an attachment to an e-mail note.
System or boot-record infectors. These viruses infect executable code found in certain system areas on a disk. They attach to the DOS boot sector on diskettes or the Master Boot Record on hard disks.
Macro viruses. These are among the most common viruses, and they tend to do the least damage. Macro viruses infect your Microsoft Word application and typically insert unwanted words or phrases.
The best protection against a virus is to know the origin of each program or file you load into your computer or open from your e-mail program. Since this is difficult, you can buyanti-virus software that can screen e-mail attachments and also check all of your files periodically and remove any viruses that are found. From time to time, you may get an e-mail message warning of a new virus. Unless the warning is from a source you recognize, chances are good that the warning is a virus hoax.
The computer virus, of course, gets its name from the biological virus. The word itself comes from a Latin word meaning slimy liquid or poison.
In a computer, a worm is a self-replicating virus that does not alter files but resides in active memory and duplicates itself. Worms use parts of an operating system that are automatic and usually invisible to the user. It is common for worms to be noticed only when the uncontrolled replication consumes system resources, slowing or halting other tasks.
A worm is another kind of computer virus. The distinction between viruses and worms is that a worm has the ability to copy itself to other systems . Viruses can be designed to detect vulnerabilities in other systems and use those vulnerabilities as attack vectors in which to spread to other systems. Another method of spreading is the use of the subject’s email client (Bishop). By surreptitiously sending an infected file to contacts from the client’s address book, worms can propagate themselves exponentially using the initial subject’s contacts as a starting point.
