Create New Article

Wiki Search

Personal tools

Malicious Software

From Proprofs

Malicious Software

You are here: Home > Schools > Comptia > Security+ Certification > Wiki Home > Study Guide

Security+ Study Guide


Table Of Contents


[edit section] Malicious Software: Viruses, Trojan Horses, Worms

Despite all the hype about viruses and worms, the Security+ exam actually does not heavily test on viruses and the like. However, you will probably see at least a few questions on these topics and we will therefore go into some detail on the differences between different types of malicious programs and how they can be avoided or prevented from propagating.

[edit section] Viruses

A computer virus is malicious software that propagates itself upon the action of a user. For example, some viruses send emails promising great information on how to get rich quickly or pleasant images. The user then opens some sort of executable attachment (that is almost certainly not what is promised) and the virus either immediately acts or waits as a dormant drone to act, either upon the request of a master host or some sort of time period. Viruses typically inflict damage by either destroying files categorically or installing new files that drastically affect the performance of the computer. Most viruses also act to “insert” themselves into various executable files, increasing the likelihood that a user will re-run the malicious executable file.

One of the core tendencies of any computer virus is propagation. Most viruses include some mechanism for both local and network propagation, including the sending of instant messages, the setting up of web servers, and of course, emails. However, viruses are not truly “self-propagating” in the sense that the virus is actually incapable of “forcing” itself on another host machine in most cases. A virus typically needs user interaction to act (such as opening an attachment). This need for user interaction is usually seen as what separates a virus from a worm.

[edit section] Worms

Unlike the friendly creatures that crawl beneath the crust, computer worms can be extremely destructive and costly malicious programs that self-propagate to cause unbelievable damage to computer networks across the world. Alternatively, worms can help provide us the wonders of Google and Yahoo search engines. How can a worm be so good and yet so bad?

Actually, worms are not inherently evil. Worms are simply pieces of software that are able to (through various means) self-propagate about the Internet. In many cases, computer worms provide various services that we all love and utilize. One such worm is the World Wide Web Worm, which “crawls” the Internet to pick up data from web pages for categorization and indexing that we later utilize through popular search engines. Other “friendly” worms work to quickly patch software that is vulnerable to attacks by – you guessed it – other worms!

However, some worms also do irreparable damage to computers. Many of these worms, which carry malicious payloads, install self-destructive software or a backdoor into the PC. Remote control of infected hosts is often a primary goal of worm writers who seek to crash high-profile websites and services through “Denial of Service” attacks.

[edit section] Trojan Horses and Backdoors

A Trojan horse or backdoor is any software that attempts to give a remote user unauthorized access to a host machine or user account. Some backdoors actually serve a legitimate purpose (SSH, for example, might be classified as a “backdoor”) but in general, the terms “backdoor” and especially “Trojan horse” are associated with malicious intent.

Some popular Trojan horses include:

  • BackOrfice
  • NetBus
  • SubSeven
  • VNC (can be used legitimately but also used for unauthorized access in conjunction with a worm)

[edit section] Quick Review

1. What is a fundamental difference between a worm and a virus?

a. Worms are less destructive

b. Worms only act on the lower layers of the OSI model

c. Worms do not require user intervention

d. Worms are more destructive

2. You notice unusual network traffic on a port number whose function you cannot identify. This is probably the mark of a (an):

a. NetBIOS session

b. Trojan horse

c. Exploit

d. Telnet session

3. Which of the following is not true of viruses?

a. They tend to carry malicious payloads

b. They can be timed to attack

c. They destroy hardware and software components of a PC

d. They can overwhelm a network

[edit section] Answers:

1. Worms are truly self-propagating as they utilize exploits and other tricks to propagate without the use of user intervention. The answer is C.

2. Trojan horses usually employ unusual port numbers and traffic. The answer is B.

3. All of the choices are true except C, because a virus cannot actually destroy hardware. The answer is C.

<<                              Table Of Contents                               Next Page>>>

Top 5 Contributors to this article

UsersArticle Contributions
Proprofs 6 contribs
Jbrown 5 contribs

Home  |  Site Map  |  Contact
Copyright © 2005-2014 - Privacy & Terms