What is Malicious code?

                     Malicious code refers to any code that can be any part of a software system or script that is intended to cause undesired effects, security breaches, or damage to a system. It is distributed through an ever growing number of delivery mechanisms. It is any software that impedes the normal operation of a computer or networking device and executes without the user’s consent.
The following can be the main reasons of a successful malicious code attack:

• Flaws in the design of software
• Vulnerabilities of a computer system or network
• Social engineering attacks
• Human error and lack of knowledge in computers
• Tenacity on the part of hackers, thieves, and spies

Types of Malicious Code: The following types of malicious code exist:

1. E-mail Viruses and Miscellaneous Viruses
2. Trojans and Other Back-doors
   
3. Worms
4. Blended Threats
5. Time Bombs
6. Spy-ware
   
7. Ad-ware
   
8. Steal-ware
   
9. Action Steps to Combat Malicious Code Attacks.                   

                             The working process of a worm is shown in the figure below : 

1. E-mail Viruses and Miscellaneous Viruses: A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the owner. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer. Computer viruses replicate and spread from one system to another. Some of the viruses replicate and clog e-mail systems. Some viruses have a malicious payload that can execute commands on computers such as deleting or corrupting files or disabling security software.
   
   Types of Viruses: The following are the main types of viruses currently being distributed:
   • Boot Sector Virus: A boot sector virus infects the master boot files of the hard disk or floppy disk. Boot record programs are responsible for booting the operating system and the boot sector virus copies these programs into another part of the hard disk or overwrites these files. Therefore, when the floppy or the hard disk boots, the virus infects the computer.
   • File deleting viruses: File deleting viruses are designed to delete certain types of files such as word processing document, or spreadsheets or graphics files. These viruses have the tasks of deleting specifically named files such as those that enable computers to launch applications.
   • File infecting viruses: These viruses attach themselves to certain types of files in the hard disk and when the user runs a particular file, the virus gets executed. These viruses spread by attaching themselves to executable files. These viruses attach themselves to executable files with extension .com, .exe, .dll.
   • Macro viruses: A macro virus is a virus that consists of a macro code which infects the system. A macro virus can infect a system rapidly. Since this virus has VB event handlers, it is dynamic in nature and displays random activation. The victim only has to open a file having a macro virus in order to infect the system with the virus. DMV, Nuclear, and Word Concept are some good examples of macro viruses.
   • Mass mailers: Mass mailers use e-mail programs on a computer and replicate by e-mailing themselves to the addresses stored in the address book of the e-mail program. These are very critical to handle, as they can overwhelm computer users by drowning the email boxes with thousands of messages.
   • W32 virus: These viruses infect Windows programs such as Notepad, Word-pad, Solitaire, etc.
   • Script virus: These types of viruses are transferred by email. It is embedded into the mail itself. When a user opens the infected email, it infects the computer system.
   • Multipartite virus: These viruses are the combination of a boot sector virus and a file infected virus.
   • Polymorphic virus: Polymorphic virus has the ability to change its own signature at the time of infection. This virus is very complicated and hard to detect. When the user runs the infected file in the disk, the file loads the virus into the RAM. The new virus starts making its own copies and infects other files of the operating system. The mutation engine of a polymorphic virus generates a new encrypted code; this changes the signature of the virus. Therefore, polymorphic viruses cannot be detected by the signature-based anti-virus.
   • Stealth viruses: A stealth virus is a file virus that infects the computer and then hides itself from detection by anti-virus software. It uses various mechanisms to avoid detection by anti-virus software. It hides itself in the computer memory after infecting the computer. It also masks itself from applications or utilities. The virus may save a copy of original and uninfected data. When the anti-virus program tries to check the files that have been affected, the virus shows only the uninfected data. This virus generally infects .COM and .EXE files.
   • Socially engineered e-mail messages are used to lure computer users. These e-mail messages contain interesting files. Whenever a user opens these messages, the virus automatically gets executed.
   • Virus hoaxes: These are e-mail messages. They provide false warnings about a computer virus and typically request the recipients to forward them on to the other computer users as a service.
2. Trojans and other back-doors: Trojan horses are very problematic. Trojan horses are basic types of malicious code and used by malicious hackers to access system files. Hackers can change file settings, steal files or passwords, damage files, or monitor the activities of other computers on the network.
3. Worms: Worms are programs that replicate themselves from one system to another without using a host file. Although in most cases worms exist inside files, such as Word or Excel documents, there is a difference between how worms and viruses use the host file. Usually, a worm releases a document that already has a macro containing a worm inside the document.          
4. Spy-ware: Spy-ware is a program that takes partial control over a user’s computer without user’s permission. Spy-ware programs can collect various types of personal information, such as Internet surfing habits, and Web sites that the user has visited. Spy-ware programs can also interfere with the control of a user’s computer, such as installing additional software, redirecting Web browser activities, accessing Web sites blindly, etc. 
5. Adware: Ad-ware is software that automatically downloads and displays advertisements in the Web browser without user permission. When a user visits a site or downloads software, sometimes hidden ad-ware is also downloaded to display advertisement automatically. This can be quite irritating to the user. Some ad-ware can also be spy-ware.