Contents:
Believe it or not, malicious code has been around for half a century already. What started as an education lab experiment made its way into the wild, wreaking havoc on companies and home users alike.
Famous examples of malicious code criminal activity in recent history include the 2019 Texas ransomware attack or the 2018 Trojan incident in the Pennsylvania city of Allentown caused by Emotet malware. Becoming familiar with the cyber threats that lurk on the Internet is thus the first step you can take in keeping your devices and information safe.
Key takeaways
- malicious code are parts of software built to damage computers and systems
- viruses, logic bombs, worms, keyloggers, spyware, adware, ransomware, bots, trojans are all malicious code examples
- DNS filtering, NextGen AVs, and firewalls keep you safe from malicious code
- Slow performance and frequent crashing in a computer can indicate malicious code infection
What is a Malicious Code?
Malicious code describes any code in a software or web script that aims to harm a computer or system. It can:
- deliver malware
- compromise data integrity
- exfiltrate data
- exploit systems
Malicious code can also grant cybercriminals remote access to the target’s system, by creating an application backdoor.
Malicious code comes in a variety of forms:
- locally installed programs/software
- scripting languages
- browser add-ons/plug-ins
- ActiveX controls
- infected websites, etc.
This means the malicious code will look familiar and inoffensive to the victims and their devices. It will be hard to spot it before it activates on the machine.
Examples of malicious code computer program types include:
- scripting languages
- plug-ins
- pushed content
- ActiveX controls
- and Java Applets
7 Malicious Code Examples
The most common malicious code examples out there include computer viruses, Trojan horses, worms, bots, spyware, ransomware, and logic bombs. I will go over the mechanics behind each one.
Computer Viruses
A computer virus is a type of malicious application that executes and replicates itself into computer programs. It needs to attach itself to a file or program in order to spread to other devices.
The earliest known virus dates back to the ARPANET of the 1970s, the Internet’s predecessor. Known under the name Creeper, its creator didn’t design it as malicious software. Creeper was part of research into the topic of self-replicating code.
Unfortunately, that changed for the worse. In 1982 the first virus appeared in the wild. As a response to the threat, the antivirus software industry developed. Nowadays, advanced solutions like Heimdal™ Next-gen Endpoint Antivirus are fighting to keep devices safe.
Computer Worms
A computer worm is a kind of malicious program that replicates itself to spread to as many devices as possible. Its behavior is very similar to that of a virus, which is why researchers consider worms are a subtype of virus. A worm is able to deal maximum damage and often spread itself across a network. For this reason, this type of threat is also known as a network worm.
What sets viruses and worms apart is their propagation method. While the virus requires some sort of human action to travel, the worm proliferates independently. Viruses depend on victims who share infected websites or files, while worms use a system’s information transport features.
Trojan Horses
A Trojan is an example of malicious code that is heavily reliant on social engineering to mislead its targets. Due to the deceptive practices it associates with, the threat was named after the Trojan Horse that the Greeks used to conquer Troy.
Unlike a self-replicating virus, the Trojan horse requires users to execute an infected file on the targeted device. This is where social engineering tactics come in, which see hackers attempting to trick victims by feigning authority or legitimacy.
Trojans don’t try to inject their code into other files and don’t propagate across a device. Their main purpose is to create an application backdoor that cybercriminals can exploit to get banking details, login credentials, or other personally identifiable information.
Internet Bots
Also known as web robots, Internet bots are software that run automated scripts. Hackers use them to perform simple and repetitive tasks, like sending instant messages or crawling websites. Facebook and Google notoriously use these ‘good bots’ to facilitate certain everyday jobs instead of wasting the time of their human employees.
Nonetheless, such a thing as ‘bad bots’ exists as well. To create them, cybercriminals infect entire networks of devices with viruses, worms, or Trojans. This way they turn the devices into so-called zombies. Such a malicious system is called a botnet and is at the beck and call of the hacker that created it with the help of a command-and-control server.
Both mobile and desktop devices can be victims of this practice. Like IoT devices and Internet infrastructure hardware for example.
Botnets are eventually used to enable bot attacks such as brute force attacks and distributed denial of service (DDoS) attacks.
Spyware/Adware
Spyware is a type of malicious software that pries into the devices it targets and gathers sensitive information about a person or organization. Hackers then relay the data to other information and use it for various malicious purposes.
Spyware and advertising-supported software fall in the category of malicious adware.
Both spyware and adware can have non-damaging uses. For example, websites might use spyware to track page activity or adware to advertise certain products. For this reason, establishing the boundary between harmful and harmless is particularly difficult.
Ransomware
Ransomware is a type of malicious software that encrypts files and holds them hostage in return for a ransom. Attacks are often preceded by the use of a Trojan to create a vulnerable entry point for the payload. MegaCortex ransomware is a well-known example of this tactic, pairing up with infamous Trojans such as Emotet and Qakbot to gain unauthorized access into corporate networks.
What sets ransomware apart from other malicious code examples is its profitable nature. Ransomware gangs use this type of malware as a moneymaking scheme. Ransomware-as-a-service (RaaS) organize just like any other businesses. They have research, production and marketing departments, even an HR service.
By RaaS, experienced hackers provide the necessary infrastructure to other attackers that don’t have the technical skill to create their own. Fortunately, advanced threat hunting solutions such as our Heimdal™ DNS Security Endpoint are capable to prevent, detect, and block ransomware attacks in the blink of an eye.
Heimdal™ DNS Security Endpoint is a DNS, HTTP, and HTTPS filtering solution with modules for your online network perimeter and endpoints alike. Machine-learning neural AI keeps track of malicious domains and thwarts the spread of ransomware, as well as other advanced cyber-threats.
Logic Bombs
A logic bomb is a malicious code that attackers intentionally insert into software and program it to set off in certain conditions. Viruses and worms often contain logic bombs within their makeup that allow them to execute payloads and predetermined moments.
One recent instance of a famous logic bomb incident occurred between 2014 and 2016. David Tinley, a contractor for the Siemens Corporation, laced the software he designed for the company with a logic bomb. Eventually, the malicious code made the system to malfunction after a certain amount of time. The organization had to pay David Tinley to repair the damages.
Tinley pleaded guilty to the charges in July 2019.
Best prevention measures against malicious code
Keep software up to date
Regularly update your operating system, browsers, and all applications. Unpatched flaws are one of the main causes of security breaches. Use an automated patch management solution to close known vulnerabilities across your system in a few clicks.
Use Next Gen Antivirus
Install Next Gen antivirus software and keep it updated to detect and remove malicious software.
Enable a firewall
Use a firewall to block unauthorized access to your computer or network.
DNS filtering and safe browsing
Educate employees to avoid visiting suspicious websites or clicking on links from unknown sources. Use a DNS filtering tool or browser extensions that identify and block malicious sites.
Beware of phishing emails
Don’t open email attachments or click on links from unknown or untrusted sources. You might end up downloading malicious code on your device. Always check unexpected attachments, even from known senders. Use this article on how to identify phishing emails to educate employees.
Limit user privileges
Give users the exact privileges they need to do their tasks. Enforcing the principle of least privilege will reduce the risk of malware spreading in case of infection.
Enforce network security measures
Implement additional network security measures like intrusion detection systems (IDS) and secure Wi-Fi networks. Use network segmentation to protect sensitive data.
Wrapping Up…
While viruses, worms, and Trojans might be the most commonly discussed examples of malicious code, ransomware became the most feared one. Knowing in depth how each one of these malicious code examples works is the first step of a solid prevention strategy.
A natural continuation of this approach is represented by investing in state-of-the-art cybersecurity tools. Don’t hesitate to reach out to us at sales.inquiries@heimdalsecurity.com and find out which of our top-tier cybersecurity solutions suit your needs best.
Malicious code FAQs
How can you avoid downloading malicious code?
To prevent downloading malicious code beware of phishing emails, use DNS filtering and only download approved software, from a legit, official source. Also, block pop-up ads and push notifications to prevent them to stealthily download malware on your endpoints.
How can I tell if a computer is infected with malicious code?
The signs of a malicious code infection include:
- slow performing devices
- unexpected pop-ups
- frequent system crashes
- unknown programs running at startup
- finding files were modified or deleted without your input
Use a NextGen Antivirus solution to detect a potential infection.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.