You might hear people use the term virus to describe all types of malware, but that isn’t accurate. If you’re planning to take the SY0-501 version of the Security+ exam, you should have a good understanding of the different malware types. A virus is a specific type of malware, and malware includes many other types of malicious software, including worms, logic bombs, Trojans, ransomware, rootkits, spyware, and more.
For example, can you answer this question?
Q. Lisa recently developed an application for the Human Resources department. Personnel use this application to store and manage employee data, including PII. She programmed in the ability to access this application with a username and password that only she knows, so that she can perform remote maintenance on the application if necessary. Which of the following does this describe?
A. Virus
B. Worm
C. Backdoor
D. Trojan
More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation are available at the end of this post.
Viruses
A virus is malicious code that attaches itself to a host application. The host application must be executed to run, and the malicious code executes when the host application is executed. The virus tries to replicate by finding other host applications to infect with the malicious code. At some point, the virus activates and delivers its payload.
Typically, the payload of a virus is damaging. It may delete files, cause random reboots, join the computer to a botnet, or enable backdoors that attackers can use to access systems remotely. Some older viruses merely displayed a message at some point, such as “Legalize Marijuana!” Most viruses won’t cause damage immediately. Instead, they give the virus time to replicate first. A user will often execute the virus (though unknowingly), but other times, an operating system will automatically execute it after user interaction. For example, when a user plugs in an infected USB drive, the system might automatically execute the virus, infecting the system.
Worms
A worm is self-replicating malware that travels throughout a network without the assistance of a host application or user interaction. A worm resides in memory and can use different transport protocols to travel over the network.
One of the significant problems caused by worms is that they consume network bandwidth. Worms can replicate themselves hundreds of times and spread to all the systems in the network. Each infected system tries to locate and infect other systems on the network, and network performance can slow to a crawl.
The 601 Version of the Study Guide
The CompTIA Security+: Get Certified Get Ahead: SY0-601 Study GuideEach of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.
You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.
Over 300 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:
- A 75 question pre-test
- A 75 question post-test
- Practice test questions at the end of every chapter.
Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.
If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-601 study guide is for any IT or security professional interested in advancing in their field, and a must-read for anyone striving to master the basics of IT security.
Logic Bombs
A logic bomb is a string of code embedded into an application or script that will execute in response to an event. The event might be a specific date or time, or a user action such as when a user launches a specific program.
There’s an often-repeated story about a company that decided it had to lay off an engineer due to an economic downturn. His bosses didn’t see him doing much, so they thought they could do without him. Within a couple of weeks after he left, they started having all sorts of computer problems they just couldn’t resolve.
They called him back, and within a couple of weeks, everything was fine. A few months later, they determined they had to lay him off again. You guessed it. Within a couple of weeks, things went haywire again.
The engineer had programmed a logic bomb that executed when the payroll program ran. It checked for his name on the payroll, and when it was there, things were fine, but when his name wasn’t there, ka-boom—the logic bomb exploded.
Backdoors
A backdoor provides another way of accessing a system, similar to how a backdoor in a house provides another method of entry. Malware often installs backdoors on systems to bypass normal authentication methods.
While application developers often code backdoors into applications, this practice is not recommended. For example, an application developer might create a backdoor within an application intended for maintenance purposes. However, if attackers discover the backdoor, they can use it to access the application.
Effective account management policies help prevent ex-employees from creating backdoors after they are fired. For example, if an employee loses network access immediately after being fired, the employee cannot create a backdoor account. In contrast, if an administrator retains network access, he might create another administrative account. IT personnel might disable his account after they learn he has been fired, but he can still use this new backdoor account. That’s exactly what a Fannie Mae Unix engineer did after being told he was fired.
Fannie Mae’s account management policy did not revoke his elevated system privileges right away, giving him time to create a backdoor account. After going home, he accessed the system remotely and installed a logic bomb script scheduled to run at 9:00 a.m. on January 31. If another administrator hadn’t discovered the logic bomb, it would have deleted data and backups for about four thousand servers, changed their passwords, and shut them down.
Q. Lisa recently developed an application for the Human Resources department. Personnel use this application to store and manage employee data, including PII. She programmed in the ability to access this application with a username and password that only she knows, so that she can perform remote maintenance on the application if necessary. Which of the following does this describe?
A. Virus
B. Worm
C. Backdoor
D. Trojan
Answer is C. A backdoor provides someone an alternative way of accessing a system or application, which is exactly what Lisa created in this scenario. It might seem as though she’s doing so with good intentions, but if attackers discover a backdoor, they can exploit it.
A virus is malicious code that attaches itself to an application and executes when the application runs, not code that is purposely written into the application.
A worm is self-replicating malware that travels throughout a network without the assistance of a host application or user interaction.
A Trojan is software that looks like it has a beneficial purpose but includes a malicious component.
See Chapter 3 of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide for more information on malware types.
