What is "malicious code" —————— "Badboy"

Malicious code is a program that, by embedding the code into another program without being detected, is designed to destroy infected computer data, run intrusive or destructive programs, and disrupt the security and integrity of infected computer data. By way of propagation, malicious code can be divided into four categories: viruses, trojans, worms, and mobile code.

First, virus

Viruses generally have self-replicating capabilities, and they can also distribute their copies to other files, programs, or computers. Viruses are generally embedded in the host's program, and when the infected files perform operations, the virus will reproduce itself (e.g. open a file, run a program, click on the attachment of the message, etc.). Because the designer's purpose is different, the virus also has different functions, some viruses are only used for mischief, while others are for the purpose of destruction, there are some viruses on the surface of the hoax virus, but actually the hidden destruction function. Viruses can be classified into the following categories: Infected file virus, infected boot area virus, macro virus and prank email.

1. Infected file virus: Infected file virus will load itself into the executable file, such as: WORD, spreadsheets, computer games. When a virus infects a program, it replicates itself to infect other programs in the system, or another system that uses infected files through sharing. In addition, the virus resides in the system memory, so that once a new program runs, it is infected by the virus. Another way to infect a virus is by modifying the sequence of files executed by the program rather than modifying the file itself that the program runs. In this case, the infected program will run the virus at the time of execution before running its own files. At present, Jerusalem and Cascade are relatively famous in this kind of virus.

2. Infected boot zone virus: The infected boot zone virus can infect the main boot area of a hard disk or removable storage device (such as a floppy disk). The boot area is the first space in the memory that is used to place information such as the structure definition of the data in the memory. In addition, the boot area contains a bootstrapper that runs at host startup to boot the operating system. The main boot area is a separate space on the hard disk, and the bootloader can be located and loaded only with the basic input/output system. When the contents of a virus disk are read at system startup, the virus code is executed, and a removable storage device, such as a floppy disk, can infect the system even if it is not a boot disk. Infected boot area virus has excellent hiding ability, and can cause great damage to the computer, even can reach the point of unrecoverable. If the computer is infected with this virus, the following symptoms typically occur: The computer displays an error message when it starts, or it cannot be started. Michelangelo and stoned are typical examples of this virus.

3. Macro virus: Macro virus is currently more popular is also more dangerous a virus. The macro virus loads itself into files such as word and spreadsheets. The virus, as its name says, is run and propagated by applications written in the macro language. Currently, many popular software, such as Microsoft Office, automatically uses the macro language to compile and repeatedly execute jobs. The macro virus will use this to spread malicious code. Since users often share files with macro programs, macro viruses spread very quickly. When a macro virus infects a file, it also uses the file to create and open temporary file infections for the operation. As a result, the temporary files created by the macro virus infected files are also infected files. Marker and Melissa are typical examples of this virus.

4. Prank email: This virus, like its name mentions, is a fake virus warning. Its content is generally intimidating users, indicating that the user's computer will cause great damage, or deceive users of the computer is about to be infected with the virus, warning them to take immediate action. Although the virus publishes information that is illegal, it spreads widely like a real virus. Usually this virus is spread through some innocent users who want to send this message to remind others to guard against the attack of the virus. In general, prank messages do not pose any harm, but some prank messages will instruct the user to modify the system settings or delete certain files, which will affect the security of the system. Reading prank messages can be a waste of user time, and some prank messages are sent to technical support departments, warning them that new viruses will threaten network security or seek help. The virus spreads more widely in good times and Bud Frogs.

　Second, Trojan horse

This type of virus is named after the ancient Greek myth of the wooden Malay, which is seemingly nothing, but actually implies malicious intent. Some Trojans will exist in the system by overwriting files that already exist in the system, while it can carry malicious code, and some Trojans will appear as a software (e.g. a downloadable game), but it is actually a tool for stealing passwords. This virus is usually not easy to detect, because it is generally run as a normal application in the system. A Trojan horse can be divided into the following three modes:

* Usually lurking in normal program applications, with independent malicious actions attached

* Usually lurk in normal program applications, but will modify the normal application for malicious action

* Full coverage of normal program applications to perform malicious actions

Most Trojan horses can make the Trojan controller log on to the infected computer, and have the majority of administrator-level control rights. In order to achieve this goal, the Trojan usually includes a client and a server client placed in the Trojan controller's computer, the server is placed in the hacked computer, Trojan controller through the client and the compromised computer server to establish a remote connection. Once the connection is established, the Trojan controller can transmit and modify the files by sending instructions to the hacked computer. The other common Trojan horse is to launch a DDoS (denial of service) attack.

There are also some Trojans do not have the function of remote login. Some of them exist just to hide traces of malicious processes, such as making malicious processes out of the list of processes. Other Trojans are used to collect information, such as the password of an infected computer; a trojan can also send a list of passwords collected to a designated mail account on the Internet.

　Third, worms

is a completely independent program that can replicate itself, and its propagation does not require the use of other programs in the infected host. The worm's self-replicating is not like other viruses, it can automatically create copies of exactly the same functionality as it does, and automatically run without anyone interfering. A worm is an intrusion through a system of vulnerabilities and settings that are not secure (for example, by setting up sharing). Its own characteristics enable it to transmit fast (from one end of the earth to the other within seconds). One of the more typical is Blaster and SQL Slammer.

　　Four, mobile code

The mobile code is the code that can be transferred from the host to the client computer and executed, usually as a virus, a worm, or a part of a Trojan horse that is transmitted to the client computer. In addition, mobile code can exploit the vulnerabilities of the system, such as illegal data access and stealing the root account. The tools commonly used to write mobile code include Java Applets,activex,javascript, and VBScript.