Malicious Code

This chapter we will be going over the different types of malicious code and what affect they could have on a system



Takes over a user’s computer and demands a ransom,

Can take many forms

Encrypts files

Police involvement

Remedy for this

Effective backup system


Masks itself as a legitimate program inciting the user to download before unleashing the payload which typically will be a RAT Remote Access Trojans

Remedy for this

Anti-virus/ malware detector

Security smart don’t download from untrusted sources


 worms require no user interaction to spread, worms can spread through email attachments, network shares, and other methods. They Also Can self-install making them very dangerous


Rootkits are malware that are designed to exploit backdoors they also include the capability to conceal themselves from detection which make them quite dangerous

Remedy for this

Integrity checking and data validation against expected responses then the most recommended solution is to restore from a backup or a fresh install 


Backdoors are methods or tools that bypass normal authentication procedures allowing attackers access to the system

Backdoors can be both hardware and software based

Remedy for this

Check the ports that are open for example web based back doors


Bots are remotely controlled systems that are infected with malware , a group of these devices are called a botnet, they can be used to cause denial of service for websites and much more

Bot net command and control is most commonly used where the command and control machine operates in client-server mode which provides commands for the other machines

Many botnets use fast flux dns which uses many ip addresses that answer queries for one or more fully qualified DNS names. The rapid changes in the dns server and zone make it difficult to track 

Remedy for this

The uses of IPS and IDS to detect the traffic flow then reverse engineering can be used to identify the flow of the bot

Key Loggers

Keyloggers are programs that capture keystrokes from keyboards

The aim of keyloggers is to capture user input from the kernel, APIs, and scripts

Remedy for this

The use of MFA (multi factual authentication)

Logic Bombs

Logic Bombs do not require malicious programs to work, they rely on functions or code which are placed inside other programs and activate when certain conditions are met.


In short viruses are malware that self-copy and self-replicate

They require one or more infection mechanisms to spread

Viruses normally have two stages

The trigger (sets the conditions of the virus to activate)

The payload which is when the virus performs its actions

Viruses come in many forms

Memory resident viruses, remains in memory as the device is running

Non Memory resident viruses, execute, spread then shutdown

Boot sector viruses, resides in the boot sector of a drive

Macro Viruses, uses macros or code inside word processing tools to spread

Email viruses, spread through email

Fileless viruses

Fileless Viruses work in the same way normal viruses work but there is a key difference,

They inject themselves into the memory of the device and conduct further malicious activity, they also ensure they can reinfect the machine, at no point do they touch the filesystem which makes them hard to track

Ensuring you are not vulnerable is the best way to defended against this, ensure plugins are up to date etc, the use of IPS help as well, also PowerShell can be used to help stop the viruses


Spyware is malware that is designed to gather information about an individual , this is usually used to track a user’s browsing habits but can be used to track sensitive data

Best way to combat this is to use a decent anti-virus


Potentially unwanted Programs and programs that are not dangerous malware but can cause annoyance and take resources away from the device, they are usually downloaded without the user being aware

Most antiviruses can remove these

Malicious Code

Malicious code can come in many forms such as Scripts and custom built code.

This will use the built in tools in

Windows which are : PowerShell and visual basic

Linux which are: Bash and Python

This can also use Microsoft’s office suite macros for malicious intent

To prevent this

Log monitoring / windows command line monitoring

The use of constrained language mode for PowerShell to ensure sensitive commands are not being used