What is Malicious Code?
Malicious code refers to unwanted files or programs that can cause harm to a computer or compromise data that is stored on a computer1. Malicious code are auto-executable applications that take many forms such as Java applets, ActiveX controls, pushed content, plug-ins, scripting languages, and other languages that are designed to enhance web pages and email. The malicious code gives cyberattackers unauthorized remote access to systems, referred to as an application back door, where cyberattackers can access sensitive information, wipe out data, install spyware, and more.
Classifications of malicious code include:
Viruses. Viruses can damage or destroy files on a computer system and are spread by sharing an already infected removable media, opening malicious attachments, and visiting malicious webpages.
Trojan Horses. Trojans are computer programs that hide a virus or potentially damaging program. Free software often contains Trojans, making a user think that they are using legitimate software but, instead, the program performs malicious actions on the computer.
Worms. Worms are a type of virus that self-propagates from computer-to-computer. It uses all of the computer’s resources, which can cause the computer to stop responding.
Malicious data files. Malicious data files are non-executable files, such as Microsoft Word documents, Adobe PDFs, ZIP files, or image files, that exploit weaknesses in the associated software program that is used to open it. Cyberattackers often use malicious data files to install malware on the system of a victim where it then distributes files via email, websites, and social media.
Strategies to protect against malicious code include:
- Installing and maintain antivirus software
- Using caution with links and attachments
- Blocking pop-up advertisements
- Using accounts with limited permissions
- Disabling external media AutoRun and AutoPlay features
- Changing passwords
- Keeping software updated
- Backing up data
- Installing/enabling firewall
- Using anti-spyware tools
- Monitoring accounts
- Avoiding using public Wi-Fi
If you believe that your device has become infected, run antivirus software that has the ability to identify malicious code and quarantine it. The following additional steps are recommended:
Enlist IT assistance. If you have IT professionals in-house or through an MSP, contact them immediately. The sooner that they can address the incident, the more likely it is that further damage can be prevented.
Malicious code removal. Update antivirus software and perform a manual scan of the entire system. If the antivirus software cannot locate or remove the infection, it may be necessary to reinstall the OS, usually with a system restore disk. After reinstalling the OS and additional software that was deleted during the reinstall process, then install all of the appropriate patches to fix known vulnerabilities.
1 CISA, 2019, “Security Tip (ST18-004): Protecting Against Malicious Code”