Malicious code refers to viruses, Trojan horses, worms, logic bombs, and any other software created for the purpose of attacking a platform.
• Virus. A code segment that replicates by attaching copies of itself to existing executables. The new copy of the virus is executed when a user executes the new host program. The virus may include an additional "payload" that triggers when specific conditions are met.
• Trojan Horse. A program that performs a desired task, but that also includes unexpected and undesirable functions. For example, consider an editing program for a multiuser system. This program could be modified to randomly and unexpectedly delete a user’s files each time they perform a useful function (e.g., editing).
• Worm. A self-replicating program that is self-contained and does not require a host program or user intervention. Worms commonly use network services to propagate to other host systems.
• Logic Bomb. This type of malicious code is a set of instructions secretly and intentionally inserted into a program or software system to carry out a malicious function at a predisposed time and date or when a specific condition is met.
• Ransomware. Is a type of malicious code that blocks or limits access to a system by locking the entire screen or by locking down or encrypting specific files until a ransom is paid. There are two different types of ransomware attacks—encryptors and lockers. Encryptors block (encrypt) system files and demand a payment to unblock (or decrypt) those files. Encryptors, or crypto-ransomware, are the most common and most worrisome (e.g., WannaCry). Lockers are designed to lock users out of operating systems. The user still has access to the device and other files, but in order to unlock the infected computer, the user is asked to pay a ransom. To make matters worse, even if the user pays the ransom, there is no guarantee that the attacker will actually provide the decryption key or unlock the infected system.