passing. This section contains a brief description of those objects to introduce them from an application security standpoint. They are covered in greater detail in Chapter 8, “Mali- cious Code and Application Attacks.” Viruses Viruses are the oldest form of malicious code objects that plague cyberspace. Once they are in a system, they attach themselves to legitimate operating system and user files and applications and normally perform some sort of undesirable action, ranging from the somewhat innocuous display of an annoying message on the screen to the more malicious destruction of the entire local file system. Before the advent of networked computing, viruses spread from system to system through infected media. For example, suppose a user’s hard drive is infected with a virus. That user might then format a floppy disk and inadvertently transfer the virus to it along with some data files. When the user inserts the disk into another system and reads the data, that system would also become infected with the virus. The virus might then get spread to several other users, who go on to share it with even more users in an exponential fashion. Macro viruses are among the most insidious viruses out there. They’re extremely easy to write and take advantage of some of the advanced features of modern productivity applications to significantly broaden their reach. In this day and age, more and more computers are connected to some type of network and have at least an indirect connection to the Internet. This greatly increases the number of mechanisms that can transport viruses from system to system and expands the potential magnitude of these infections to epidemic proportions. After all, an e-mail macro virus that can automatically prop- agate itself to every contact in your address book can inflict far more widespread damage than a boot sector virus that requires the sharing of physical storage media to transmit infection. The var- ious types of viruses and their propagation techniques are discussed in Chapter 8. Trojan Horses During the Trojan War, the Greek military used a false horse filled with soldiers to gain access to the fortified city of Troy. The Trojans fell prey to this deception because they believed the horse to be a generous gift and were unaware of its insidious payload. Modern computer users face a similar threat from today’s electronic version of the Trojan horse. A Trojan horse is a malicious code object that appears to be a benevolent program—such as a game or simple util- ity. When a user executes the application, it performs the “cover” functions, as advertised; how- ever, electronic Trojan horses also carry an unknown payload. While the computer user is using the new program, the Trojan horse performs some sort of malicious action—such as opening a security hole in the system for hackers to exploit, tampering with data, or installing keystroke monitoring software.