passing. This section contains a brief description of those objects to introduce them from an application security standpoint. They are covered in greater detail in Chapter 8, “Mali- cious Code and Application Attacks.” Viruses Viruses are the oldest form of malicious code objects that plague cyberspace. Once they are in a system, they attach themselves to legitimate operating system and user files and applications and normally perform some sort of undesirable action, ranging from the somewhat innocuous display of an annoying message on the screen to the more malicious destruction of the entire local file system. Before the advent of networked computing, viruses spread from system to system through infected media. For example, suppose a user’s hard drive is infected with a virus. That user might then format a floppy disk and inadvertently transfer the virus to it along with some data files. When the user inserts the disk into another system and reads the data, that system would also become infected with the virus. The virus might then get spread to several other users, who go on to share it with even more users in an exponential fashion. Macro viruses are among the most insidious viruses out there. They’re extremely easy to write and take advantage of some of the advanced features of modern productivity applications to significantly broaden their reach. In this day and age, more and more computers are connected to some type of network and have at least an indirect connection to the Internet. This greatly increases the number of mechanisms that can transport viruses from system to system and expands the potential magnitude of these infections to epidemic proportions. After all, an e-mail macro virus that can automatically prop- agate itself to every contact in your address book can inflict far more widespread damage than a boot sector virus that requires the sharing of physical storage media to transmit infection. The var- ious types of viruses and their propagation techniques are discussed in Chapter 8. Trojan Horses During the Trojan War, the Greek military used a false horse filled with soldiers to gain access to the fortified city of Troy. The Trojans fell prey to this deception because they believed the horse to be a generous gift and were unaware of its insidious payload. Modern computer users face a similar threat from today’s electronic version of the Trojan horse. A Trojan horse is a malicious code object that appears to be a benevolent program—such as a game or simple util- ity. When a user executes the application, it performs the “cover” functions, as advertised; how- ever, electronic Trojan horses also carry an unknown payload. While the computer user is using the new program, the Trojan horse performs some sort of malicious action—such as opening a security hole in the system for hackers to exploit, tampering with data, or installing keystroke monitoring software. Logic Bombs Logic bombs are malicious code objects that lie dormant until events occur that satisfy one or more logical conditions. At that time, they spring into action, delivering their malicious payload to unsus- pecting computer users. They are often planted by disgruntled employees or other individuals who want to harm an organization but for one reason or another might want to delay the malicious activ- ity for a period of time. Many simple logic bombs operate based solely upon the system date or time. For example, an employee who was terminated might set a logic bomb to destroy critical business data on the first anniversary of their termination. Other logic bombs operate using more complex criteria. For example, a programmer who fears termination might plant a logic bomb that alters pay- roll information after the programmer’s account is locked out of the system. Worms Worms are an interesting type of malicious code that greatly resemble viruses, with one major distinction. Like viruses, worms spread from system to system bearing some type of malicious payload. However, whereas viruses must be shared to propagate, worms are self-replicating. They remain resident in memory and exploit one or more networking vulnerabilities to spread from system to system under their own power. Obviously, this allows for much greater propa- gation and can result in a denial of service attack against entire networks. Indeed, the famous Internet Worm launched by Robert Morris in November 1988 technical details of this worm are presented in Chapter 8 actually crippled the entire Internet for several days. Distributed Environment The previous section discussed how the advent of networked computing facilitated the rapid spread of malicious code objects between computing systems. This section examines how distributed com- puting an offshoot of networked computing introduces a variety of new malicious code threats that information system security practitioners must understand and protect their systems against. Essentially, distributed computing allows a single user to harness the computing power of one or more remote systems to achieve a single goal. A very common example of this is the cli- entserver interaction that takes place when a computer user browses the World Wide Web. The client uses a web browser, such as Microsoft Internet Explorer or Netscape Navigator, to request information from a remote server. The remote server’s web hosting software then receives and processes the request. In many cases, the web server fulfills the request by retrieving an HTML file from the local file system and transmitting it to the remote client. In the case of dynamically generated web pages, that request might involve generating custom content tai- lored to the needs of the individual user real-time account information is a good example of this. In effect, the web user is causing remote servers to perform actions on their behalf. Agents Agents also known as bots are intelligent code objects that perform actions on behalf of a user. Agents typically take initial instructions from the user and then carry on their activity in an unattended manner for a predetermined period of time, until certain conditions are met, or for an indefinite period.