10.3  Technical Malware Attack Methods: From Viruses to Denial of Service                       305

           Figure 10.4  How a computer
           virus can spread
































             Worms                                            code. Users are tricked into executing an infected file, where it
                                                              attacks the host, anywhere from inserting pop-up windows to
           Unlike a virus, a worm can replicate itself automatically (as a  damaging the host by deleting files, spreading malware, and so
           “standalone”—without any host or human activation). Worms  forth. The name is derived from the Trojan horse in Greek
           use networks to propagate and infect a computer or handheld  mythology. Legend has it that during the Trojan War, the city
           device and can even spread via instant messages or e-mail. In  of Troy was presented with a large wooden horse as a gift to
           addition, unlike viruses that generally are confined within a  the goddess Athena. The Trojans hauled the horse inside the
           target computer, a worm can infect many devices in a network  city gates. During the night, Greek soldiers who were hiding in
           as well as degrade the network’s performance. According to  the hollow horse opened the gates of Troy and let in the Greek
           Cisco, “worms either exploit a vulnerability on the target sys-  army. The army was able to take the city and win the war.
           tem or use some kind of social engineering to trick users into   Trojans spread only by user interaction (e.g., such as
           executing them.” Because worms spread much more rapidly  opening an under the guise of an e-mail allegedly sent by
           than viruses, they may be more dangerous.          Verizon), and there are many variants of Trojans (e.g., Zeus,
                                                              W32).
           Macro Viruses and Microworms
           A  macro virus (macro worm) is a malware code that is  Example 1: Trojan-Phisher-Rebery
           attached to a data file rather than to an executable program  In 2006, a variant of a Trojan horse program named Trojan-
           (e.g., a Word file). According to Microsoft, macro viruses can  Phisher-Rebery was used to steal tens of thousands of identities
           attack Word files as well as any other application that uses a  from people in 125 different countries. The Rebery malicious
           programming language.  When the document is opened or  software is an example of a banking Trojan, which is pro-
           closed, the virus can spread to other documents on the com-  grammed to create damage when users visit certain online
           puter’s system. For information about Word macro viruses, see  banking or e-commerce sites. For an infographic describing the
           Microsoft Support at support.microsoft.com/kb/187243/en.  state of financial Trojans see Symantec (2014).
           Computer programs that are very similar to viruses are worms
           and Trojan horses.                                 Example 2: The DDOS Attacks on WordPress
                                                              In March 2014, hackers used a botnet to attack more than
           Trojan Horse                                       162,000 WordPress sites. Given that WordPress powers about
           A Trojan horse is a program that seems to be harmless or  17% of the world’s blogging websites, any attack can be
           even looks useful but actually contains a hidden malicious  devastating.