Cybercriminals often exploit any vulnerabilities that exist within the operating system (OS) or the application software that’s running on the victim’s computer – so a net worm or Trojan virus can penetrate the victim’s machine and launch itself.
A vulnerability is effectively an error in the code or the logic of operation within the OS or the application software. Because today’s OSs and applications are very complex and include a lot of functionality, it’s difficult for a vendor’s development team to create software that contains no errors.
Unfortunately, there’s no shortage of virus creators and cybercriminals that are ready to devote considerable effort to investigating how they can benefit from exploiting any vulnerability – before it’s fixed by the vendor issuing a software patch.
Typical vulnerabilities include:
Recently, the distribution of malicious code via web pages has become one of the most popular malware implementation techniques. An infected file and a script program – that exploit the browser’s vulnerability – are placed on a web page. When a user visits the page, the script program downloads the infected file onto the user’s computer – via the browser’s vulnerability – and then launches the file. In order to infect as many machines as possible, the malware creator will use a range of methods to attract victims to the web page:
Cybercriminals will also use small Trojans that are designed to download and launch larger Trojan viruses. The small Trojan virus will enter the user’s computer – for instance, via a vulnerability – and it will then download and install other malicious components from the Internet. Many of the Trojans will change the browser’s settings – to the browser’s least secure option – in order to make it easier for other Trojans to be downloaded.
Unfortunately, the period between the appearance of a new vulnerability and the start of its exploitation by worms and Trojan viruses, tends to become shorter and shorter. This creates challenges for both software vendors and antivirus companies: