How to Handle Malicious Code
Approach and Costs
I think that if it is possible to isolate the virus by disconnected the infected computer from the network, should be the first step a cybersecurity professional should take. Once the virus is isolated, it can still cause some damages to systems, but cannot be controlled remotely or replicate itself on other computers. Next the cybersecurity professional should identify the location and composition of the virus, either by the signatures that shows its fingerprints or through the dysfunction of applications or hardware functionally caused by the virus. Virus scanners should then be applied to determine the type of virus that is the threat agent, which will give cybersecurity staff ideas about how to mitigate the threat. Determining cost becomes more complex depending on the damage that has been done by the virus. Cybersecurity professionals can evaluate how much it would cost to fix or replace damaged hardware and software. This approach can be used by any cybersecurity professional at any location in the world.
Autorun
Autorun allows operating systems to automatically execute code based on name or placement. MS-DOS for windows computers were one of the first major vulnerabilities that malicious code with autorun had the ability to compromise. When you launch your Windows PC it automatically executes a MS-DOS file, that many early hackers tried to gain unauthorized access to by disrupting the MS-DOS file from operating normally. These hackers would replace MS-DOS execution with one of their malicious codes as the system boots up. Compromising autorun is dangerous since hackers can take ordinary computer system launching and turn it into a way for them to gain control of the BIOS, operating system, applications and stored data on the device. Social engineering remains a factor in some cases since hackers will spread USB flash drives with malicious code on them and leave them in places where an employee or student may pick it up and use it, causing their devices to be infected. One of the biggest dangers is when autorun is compromised during a cyberattack by a state-actor. For example, North Korea has developed a form of malware called “MBR_Killer” that has the ability to replicate itself after the autorun process, and can operate within a particular timeframe even if the cybersecurity expert removes the point of entry from the internet. Viruses like MBR_Killer are hard to identify and mitigate, and can be very dangerous if it infects network control systems, critical infrastructure and stored data.
Polymorphism
Polymorphic viruses change their appearance, making it more difficult to be identified by virus scanners. Since these viruses are constantly changing, overtime virus scanners become less likely to identify the threat agent. Malicious code writers also benefit by having the ability to encrypt the viruses at the point of entry and any area it tries to replicate itself, making these viruses difficult to mitigate. Polymorphic viruses are often undetected by virus scanning programs, which gives hackers more time to use cybercrime, espionage and other unauthorized actions.