How does malicious software work?

[andrewcraigmcardle]

I have always wondered how malicious software (viruses, worms etc) work. I am not asking about the programme itself, rather how it embedds itself in other files. For example how can executable code run from a video file, surely the operating system would never run the video as an executable file, so the code would never get a chance to execute. I often hear people say things like "I got a virus from www.website.com" or "a song i downloaded gave me a virus". My admittedly small knowledge of how code executes on a computer makes this seem impossible. How could a website put executable code on your computer, and then execute it? How could executable code in a music file be executed? Can anyone enlighten me on the mechanisms behind this?

[FIRE STORMER]

Trojan horses : Turn into presents and when pressed turns into a virus

THis is the the only virus I know or had

[payne747]

There are many methods that viruses use to be able to execute code on a victims computer. The most common by far is the buffer overflow vulnerability.

Buffer overflows occur when the Operating System (or some other application) expects data of a certain size, and allocates memory for that data. If the data entered is too large for the buffer - then the extra information should be chopped off and deleted, and the user notified.

However some applications fail to check the size of data entered, and end up extending the buffer size dynamically. This causes a security concern because the extra memory used does not have the same permissions as the rest of the program, and in most cases, has complete executable rights on the OS.

Worms and Viruses use these known exploits to execute in this unprotected part of the computers memory. Therefore, if you vist a website which contains a java applet (an applet that will need to be downloaded to your machine and executed), and it contains a buffer overflow problem with a certain data type the Operating System is unable to handle correctly, the virus could find itself running will full user priviledges. It only needs to execute once to get installed into the local drive, added to the registry and contact the Internet to download more malware.

[waitinforage21]

It can happen in many ways. With video files and websites they tend to use an exploit or a flaw in a piece of code that allows them to get a wanted thing done on a computer. So, lets say you view a webpage and it causes you to buffer overrun, this would allow a potential person to exploit this flaw and run a program as admin on your computer.