According to NIST, malware, also known as malicious code, refers to a program that is covertly inserted into another program with the intent to destroy data, run destructive or intrusive programs, or otherwise compromise the confidentiality, integrity, or availability of the victim’s data, applications, or operating system. Which of the following statements about malware is correct? (Wentz QOTD)
A. A virus is not self-replicating; it can be loaded and executed by an operating system only.
B. A worm can either actively exploit network service vulnerabilities or passively use mass mailing to propagate itself.
C. Malicious mobile code, as the mobile app, traverses across mobile devices without the user’s explicit instruction.
D. A Trojan horse is a self-replicating and self-contained program that appears to be benign but actually has a hidden malicious purpose.

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. A worm can either actively exploit network service vulnerabilities or passively use mass mailing to propagate itself.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

A worm can either actively exploit network service vulnerabilities or passively use mass mailing to propagate itself. However, it becomes active only if users execute the malicious code attached to the email.

• A virus is not self-replicating; it can be loaded and executed by an operating system (e.g., compiled virus) or applications (e.g., macro virus).
• “Malicious mobile code is software with malicious intent that is transmitted from a remote host to a local host and then executed on the local host, typically without the user’s explicit instruction. Popular languages for malicious mobile code include Java, ActiveX, JavaScript, and VBScript.” (NIST SP 800-83 R1)
  Malicious mobile code does not refer to mobile apps and traverses across mobile devices without the user’s explicit instruction.
• A Trojan horse is not self-replicating. It is a self-contained program that appears to be benign but actually has a hidden malicious purpose.

Reference

• NIST SP 800-83 R1

---

根據 NIST，惡意軟件(malware)，也稱為惡意代碼(malicious code)，是指暗中插入另一個程序的程序，目的是破壞數據、運行破壞性或侵入性程序，或以其他方式危害受害者數據的機密性、完整性或可用性 、應用程序或操作系統。 下列關於惡意軟件的說法正確的是？ (Wentz QOTD)
A. 病毒(virus)不能自我複製； 它只能由操作系統(OS)加載和執行。
B. 蠕蟲(worm)既可以主動利用網絡服務漏洞，也可以被動使用群發郵件進行自我傳播。
C. 惡意移動代碼(mobile code)作為移動應用程式(app)，在沒有用戶明確指示的情況下在移動設備間穿越。
D. 特洛伊木馬(trojan horse)是一種自我複製(self-replicating)、自包含的(self-contained)程序，看似良性但實際上隱藏著惡意目的。