What is malicious code?
Malicious code is created to intentionally harm computers, systems or other devices. Malicious code often takes the form of a legitimate action, often hidden in application code of a program that performs a legitimate task. This makes malicious code more difficult to eliminate than typical viruses because common antivirus applications are unable to pick up the malicious code until it has been identified and stored in the antivirus database. There are many different types of malicious codes, but the three most common types are viruses, worms and trojan horses.
How malicious code can affect companies
Malicious code can affect companies in several different ways. Viruses can destroy hard drives, wipe out data or cause other compromises. Worms can infect entire companies, causing widespread damage that can involve data and identity theft. Trojan horses can enable an attacker to completely take over company networks. The results of these attacks can be devastating.
According to the latest study by the Ponemon Institute, “Global companies also are worried about malicious code and sustained probes, which have increased more than other threats. Companies estimate that they will be dealing with an average of 17 malicious codes each month and 12 sustained probes each month. Unauthorized access incidents have mainly stayed the same and companies estimate they will be dealing with an average of 10 such incidents each month.”
The typical result of a malicious code attack is a data breach. According to the Ponemon Institute study, in 2013 the average cost companies had to pay as a result of a data breach was $3.5 million, and attacks had increased by 15 percent over the previous year.
How to eliminate the threat from malicious code
Static Code Analysis (SCA) is arguably the most effective method to prevent malicious code from successfully causing damage to company computers. Today’s leading scanners can quickly detect malicious code such as Anti-Debugging techniques, Deliberate Information and Data Leakage, Time Bombs, Rootkits, Hardcoded Cryptographic Constants and Credentials, backdoor threats and more. The majority of these threats can evade typical antivirus software and conventional vulnerability tests. Scanning and testing should be performed as early as possible, because once a data breach is successful, the damage is already done.
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.